Surf Side Kick Problems

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Surf Side Kick Problems

Options

madphizx View Member Profile	Dec 20 2007, 06:25 PM Post #1
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817	I have surf side kick virus and dont know how to take it off and internet explorer keeps popping up and i want it off my computer cause i use firefox heres my log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:20:45 PM, on 12/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\RGVsbA\command.exe C:\WINDOWS\system32\dfcnibbs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\ezSP_Px.exe C:\Program Files\Internet Optimizer\optimize.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Network Monitor\netmon.exe C:\Program Files\NewDotNet\nnrun.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\dpkkleo.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\TEMP\win2E.tmp.exe C:\WINDOWS\system32\regsvr32.exe C:\WINDOWS\mgrs.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\regsvr32.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\LimeWire\LimeWire.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\NewDotNet\nnrun.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.adnet-plus.com/banners.php F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\vavyx.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,gvddixd.exe O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\Downloaded Program Files\webdlg32.dll O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing) O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [D4C80W] C:\WINDOWS\cxyql.exe O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKLM\..\Run: [Yiewtq] C:\Program Files\Yltpjo\Ukeo.exe O4 - HKLM\..\Run: [Á³# L"h'þ9ÓÅ“ð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\cxyql.exe O4 - HKLM\..\Run: [Á²# L"h'þ9ÓÅ“ð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\cxyql.exe O4 - HKLM\..\Run: [webrebates] "C:\Program Files\WebRebates4\webrebates.exe" O4 - HKLM\..\Run: [kcsrihv] C:\WINDOWS\kcsrihv.exe O4 - HKLM\..\Run: [D0D1D5D3D3D2D9D] 9B9CA09E9E9DA.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun O4 - HKLM\..\Run: [ula0U] "C:\WINDOWS\system32\slk8x2peu.exe" O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e127.exe O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad17.exe O4 - HKLM\..\Run: [newname] C:\\nwnm_1.exe O4 - HKLM\..\Run: [{65-54-47-77-ZN}] C:\windows\system32\qodsregn.exe CORN001 O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe O4 - HKLM\..\Run: [mmxp2passion.exe] C:\WINDOWS\system32\mmxp2passion.exe O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64 O4 - HKLM\..\Run: [Tagasuarus7.exerg] C:\WINDOWS\system32\Tagasuarus7.exerg O4 - HKLM\..\Run: [expload.exe] C:\WINDOWS\system32\expload.exe O4 - HKLM\..\Run: [fns-8.exeML 4.] C:\WINDOWS\system32\fns-8.exeML 4. O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe O4 - HKLM\..\Run: [w00a3f75.dll] RUNDLL32.EXE w00a3f75.dll,I2 0008893d000a3f75 O4 - HKLM\..\Run: [fns-8.exe] C:\WINDOWS\system32\fns-8.exe O4 - HKLM\..\Run: [is11] C:\WINDOWS\system32\is11 O4 - HKLM\..\Run: [Á²# {"h'þ9ÓÅ“Ç3rÅ WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\cxyql.exe O4 - HKLM\..\Run: [edkiuc] C:\WINDOWS\system32\edkiuc.exe O4 - HKLM\..\Run: [defender] C:\\dfndrff_127.exe O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe" O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe O4 - HKLM\..\Run: [dpkkleoA] C:\WINDOWS\dpkkleoA.exe O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lwinprdq.exe CORN001 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto O4 - HKLM\..\Run: [new.exe] C:\WINDOWS\system32\new.exe O4 - HKLM\..\Run: [win3207585-522824] C:\WINDOWS\win3207585-522824.exe O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [w004c0bf.dll] RUNDLL32.EXE w004c0bf.dll,I2 0008893d0004c0bf O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu361.exe 61A847B5BBF72811349A284503996897C881250221C8670836AC4FA7C88332017491394662E901F3 D29332022288670A26F362E9AEE45B6C46E45F351EA453BC94DA7C57319D394827B144 O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\xhrdccwy.dll",sitypnow O4 - HKLM\..\Run: [AppID] C:\WINDOWS\system32\fqfuxr.exe reg_run O4 - HKLM\..\Run: [zcdyxmba] rundll32.exe "C:\Program Files\tofezibc\xcfmbujo.dll",Init O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win2E.tmp.exe O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvcub.dll,startup O4 - HKLM\..\Run: [xatczoti] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\xatczoti.dll" O4 - HKLM\..\Run: [smgr] mgrs.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ibyfkzop] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ibyfkzop.dll" O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R O4 - S-1-5-18 Startup: Zeno.lnk = C:\WINDOWS\system32\lwinprag.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Zeno.lnk = C:\WINDOWS\system32\lwinprag.exe (User 'Default user') O4 - .DEFAULT Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: .media-motor.net O15 - Trusted Zone: .mmohsix.com O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab O18 - Filter hijack: text/html - {D55E80B0-433D-442F-A524-060DEA41DEE0} - C:\WINDOWS\system32\icda0wpw5.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGVsbA\command.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\dfcnibbs.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: NNServ - New.net, Inc. - C:\Program Files\NewDotNet\nnrun.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\dpkkleo.exe -- End of file - 10329 bytes This post has been edited by madphizx: Dec 20 2007, 06:31 PM

