Surf Side Kick Problems

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

6 Pages

1 2 3 > »

Surf Side Kick Problems

Options

madphizx View Member Profile	Dec 20 2007, 06:25 PM Post #1
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817	I have surf side kick virus and dont know how to take it off and internet explorer keeps popping up and i want it off my computer cause i use firefox heres my log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:20:45 PM, on 12/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\RGVsbA\command.exe C:\WINDOWS\system32\dfcnibbs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\ezSP_Px.exe C:\Program Files\Internet Optimizer\optimize.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Network Monitor\netmon.exe C:\Program Files\NewDotNet\nnrun.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\dpkkleo.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\TEMP\win2E.tmp.exe C:\WINDOWS\system32\regsvr32.exe C:\WINDOWS\mgrs.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\regsvr32.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\LimeWire\LimeWire.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\NewDotNet\nnrun.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.adnet-plus.com/banners.php F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\vavyx.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,gvddixd.exe O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\Downloaded Program Files\webdlg32.dll O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing) O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [D4C80W] C:\WINDOWS\cxyql.exe O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKLM\..\Run: [Yiewtq] C:\Program Files\Yltpjo\Ukeo.exe O4 - HKLM\..\Run: [Á³# L"h'þ9ÓÅ“ð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\cxyql.exe O4 - HKLM\..\Run: [Á²# L"h'þ9ÓÅ“ð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\cxyql.exe O4 - HKLM\..\Run: [webrebates] "C:\Program Files\WebRebates4\webrebates.exe" O4 - HKLM\..\Run: [kcsrihv] C:\WINDOWS\kcsrihv.exe O4 - HKLM\..\Run: [D0D1D5D3D3D2D9D] 9B9CA09E9E9DA.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun O4 - HKLM\..\Run: [ula0U] "C:\WINDOWS\system32\slk8x2peu.exe" O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e127.exe O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad17.exe O4 - HKLM\..\Run: [newname] C:\\nwnm_1.exe O4 - HKLM\..\Run: [{65-54-47-77-ZN}] C:\windows\system32\qodsregn.exe CORN001 O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe O4 - HKLM\..\Run: [mmxp2passion.exe] C:\WINDOWS\system32\mmxp2passion.exe O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64 O4 - HKLM\..\Run: [Tagasuarus7.exerg] C:\WINDOWS\system32\Tagasuarus7.exerg O4 - HKLM\..\Run: [expload.exe] C:\WINDOWS\system32\expload.exe O4 - HKLM\..\Run: [fns-8.exeML 4.] C:\WINDOWS\system32\fns-8.exeML 4. O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe O4 - HKLM\..\Run: [w00a3f75.dll] RUNDLL32.EXE w00a3f75.dll,I2 0008893d000a3f75 O4 - HKLM\..\Run: [fns-8.exe] C:\WINDOWS\system32\fns-8.exe O4 - HKLM\..\Run: [is11] C:\WINDOWS\system32\is11 O4 - HKLM\..\Run: [Á²# {"h'þ9ÓÅ“Ç3rÅ WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\cxyql.exe O4 - HKLM\..\Run: [edkiuc] C:\WINDOWS\system32\edkiuc.exe O4 - HKLM\..\Run: [defender] C:\\dfndrff_127.exe O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe" O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe O4 - HKLM\..\Run: [dpkkleoA] C:\WINDOWS\dpkkleoA.exe O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lwinprdq.exe CORN001 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto O4 - HKLM\..\Run: [new.exe] C:\WINDOWS\system32\new.exe O4 - HKLM\..\Run: [win3207585-522824] C:\WINDOWS\win3207585-522824.exe O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [w004c0bf.dll] RUNDLL32.EXE w004c0bf.dll,I2 0008893d0004c0bf O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu361.exe 61A847B5BBF72811349A284503996897C881250221C8670836AC4FA7C88332017491394662E901F3 D29332022288670A26F362E9AEE45B6C46E45F351EA453BC94DA7C57319D394827B144 O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\xhrdccwy.dll",sitypnow O4 - HKLM\..\Run: [AppID] C:\WINDOWS\system32\fqfuxr.exe reg_run O4 - HKLM\..\Run: [zcdyxmba] rundll32.exe "C:\Program Files\tofezibc\xcfmbujo.dll",Init O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win2E.tmp.exe O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvcub.dll,startup O4 - HKLM\..\Run: [xatczoti] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\xatczoti.dll" O4 - HKLM\..\Run: [smgr] mgrs.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ibyfkzop] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ibyfkzop.dll" O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R O4 - S-1-5-18 Startup: Zeno.lnk = C:\WINDOWS\system32\lwinprag.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Zeno.lnk = C:\WINDOWS\system32\lwinprag.exe (User 'Default user') O4 - .DEFAULT Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: .media-motor.net O15 - Trusted Zone: .mmohsix.com O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab O18 - Filter hijack: text/html - {D55E80B0-433D-442F-A524-060DEA41DEE0} - C:\WINDOWS\system32\icda0wpw5.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGVsbA\command.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\dfcnibbs.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: NNServ - New.net, Inc. - C:\Program Files\NewDotNet\nnrun.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\dpkkleo.exe -- End of file - 10329 bytes This post has been edited by madphizx: Dec 20 2007, 06:31 PM

madphizx View Member Profile	Dec 20 2007, 06:29 PM Post #2
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817	also, my computer wont let me install the spybot program, the install thing pops up and to install it then it goes away, every time i try to install it even in my taskmanager, it justs goes away every 5 seconds, same thing to the registry mechanics program This post has been edited by madphizx: Dec 20 2007, 06:30 PM

madphizx View Member Profile	Dec 22 2007, 12:14 AM Post #3
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817	can anyone help me?

rookie147 View Member Profile	Dec 23 2007, 12:35 PM Post #4
Forum Addict Group: HJT Team Coach Posts: 5,084 Joined: 1-April 06 Member No.: 62,052	Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A HijackThis Log Thanks, Charles -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.

madphizx View Member Profile	Dec 29 2007, 05:32 PM Post #5
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817	srry 4 the wait Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:26:39 PM, on 12/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://s2.thezirius.com/?name=706F776572706F7765722E657865 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe F3 - REG:win.ini: load=C:\WINDOWS\system32\jkklj.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,gvddixd.exe O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [D0D1D5D3D3D2D9D] 9B9CA09E9E9DA.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [fns-8.exeML 4.] C:\WINDOWS\system32\fns-8.exeML 4. O4 - HKLM\..\Run: [is11] C:\WINDOWS\system32\is11 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win2E.tmp .exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\xhrdccwy.dll",sitypnow O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e127.exe O4 - HKLM\..\Run: [defender] C:\\dfndrff_127.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab O18 - Filter hijack: text/html - {D55E80B0-433D-442F-A524-060DEA41DEE0} - (no file) O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing) O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 5397 bytes

rookie147 View Member Profile	Dec 30 2007, 09:47 AM Post #6
Forum Addict Group: HJT Team Coach Posts: 5,084 Joined: 1-April 06 Member No.: 62,052	Download Combofix to your Desktop. Double click combofix.exe Follow the prompts that are displayed. Don't click on the window while the fix is running, because that will cause your system to hang. When finished, it should produce a log, combofix.txt. Post that in your next reply. I'd also like a new Hijackthis log. Thanks, Charles -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.