madphizx View Member Profile	Dec 20 2007, 06:29 PM Post #2
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817	also, my computer wont let me install the spybot program, the install thing pops up and to install it then it goes away, every time i try to install it even in my taskmanager, it justs goes away every 5 seconds, same thing to the registry mechanics program This post has been edited by madphizx: Dec 20 2007, 06:30 PM

madphizx View Member Profile	Dec 22 2007, 12:14 AM Post #3
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817	can anyone help me?

rookie147 View Member Profile	Dec 23 2007, 12:35 PM Post #4
Forum Addict Group: HJT Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052	Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A HijackThis Log Thanks, Charles -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.

madphizx View Member Profile	Dec 29 2007, 05:32 PM Post #5
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817	srry 4 the wait Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:26:39 PM, on 12/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://s2.thezirius.com/?name=706F776572706F7765722E657865 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe F3 - REG:win.ini: load=C:\WINDOWS\system32\jkklj.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,gvddixd.exe O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [D0D1D5D3D3D2D9D] 9B9CA09E9E9DA.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [fns-8.exeML 4.] C:\WINDOWS\system32\fns-8.exeML 4. O4 - HKLM\..\Run: [is11] C:\WINDOWS\system32\is11 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win2E.tmp .exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\xhrdccwy.dll",sitypnow O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e127.exe O4 - HKLM\..\Run: [defender] C:\\dfndrff_127.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab O18 - Filter hijack: text/html - {D55E80B0-433D-442F-A524-060DEA41DEE0} - (no file) O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing) O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 5397 bytes

rookie147 View Member Profile	Dec 30 2007, 09:47 AM Post #6
Forum Addict Group: HJT Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052	Download Combofix to your Desktop. Double click combofix.exe Follow the prompts that are displayed. Don't click on the window while the fix is running, because that will cause your system to hang. When finished, it should produce a log, combofix.txt. Post that in your next reply. I'd also like a new Hijackthis log. Thanks, Charles -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.