madphizx View Member Profile	Dec 31 2007, 08:50 PM Post #7
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817	ComboFix 07-12-31.4 - On The Go 2007-12-31 14:31:48.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.108 [GMT -8:00] Running from: C:\Documents and Settings\On The Go\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\2.exe C:\Documents and Settings\Administrator\Application Data\Starware C:\Documents and Settings\Administrator\Application Data\Starware\BrowserSearch\BrowserSearch.xml C:\Documents and Settings\Administrator\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\Games\GamesOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\Games\GamesOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\Layouts\PreferencesLayout.xml C:\Documents and Settings\Administrator\Application Data\Starware\Layouts\PreferencesLayout.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\Layouts\ToolbarLayout.xml C:\Documents and Settings\Administrator\Application Data\Starware\Layouts\ToolbarLayout.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\Manager\ManagerOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\Manager\ManagerOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\Movies\MoviesOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\Movies\MoviesOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\Reference\ReferenceOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\Reference\ReferenceOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\Screensavers\ScreensaversOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\SearchMatch\SearchMatchOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\Toolbar\TBProductsOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup C:\Documents and Settings\Administrator\Application Data\Starware\TravelSearch\TravelSearchOptions.xml C:\Documents and Settings\Administrator\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup C:\Program Files\asks~1 C:\Program Files\Common Files\fnts~1 C:\Program Files\Common Files\icroso~1 C:\Program Files\Common Files\misc001 C:\Program Files\Common Files\pppatc~1 C:\Program Files\Common Files\pppatc~1\?ppPatch\ C:\Program Files\Common Files\sks~1 C:\Program Files\Common Files\smante~1 C:\Program Files\Common Files\stem~1 C:\Program Files\Common Files\windows C:\Program Files\crosof~1.net C:\Program Files\deskbar C:\Program Files\folder.js\ C:\Program Files\Helper C:\Program Files\ini.ini\ C:\Program Files\Insider C:\Program Files\Insider\UnInstall.exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\racle~1 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Temporary C:\Program Files\winupdates C:\Program Files\winupdates\a.zip C:\Program Files\wnsxs~1 C:\temp\tn3 C:\WINDOWS\curity~1 C:\WINDOWS\default.htm C:\WINDOWS\dobe~1 C:\WINDOWS\keyboard131.dat C:\WINDOWS\keyboard171.dat C:\WINDOWS\keyboard31.dat C:\WINDOWS\keyboard71.dat C:\WINDOWS\keyboard91.dat C:\WINDOWS\saiemod.dll C:\WINDOWS\satmat.exe C:\WINDOWS\swin32.dll C:\WINDOWS\sysrlb32.exe C:\WINDOWS\system32\~.exe C:\WINDOWS\system32\awpkbrrb.ini C:\WINDOWS\system32\bbhikghc.dll C:\WINDOWS\system32\brrbkpwa.dll C:\WINDOWS\system32\bszip.dll C:\WINDOWS\system32\cemetrix.dll C:\WINDOWS\system32\chgkihbb.ini C:\WINDOWS\system32\dajbfpnt.exe C:\WINDOWS\system32\dobe~1 C:\WINDOWS\system32\drivers\alert_icon.gif C:\WINDOWS\system32\drivers\close_icon.gif C:\WINDOWS\system32\drivers\detect.htm C:\WINDOWS\system32\drivers\header_bg.gif C:\WINDOWS\system32\drivers\icon_warning.gif C:\WINDOWS\system32\drivers\remove_spyware_button.gif C:\WINDOWS\system32\drivers\s_detect.htm C:\WINDOWS\system32\drivers\secuity_center_logo.gif C:\WINDOWS\system32\gtv_sd.bin C:\WINDOWS\system32\jkklj.dll C:\WINDOWS\system32\jkklj.exe C:\WINDOWS\system32\jlkkj.ini C:\WINDOWS\system32\jlkkj.ini2 C:\WINDOWS\system32\kmukumfs.dll C:\WINDOWS\system32\lclcfg32.ini C:\WINDOWS\system32\lfd32.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mnqru.bak1 C:\WINDOWS\system32\mnqru.bak2 C:\WINDOWS\system32\mnqru.ini C:\WINDOWS\system32\njprckha C:\WINDOWS\system32\njprckha\bg1.gif C:\WINDOWS\system32\njprckha\bgtop.gif C:\WINDOWS\system32\njprckha\bottom1.gif C:\WINDOWS\system32\njprckha\essentials.gif C:\WINDOWS\system32\njprckha\icon1.ico C:\WINDOWS\system32\njprckha\install1.gif C:\WINDOWS\system32\njprckha\left1.gif C:\WINDOWS\system32\njprckha\li.gif C:\WINDOWS\system32\njprckha\logo.gif C:\WINDOWS\system32\njprckha\main.htm C:\WINDOWS\system32\njprckha\mainframe.htm C:\WINDOWS\system32\njprckha\reinstall1.gif C:\WINDOWS\system32\njprckha\right1.gif C:\WINDOWS\system32\njprckha\s1.htm C:\WINDOWS\system32\njprckha\s2.htm C:\WINDOWS\system32\njprckha\s3.htm C:\WINDOWS\system32\njprckha\SMTop1.gif C:\WINDOWS\system32\njprckha\SMTop2.gif C:\WINDOWS\system32\njprckha\SMTop3.gif C:\WINDOWS\system32\njprckha\SMTop4.gif C:\WINDOWS\system32\njprckha\soft1_off.gif C:\WINDOWS\system32\njprckha\soft1_off_ext.gif C:\WINDOWS\system32\njprckha\soft1_on.gif C:\WINDOWS\system32\njprckha\soft1_on_ext.gif C:\WINDOWS\system32\njprckha\soft2_off.gif C:\WINDOWS\system32\njprckha\soft2_off_ext.gif C:\WINDOWS\system32\njprckha\soft2_on.gif C:\WINDOWS\system32\njprckha\soft2_on_ext.gif C:\WINDOWS\system32\njprckha\soft3_off.gif C:\WINDOWS\system32\njprckha\soft3_off_ext.gif C:\WINDOWS\system32\njprckha\soft3_on.gif C:\WINDOWS\system32\njprckha\soft3_on_ext.gif C:\WINDOWS\system32\njprckha\softbottom_off.gif C:\WINDOWS\system32\njprckha\softbottom_on.gif C:\WINDOWS\system32\njprckha\softleft_off.gif C:\WINDOWS\system32\njprckha\softleft_on.gif C:\WINDOWS\system32\njprckha\top1.gif C:\WINDOWS\system32\njprckha\top2.gif C:\WINDOWS\system32\njprckha\turnoff1.gif C:\WINDOWS\system32\njprckha\turnon1.gif C:\WINDOWS\system32\sfmukumk.ini C:\WINDOWS\system32\sl.bin C:\WINDOWS\system32\sstem~1 C:\WINDOWS\system32\stem32~1 C:\WINDOWS\system32\stfv.bin C:\WINDOWS\system32\vhrmeowh.dll C:\WINDOWS\system32\wer8274.dll C:\WINDOWS\system32\wowfx.dll C:\WINDOWS\system32\xhrdccwy.dll C:\WINDOWS\system32\ywccdrhx.ini C:\WINDOWS\TEMP.\salm.exe C:\WINDOWS\win3207585-5228242007.exe C:\WINDOWS\wml.exe C:\WINDOWS\ystem~1 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CORE -------\LEGACY_DOMAINSERVICE -------\LEGACY_NNSERV -------\DomainService -------\NNServ ((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 ))))))))))))))))))))))))))))))) . 2007-12-31 17:39 . 2007-12-31 17:39 323,072 --------- C:\WINDOWS\system32\jkklj.dll 2007-12-31 14:26 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-12-30 20:09 . 2007-12-30 20:09 326,656 --a------ C:\WINDOWS\system32\RCX21.tmp 2007-12-30 19:59 . 2007-12-30 19:59 12,288 --a------ C:\Program Files\77006729.exe 2007-12-30 19:26 . 2007-12-30 19:26 12,288 --a------ C:\Program Files\75008176.exe 2007-12-30 15:56 . 2007-12-30 15:56 12,288 --a------ C:\Program Files\62409700.exe 2007-12-30 11:21 . 2007-12-30 11:21 326,656 --a------ C:\WINDOWS\system32\RCX98.tmp 2007-12-29 23:48 . 2007-12-29 23:48 <DIR> d-------- C:\Program Files\AliveMedia 2007-12-29 22:39 . 2007-12-29 22:39 326,656 --a------ C:\WINDOWS\system32\RCX20.tmp 2007-12-29 22:34 . 2007-12-29 22:34 <DIR> d-------- C:\Program Files\4U Computing 2007-12-29 22:34 . 2003-03-26 06:59 573,440 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll 2007-12-29 22:34 . 2002-12-03 03:02 491,520 --a------ C:\WINDOWS\system32\NCTAudioFile.dll 2007-12-29 22:34 . 2003-03-25 15:08 286,720 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll 2007-12-29 22:34 . 2002-12-03 03:07 168,448 --a------ C:\WINDOWS\system32\NCTAudioPlayer.dll 2007-12-29 22:34 . 2002-12-03 03:11 143,872 --a------ C:\WINDOWS\system32\NCTWMAFile.dll 2007-12-29 22:34 . 2002-03-19 07:18 120,832 --a------ C:\WINDOWS\system32\lame_enc.dll 2007-12-29 14:25 . 