madphizx View Member Profile	Dec 31 2007, 08:50 PM Post #7
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817	ComboFix 07-12-31.4 - On The Go 2007-12-31 14:31:48.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.108 [GMT -8:00] Running from: C:\Documents and Settings\On The Go\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\2.exe C:\Documents and Settings\Administrator\Application Data\Starware C:\Documents and Settings\Administrator\Application Data\Starware\BrowserSearch\BrowserSearch.xml C:\Documents and Settings\Administrator\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\Games\GamesOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\Games\GamesOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\Layouts\PreferencesLayout.xml C:\Documents and Settings\Administrator\Application Data\Starware\Layouts\PreferencesLayout.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\Layouts\ToolbarLayout.xml C:\Documents and Settings\Administrator\Application Data\Starware\Layouts\ToolbarLayout.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\Manager\ManagerOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\Manager\ManagerOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\Movies\MoviesOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\Movies\MoviesOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\Reference\ReferenceOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\Reference\ReferenceOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\Screensavers\ScreensaversOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\SearchMatch\SearchMatchOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\Toolbar\TBProductsOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\TravelSearch\TravelSearchOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup C:\Program Files\asks~1 C:\Program Files\Common Files\fnts~1 C:\Program Files\Common Files\icroso~1 C:\Program Files\Common Files\misc001 C:\Program Files\Common Files\pppatc~1 C:\Program Files\Common Files\pppatc~1\?ppPatch\ C:\Program Files\Common Files\sks~1 C:\Program Files\Common Files\smante~1 C:\Program Files\Common Files\stem~1 C:\Program Files\Common Files\windows C:\Program Files\crosof~1.net C:\Program Files\deskbar C:\Program Files\folder.js\ C:\Program Files\Helper C:\Program Files\ini.ini\ C:\Program Files\Insider C:\Program Files\Insider\UnInstall.exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\racle~1 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Temporary C:\Program Files\winupdates C:\Program Files\winupdates\a.zip C:\Program Files\wnsxs~1 C:\temp\tn3 C:\WINDOWS\curity~1 C:\WINDOWS\default.htm C:\WINDOWS\dobe~1 C:\WINDOWS\keyboard131.dat C:\WINDOWS\keyboard171.dat C:\WINDOWS\keyboard31.dat C:\WINDOWS\keyboard71.dat C:\WINDOWS\keyboard91.dat C:\WINDOWS\saiemod.dll C:\WINDOWS\satmat.exe C:\WINDOWS\swin32.dll C:\WINDOWS\sysrlb32.exe C:\WINDOWS\system32\~.exe C:\WINDOWS\system32\awpkbrrb.ini C:\WINDOWS\system32\bbhikghc.dll C:\WINDOWS\system32\brrbkpwa.dll C:\WINDOWS\system32\bszip.dll C:\WINDOWS\system32\cemetrix.dll C:\WINDOWS\system32\chgkihbb.ini C:\WINDOWS\system32\dajbfpnt.exe C:\WINDOWS\system32\dobe~1 C:\WINDOWS\system32\drivers\alert_icon.gif C:\WINDOWS\system32\drivers\close_icon.gif C:\WINDOWS\system32\drivers\detect.htm C:\WINDOWS\system32\drivers\header_bg.gif C:\WINDOWS\system32\drivers\icon_warning.gif C:\WINDOWS\system32\drivers\remove_spyware_button.gif C:\WINDOWS\system32\drivers\s_detect.htm C:\WINDOWS\system32\drivers\secuity_center_logo.gif C:\WINDOWS\system32\gtv_sd.bin C:\WINDOWS\system32\jkklj.dll C:\WINDOWS\system32\jkklj.exe C:\WINDOWS\system32\jlkkj.ini C:\WINDOWS\system32\jlkkj.ini2 C:\WINDOWS\system32\kmukumfs.dll C:\WINDOWS\system32\lclcfg32.ini C:\WINDOWS\system32\lfd32.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mnqru.bak1 C:\WINDOWS\system32\mnqru.bak2 C:\WINDOWS\system32\mnqru.ini C:\WINDOWS\system32\njprckha C:\WINDOWS\system32\njprckha\bg1.gif C:\WINDOWS\system32\njprckha\bgtop.gif C:\WINDOWS\system32\njprckha\bottom1.gif C:\WINDOWS\system32\njprckha\essentials.gif C:\WINDOWS\system32\njprckha\icon1.ico C:\WINDOWS\system32\njprckha\install1.gif C:\WINDOWS\system32\njprckha\left1.gif C:\WINDOWS\system32\njprckha\li.gif C:\WINDOWS\system32\njprckha\logo.gif C:\WINDOWS\system32\njprckha\main.htm C:\WINDOWS\system32\njprckha\mainframe.htm C:\WINDOWS\system32\njprckha\reinstall1.gif C:\WINDOWS\system32\njprckha\right1.gif C:\WINDOWS\system32\njprckha\s1.htm C:\WINDOWS\system32\njprckha\s2.htm C:\WINDOWS\system32\njprckha\s3.htm C:\WINDOWS\system32\njprckha\SMTop1.gif C:\WINDOWS\system32\njprckha\SMTop2.gif C:\WINDOWS\system32\njprckha\SMTop3.gif C:\WINDOWS\system32\njprckha\SMTop4.gif C:\WINDOWS\system32\njprckha\soft1_off.gif C:\WINDOWS\system32\njprckha\soft1_off_ext.gif C:\WINDOWS\system32\njprckha\soft1_on.gif C:\WINDOWS\system32\njprckha\soft1_on_ext.gif C:\WINDOWS\system32\njprckha\soft2_off.gif C:\WINDOWS\system32\njprckha\soft2_off_ext.gif C:\WINDOWS\system32\njprckha\soft2_on.gif C:\WINDOWS\system32\njprckha\soft2_on_ext.gif C:\WINDOWS\system32\njprckha\soft3_off.gif C:\WINDOWS\system32\njprckha\soft3_off_ext.gif C:\WINDOWS\system32\njprckha\soft3_on.gif C:\WINDOWS\system32\njprckha\soft3_on_ext.gif C:\WINDOWS\system32\njprckha\softbottom_off.gif C:\WINDOWS\system32\njprckha\softbottom_on.gif C:\WINDOWS\system32\njprckha\softleft_off.gif C:\WINDOWS\system32\njprckha\softleft_on.gif C:\WINDOWS\system32\njprckha\top1.gif C:\WINDOWS\system32\njprckha\top2.gif C:\WINDOWS\system32\njprckha\turnoff1.gif C:\WINDOWS\system32\njprckha\turnon1.gif C:\WINDOWS\system32\sfmukumk.ini C:\WINDOWS\system32\sl.bin C:\WINDOWS\system32\sstem~1 C:\WINDOWS\system32\stem32~1 C:\WINDOWS\system32\stfv.bin C:\WINDOWS\system32\vhrmeowh.dll C:\WINDOWS\system32\wer8274.dll C:\WINDOWS\system32\wowfx.dll C:\WINDOWS\system32\xhrdccwy.dll C:\WINDOWS\system32\ywccdrhx.ini C:\WINDOWS\TEMP.