2007-12-29 14:25 294 --ahs---- C:\WINDOWS\system32\hasypgva.ini 2007-12-27 00:01 . 2007-12-27 00:01 <DIR> d--h----- C:\temp\pt8q3khslw 2007-12-26 21:10 . 2007-12-26 21:10 326,656 --a------ C:\WINDOWS\system32\RCX91.tmp 2007-12-26 21:06 . 2007-12-27 18:21 1,609,728 --a------ C:\WINDOWS\MEDB.mdb 2007-12-26 21:06 . 2007-05-01 14:23 528,384 --a------ C:\WINDOWS\system32\VZWDownManager.exe 2007-12-26 21:06 . 2007-05-01 14:23 49,152 --a------ C:\WINDOWS\system32\VZWDLManager.dll 2007-12-26 21:06 . 2007-05-02 00:34 375 --a------ C:\WINDOWS\system32\VZWDLManager.inf 2007-12-26 21:05 . 2007-12-26 21:05 <DIR> d-------- C:\Program Files\Verizon Wireless 2007-12-26 13:36 . 2007-12-26 13:36 <DIR> d-------- C:\Documents and Settings\On The Go\Application Data\Apple Computer 2007-12-26 13:35 . 2007-12-26 21:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-26 13:35 . 2007-12-26 13:35 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-25 23:39 . 2007-12-25 23:38 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-12-25 23:38 . 2007-12-26 13:34 <DIR> d-------- C:\Documents and Settings\On The Go\.housecall6.6 2007-12-25 23:26 . 2007-12-26 21:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-25 21:54 . 2007-12-25 21:54 <DIR> d----c--- C:\Linksys Driver 2007-12-25 15:53 . 2007-12-25 15:59 1,310,376 --a------ C:\WINDOWS\system32\new .exe 2007-12-25 15:53 . 2007-12-25 15:53 326,656 --a------ C:\WINDOWS\system32\RCX38.tmp 2007-12-25 15:52 . 2007-12-31 17:39 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe 2007-12-25 15:52 . 2007-12-25 15:59 126,976 --a------ C:\WINDOWS\system32\hkcmd .exe 2007-12-25 13:31 . 2007-12-30 11:20 <DIR> d-------- C:\Documents and Settings\On The Go\Application Data\uTorrent 2007-12-25 13:28 . 2007-12-25 13:28 <DIR> d-------- C:\Program Files\LG Electronics 2007-12-25 13:28 . 2007-04-09 09:55 22,912 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys 2007-12-25 13:28 . 2007-04-09 09:56 21,248 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys 2007-12-25 13:28 . 2007-04-09 09:53 12,672 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys 2007-12-25 13:26 . 2007-12-25 13:26 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-12-20 15:37 . 2007-12-31 14:46 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-12-20 15:37 . 2007-12-20 15:37 <DIR> d-------- C:\Documents and Settings\On The Go\Application Data\SUPERAntiSpyware.com 2007-12-20 15:37 . 2007-12-20 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-12-20 15:36 . 2007-12-20 15:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-17 21:48 . 2007-12-17 21:48 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-17 21:34 . 2007-12-30 22:21 <DIR> d-------- C:\Documents and Settings\On The Go\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-31 22:46 --------- d-----w C:\Program Files\QuickTime 2007-12-31 16:23 78,880 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2007-12-31 11:01 2,053,664 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-31 07:29 512 ----a-w C:\ScanSectorLog.dat 2007-12-31 04:09 483,328 ----a-w C:\WINDOWS\system32\igfxtray.exe 2007-12-31 04:09 --------- d-----w C:\Program Files\Zune 2007-12-31 04:09 --------- d-----w C:\Program Files\iTunes 2007-12-31 04:09 --------- d-----w C:\Program Files\enie 2007-12-25 23:53 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe 2007-12-25 23:52 371,712 ----a-w C:\WINDOWS\system32\ezSP_Px.exe 2007-12-25 23:16 --------- d-----w C:\Program Files\uTorrent 2007-12-25 21:28 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-21 01:06 --------- d-----w C:\Program Files\EQTraffic 2007-12-21 00:59 --------- d-----w C:\Program Files\Common Files\rmww 2007-12-18 06:32 --------- d-----w C:\Documents and Settings\On The Go\Application Data\LimeWire 2007-11-25 06:31 149 ----a-w C:\Program Files\ini.ini 2007-11-25 06:26 --------- d-----w C:\Program Files\LimeWire 2007-11-20 17:50 --------- d-----w C:\Program