\salm.exe C:\WINDOWS\win3207585-5228242007.exe C:\WINDOWS\wml.exe C:\WINDOWS\ystem~1 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CORE -------\LEGACY_DOMAINSERVICE -------\LEGACY_NNSERV -------\DomainService -------\NNServ ((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 ))))))))))))))))))))))))))))))) . 2007-12-31 17:39 . 2007-12-31 17:39 323,072 --------- C:\WINDOWS\system32\jkklj.dll 2007-12-31 14:26 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-12-30 20:09 . 2007-12-30 20:09 326,656 --a------ C:\WINDOWS\system32\RCX21.tmp 2007-12-30 19:59 . 2007-12-30 19:59 12,288 --a------ C:\Program Files\77006729.exe 2007-12-30 19:26 . 2007-12-30 19:26 12,288 --a------ C:\Program Files\75008176.exe 2007-12-30 15:56 . 2007-12-30 15:56 12,288 --a------ C:\Program Files\62409700.exe 2007-12-30 11:21 . 2007-12-30 11:21 326,656 --a------ C:\WINDOWS\system32\RCX98.tmp 2007-12-29 23:48 . 2007-12-29 23:48 <DIR> d-------- C:\Program Files\AliveMedia 2007-12-29 22:39 . 2007-12-29 22:39 326,656 --a------ C:\WINDOWS\system32\RCX20.tmp 2007-12-29 22:34 . 2007-12-29 22:34 <DIR> d-------- C:\Program Files\4U Computing 2007-12-29 22:34 . 2003-03-26 06:59 573,440 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll 2007-12-29 22:34 . 2002-12-03 03:02 491,520 --a------ C:\WINDOWS\system32\NCTAudioFile.dll 2007-12-29 22:34 . 2003-03-25 15:08 286,720 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll 2007-12-29 22:34 . 2002-12-03 03:07 168,448 --a------ C:\WINDOWS\system32\NCTAudioPlayer.dll 2007-12-29 22:34 . 2002-12-03 03:11 143,872 --a------ C:\WINDOWS\system32\NCTWMAFile.dll 2007-12-29 22:34 . 2002-03-19 07:18 120,832 --a------ C:\WINDOWS\system32\lame_enc.dll 2007-12-29 14:25 . 2007-12-29 14:25 294 --ahs---- C:\WINDOWS\system32\hasypgva.ini 2007-12-27 00:01 . 2007-12-27 00:01 <DIR> d--h----- C:\temp\pt8q3khslw 2007-12-26 21:10 . 2007-12-26 21:10 326,656 --a------ C:\WINDOWS\system32\RCX91.tmp 2007-12-26 21:06 . 2007-12-27 18:21 1,609,728 --a------ C:\WINDOWS\MEDB.mdb 2007-12-26 21:06 . 2007-05-01 14:23 528,384 --a------ C:\WINDOWS\system32\VZWDownManager.exe 2007-12-26 21:06 . 2007-05-01 14:23 49,152 --a------ C:\WINDOWS\system32\VZWDLManager.dll 2007-12-26 21:06 . 2007-05-02 00:34 375 --a------ C:\WINDOWS\system32\VZWDLManager.inf 2007-12-26 21:05 . 2007-12-26 21:05 <DIR> d-------- C:\Program Files\Verizon Wireless 2007-12-26 13:36 . 2007-12-26 13:36 <DIR> d-------- C:\Documents and Settings\On The Go\Application Data\Apple Computer 2007-12-26 13:35 . 2007-12-26 21:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-26 13:35 . 2007-12-26 13:35 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-25 23:39 . 2007-12-25 23:38 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-12-25 23:38 . 2007-12-26 13:34 <DIR> d-------- C:\Documents and Settings\On The Go\.housecall6.6 2007-12-25 23:26 . 2007-12-26 21:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-25 21:54 . 2007-12-25 21:54 <DIR> d----c--- C:\Linksys Driver 2007-12-25 15:53 . 2007-12-25 15:59 1,310,376 --a------ C:\WINDOWS\system32\new .exe 2007-12-25 15:53 . 2007-12-25 15:53 326,656 --a------ C:\WINDOWS\system32\RCX38.tmp 2007-12-25 15:52 . 2007-12-31 17:39 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe 2007-12-25 15:52 . 2007-12-25 15:59 126,976 --a------ C:\WINDOWS\system32\hkcmd .exe 2007-12-25 13:31 . 2007-12-30 11:20 <DIR> d-------- C:\Documents and Settings\On The Go\Application Data\uTorrent 2007-12-25 13:28 . 2007-12-25 13:28 <DIR> d-------- C:\Program Files\LG Electronics 2007-12-25 13:28 . 2007-04-09 09:55 22,912 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys 2007-12-25 13:28 . 2007-04-09 09:56 21,248 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys 2007-12-25 13:28 . 2007-04-09 09:53 12,672 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys 2007-12-25 13:26 . 2007-12-25 13:26 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-12-20 15:37 . 2007-12-31 14:46 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-12-20 15:37 . 2007-12-20 15:37 <DIR> d-------- C:\Documents and Settings\On The Go\Application Data\SUPERAntiSpyware.com 2007-12-20 15:37 . 2007-12-20 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-12-20 15:36 . 2007-12-20 15:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-17 21:48 . 2007-12-17 21:48 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-17 21:34 . 2007-12-30 22:21 <DIR> d-------- C:\Documents and Settings\On The Go\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-31 22:46 --------- d-----w C:\Program Files\QuickTime 2007-12-31 16:23 78,880 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2007-12-31 11:01 2,053,664 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-31 07:29 512 ----a-w C:\ScanSectorLog.dat 2007-12-31 04:09 483,328 ----a-w C:\WINDOWS\system32\igfxtray.exe 2007-12-31 04:09 --------- d-----w C:\Program Files\Zune 2007-12-31 04:09 --------- d-----w C:\Program Files\iTunes 2007-12-31 04:09 --------- d-----w C:\Program Files\enie 2007-12-25 23:53 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe 2007-12-25 23:52 371,712 ----a-w C:\WINDOWS\system32\ezSP_Px.exe 2007-12-25 23:16 --------- d-----w C:\Program Files\uTorrent 2007-12-25 21:28 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-21 01:06 --------- d-----w C:\Program Files\EQTraffic 2007-12-21 00:59 --------- d-----w C:\Program Files\Common Files\rmww 2007-12-18 06:32 --------- d-----w C:\Documents and Settings\On The Go\Application Data\LimeWire 2007-11-25 06:31 149 ----a-w C:\Program Files\ini.ini 2007-11-25 06:26 --------- d-----w C:\Program Files\LimeWire 2007-11-20 17:50 --------- d-----w C:\Program Files\IMVU 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-08-04 13:06 1,972 ----a-w C:\Program Files\installer.js 2007-06-26 04:12 94,311 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_06_13_23_21_50_small.dmp.zip 2006-04-21 16:15 2,097 -c--a-w C:\Program Files\folder.js 2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll . CODE ----a-w 68,608 2007-12-31 10:07:32 C:\Program Files\enie\ramb .exe ----a-w 256,576 2007-12-31 04:09:44 C:\Program Files\iTunes\iTunesHelper .exe ----a-w 36,975 2007-12-31 04:09:39 C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe ----a-w 1,694,208 2007-12-31 04:09:54 C:\Program Files\Messenger\msmsgs .exe ----a-w 636,416 2007-12-31 04:09:41 C:\Program Files\QuickTime\qttask .exe ----a-w 636,416 2007-12-30 19:21:32 C:\Program Files\QuickTime\qttask .exe ----a-w 636,416 2007-12-30 06:39:50 C:\Program Files\QuickTime\qttask .exe ----a-w 636,416 2007-12-27 05:10:44 C:\Program Files\QuickTime\qttask .exe ----a-w 26,112 2007-12-31 04:09:55 C:\Program Files\Real\RealPlayer\RealPlay .exe ----a-w 1,460,560 2007-12-31 22:10:05 C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe ----a-w 1,318,912 2007-12-31 22:10:04 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe ----a-w 24,104 2007-12-31 04:09:44 C:\Program Files\Zune\ZuneLauncher .exe ----a-w 158,208 2007-12-25 23:53:34 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe ----a-w 126,976 2007-12-25 23:59:08 C:\WINDOWS\system32\hkcmd .exe ----a-w 155,648 2008-01-01 01:39:48 C:\WINDOWS\system32\igfxtray .exe ----a-w 1,310,376 2007-12-25 23:59:22 C:\WINDOWS\system32\new .exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56D7D794-F317-4E36-AA1A-39BFFBC8148C}] 2007-12-31 17:39 323072 --------- C:\WINDOWS\system32\jkklj.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [ ] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-30 20:09 483328] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 122880 C:\WINDOWS\BCMSMMSG.exe] "D0D1D5D3D3D2D9D"="9B9CA09E9E9DA.exe" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2007-12-30 20:09 364544] "fns-8.exeML 4."="C:\WINDOWS\system32\fns-8.exeML 4." [2006-04-21 06:45 0] "is11"="C:\WINDOWS\system32\is11" [2007-12-31 17:40 1636864] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-30 11:21 674816] "Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-12-30 11:21 351744] "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-12-30 20:09 363008] "RegistryMechanic"="" [] C:\Documents and Settings\On The Go\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-02-16 14:03:17] MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-12-26 21:05:59] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 16:23:32] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows] "load"=C:\WINDOWS\system32\jkklj.exe [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkklj S3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;C:\WINDOWS\system32\drivers\A311.sys [2003-02-04 22:04] S3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;C:\WINDOWS\system32\drivers\A310.sys [2003-02-04 22:04] S3 USB-100;USB 10/100 Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\USBER100.SYS [2002-10-10 18:03] S3 WDNEBBFB;WDNEBBFBWinmodem icon;C:\WINDOWS\system32\DRIVERS\WDNEBBFB.sys [2000-01-28 16:36] S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 22:53] . Contents of the 'Scheduled Tasks' folder "2007-09-01 20:28:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-31 17:41:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-12-31 17:46:44 - machine was rebooted C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 01:46:26 . 2007-12-26 15:26:40 --- E O F --- ---------------------------------------------------------------- my HijackThis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:50:06 PM, on 12/31/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://s2.thezirius.com/?name=706F776572706F7765722E657865 F3 - REG:win.ini: load=C:\WINDOWS\system32\jkklj.exe O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [D0D1D5D3D3D2D9D] 9B9CA09E9E9DA.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [fns-8.exeML 4.] C:\WINDOWS\system32\fns-8.exeML 4. O4 - HKLM\..\Run: [is11] C:\WINDOWS\system32\is11 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 4500 bytes