Files\IMVU 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-08-04 13:06 1,972 ----a-w C:\Program Files\installer.js 2007-06-26 04:12 94,311 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_06_13_23_21_50_small.dmp.zip 2006-04-21 16:15 2,097 -c--a-w C:\Program Files\folder.js 2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll . CODE ----a-w 68,608 2007-12-31 10:07:32 C:\Program Files\enie\ramb .exe ----a-w 256,576 2007-12-31 04:09:44 C:\Program Files\iTunes\iTunesHelper .exe ----a-w 36,975 2007-12-31 04:09:39 C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe ----a-w 1,694,208 2007-12-31 04:09:54 C:\Program Files\Messenger\msmsgs .exe ----a-w 636,416 2007-12-31 04:09:41 C:\Program Files\QuickTime\qttask .exe ----a-w 636,416 2007-12-30 19:21:32 C:\Program Files\QuickTime\qttask .exe ----a-w 636,416 2007-12-30 06:39:50 C:\Program Files\QuickTime\qttask .exe ----a-w 636,416 2007-12-27 05:10:44 C:\Program Files\QuickTime\qttask .exe ----a-w 26,112 2007-12-31 04:09:55 C:\Program Files\Real\RealPlayer\RealPlay .exe ----a-w 1,460,560 2007-12-31 22:10:05 C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe ----a-w 1,318,912 2007-12-31 22:10:04 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe ----a-w 24,104 2007-12-31 04:09:44 C:\Program Files\Zune\ZuneLauncher .exe ----a-w 158,208 2007-12-25 23:53:34 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe ----a-w 126,976 2007-12-25 23:59:08 C:\WINDOWS\system32\hkcmd .exe ----a-w 155,648 2008-01-01 01:39:48 C:\WINDOWS\system32\igfxtray .exe ----a-w 1,310,376 2007-12-25 23:59:22 C:\WINDOWS\system32\new .exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56D7D794-F317-4E36-AA1A-39BFFBC8148C}] 2007-12-31 17:39 323072 --------- C:\WINDOWS\system32\jkklj.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [ ] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-30 20:09 483328] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 122880 C:\WINDOWS\BCMSMMSG.exe] "D0D1D5D3D3D2D9D"="9B9CA09E9E9DA.exe" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2007-12-30 20:09 364544] "fns-8.exeML 4."="C:\WINDOWS\system32\fns-8.exeML 4." [2006-04-21 06:45 0] "is11"="C:\WINDOWS\system32\is11" [2007-12-31 17:40 1636864] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-30 11:21 674816] "Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-12-30 11:21 351744] "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-12-30 20:09 363008] "RegistryMechanic"="" [] C:\Documents and Settings\On The Go\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-02-16 14:03:17] MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-12-26 21:05:59] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 16:23:32] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows] "load"=C:\WINDOWS\system32\jkklj.exe [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkklj S3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;C:\WINDOWS\system32\drivers\A311.sys [2003-02-04 22:04] S3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;C:\WINDOWS\system32\drivers\A310.sys [2003-02-04 22:04] S3 USB-100;USB 10/100 Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\USBER100.SYS [2002-10-10 18:03] S3 WDNEBBFB;WDNEBBFBWinmodem icon;C:\WINDOWS\system32\DRIVERS\WDNEBBFB.sys [2000-01-28 16:36] S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 22:53] . Contents of the 'Scheduled Tasks' folder "2007-09-01 20:28:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-31 17:41:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-12-31 17:46:44 - machine was rebooted C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 01:46:26 . 2007-12-26 15:26:40 --- E O F --- ---------------------------------------------------------------- my HijackThis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:50:06 PM, on 12/31/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://s2.thezirius.com/?name=706F776572706F