rookie147 View Member Profile	Jan 2 2008, 04:03 PM Post #8
Forum Addict Group: HJT Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052	Using My Computer, navigate to where you have HijackThis saved. Right-click on the HijackThis.exe file. Select "Rename", call it fluffybunny and press enter. Use fluffybunny.exe from now on. Then I'd like a new HijackThis log using the renamed file. Thanks, Charles -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.

madphizx View Member Profile	Jan 3 2008, 12:27 AM Post #9
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:26:49 PM, on 1/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\fluffybunny.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://s2.thezirius.com/?name=706F776572706F7765722E657865 F3 - REG:win.ini: load=C:\WINDOWS\system32\jkklj.exe O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5F6982BF-6BA0-4581-9DC7-791143C68A39} - C:\WINDOWS\system32\jkklj.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [D0D1D5D3D3D2D9D] 9B9CA09E9E9DA.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [fns-8.exeML 4.] C:\WINDOWS\system32\fns-8.exeML 4. O4 - HKLM\..\Run: [is11] C:\WINDOWS\system32\is11 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 4478 bytes

rookie147 View Member Profile	Jan 3 2008, 09:48 AM Post #10
Forum Addict Group: HJT Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052	Please print off a copy of these instructions, and also save them to a Notepad file on your Desktop, so they are easily accessible. We are going to boot into Safe Mode later in the fix, and there is no internet access. Scan again with HijackThis and put a checkmark next to each of the following entries (if present): F3 - REG:win.ini: load=C:\WINDOWS\system32\jkklj.exe O2 - BHO: (no name) - {5F6982BF-6BA0-4581-9DC7-791143C68A39} - C:\WINDOWS\system32\jkklj.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [D0D1D5D3D3D2D9D] 9B9CA09E9E9DA.exe O4 - HKLM\..\Run: [fns-8.exeML 4.] C:\WINDOWS\system32\fns-8.exeML 4. O4 - HKLM\..\Run: [is11] C:\WINDOWS\system32\is11 Then close all other windows - you should only see HijackThis on your Desktop - and click the Fix checked button. Reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list. Make sure you choose the option without Networking Support. Set your system to show all files. Navigate to Start \| My Computer \| Tools \| Folder Options. Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders". Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Find and delete the following files (if present): C:\WINDOWS\system32\fns-8.exe C:\WINDOWS\system32\jkklj.dll Navigate to Start \| Search \| All files and folders. Expand More advanced options, check 'Search system folders', 'Search hidden files and folders' and 'Search subfolders'. Paste this into the All or part of the file name box: 9B9CA09E9E9DA.exe is11 Then click Search. If you find any examples of these, please remove them. Reboot into Normal Mode again. You're using an outdated version of Java (the latest one is Java Runtime Environment (JRE) 6u3), and these can be exploited by malware, so you need to update it as soon as possible. Please update and remove the older versions from your computer. Do the following: Go to Start \| Control Panel \| Add/Remove Programs Search in the list for all previous installed versions of Java (J2SE Runtime Environment ...) Select it and click Remove. Then download and install the newest version from here: Java Runtime Environment (JRE) 6u3 Then I'd like to see a new Combofix and Hijackthis log. Thanks, Charles -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.

madphizx View Member Profile	Jan 18 2008, 10:43 PM Post #11
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817	hey sorry for the wait and i tryed the combo fix thing and it kept just leaving me with a blank desktop and i waited 2 more hours and still the same so all i have is the hijackthis log, also at randoms times a message comes up about a debugger and i look on my taskmanager and it says windows with like 200,000 mem usages and it just crashes can u help me fix that!!! thx!!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:39, on 2008-01-18 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Common Files\StorageProtector\strpmon .exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\Program Files\Common Files\StorageProtector\strpmon .exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Trend Micro\HijackThis\fluffybunny.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://storageprotector.com/clean/sale.php...26676&addt= O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {61821B57-6935-4430-8D44-5E3A2F6D9AA3} - C:\WINDOWS\system32\jkklj.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\jikvpvpu.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Five 01 else bias] C:\Documents and Settings\All Users\Application Data\Web Okay Five 01\atom nurb.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [e0d654d8] rundll32.exe "C:\WINDOWS\system32\nowqqmyd.dll",b O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [StorageProtector] C:\Program Files\StorageProtector\SysRep .exe O4 - HKLM\..\Run: [ucookw] "C:\PROGRA~1\STORAG~1\ucookw.exe" -start O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(2)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(3)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(4)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(5)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(6)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKCU\..\Run: [CLOSESTART] C:\DOCUME~1\ONTHEG~1\APPLIC~1\CREATI~1\idlescrpoll.exe O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - Winlogon Notify: jikvpvpu - C:\WINDOWS\SYSTEM32\jikvpvpu.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8001 bytes

rookie147 View Member Profile	Jan 19 2008, 03:55 PM Post #12
Forum Addict Group: HJT Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052	Please download VundoFix to your Desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt in your next reply. Note: It is possible that VundoFix encountered a file it could not remove. VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting. Please include VundoFix.txt and a new HijackThis log in your next reply. -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.

madphizx View Member Profile	Jan 20 2008, 03:38 AM Post #13
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817	well i followed the steps just like you said and i didnt get no log from the vundo fix but i have a hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:36:26 AM, on 1/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Zune\ZuneLauncher.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Zune\ZuneLauncher .exe C:\Program Files\Common Files\StorageProtector\strpmon .exe C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe C:\Program Files\Common Files\StorageProtector\strpmon .exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\enie\ramb.exe C:\Program Files\enie\ramb.exe C:\Program Files\enie\ramb.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ad-w-a-r-e.com/cgi-bin/PopupV3?...=1&rnd=7872 R3 - Default URLSearchHook is missing F3 - REG:win.ini: load=C:\WINDOWS\system32\jkklj.exe O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [Five 01 else bias] C:\Documents and Settings\All Users\Application Data\Web Okay Five 01\atom nurb.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [StorageProtector] C:\Program Files\StorageProtector\SysRep .exe O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(2)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(3)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(4)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(5)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(6)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(7)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(8)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(9)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(10)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(11)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKCU\..\Run: [Tgoeq] C:\Documents and Settings\limewire\My Documents\W?nSxS\??chost.exe O4 - HKCU\..\Run: [Ojaph] "C:\Documents and Settings\limewire\Application Data\?ystem\l?ass.exe" O4 - HKCU\..\Run: [Hrtd] "C:\Program Files\enie\ramb.exe" -vt yazb O4 - HKCU\..\Run: [CLOSESTART] C:\DOCUME~1\limewire\APPLIC~1\CREATI~1\idlescrpoll.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\fsyshiiz.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 8446 bytes

rookie147 View Member Profile	Jan 21 2008, 02:27 AM Post #14
Forum Addict Group: HJT Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052	If you look in the root of your C:\ drive, is there a log? -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.

madphizx View Member Profile	Jan 21 2008, 07:11 PM Post #15
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817	nvm i found it may bad lol VundoFix V6.7.7 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Scan started at 9:09:26 PM 1/19/2008 Listing files found while scanning.... C:\windows\system32\jikvpvpu.dll C:\windows\system32\jikvpvpu.dllbox C:\windows\system32\jkklj.dll C:\windows\system32\jlkkj.ini C:\windows\system32\jlkkj.ini2 Beginning removal... Attempting to delete C:\windows\system32\jikvpvpu.dll C:\windows\system32\jikvpvpu.dll Has been deleted! Attempting to delete C:\windows\system32\jikvpvpu.dllbox C:\windows\system32\jikvpvpu.dllbox Has been deleted! Attempting to delete C:\windows\system32\jkklj.dll C:\windows\system32\jkklj.dll Could not be deleted. Attempting to delete C:\windows\system32\jlkkj.ini C:\windows\system32\jlkkj.ini Has been deleted! Attempting to delete C:\windows\system32\jlkkj.ini2 C:\windows\system32\jlkkj.ini2 Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.7.7 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Scan started at 11:35:05 PM 1/19/2008 Listing files found while scanning.... C:\windows\system32\jkklj.dll C:\windows\system32\jlkkj.ini C:\windows\system32\jlkkj.ini2 Beginning removal... Attempting to delete C:\windows\system32\jkklj.dll C:\windows\system32\jkklj.dll Has been deleted! Attempting to delete C:\windows\system32\jlkkj.ini C:\windows\system32\jlkkj.ini Has been deleted! Attempting to delete C:\windows\system32\jlkkj.ini2 C:\windows\system32\jlkkj.ini2 Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\jkklj.dll C:\windows\system32\jkklj.dll Could not be deleted. Attempting to delete C:\windows\system32\jlkkj.ini C:\windows\system32\jlkkj.ini Has been deleted! Attempting to delete C:\windows\system32\jlkkj.ini2 C:\windows\system32\jlkkj.ini2 Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Beginning removal... This post has been edited by madphizx: Jan 21 2008, 07:12 PM

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides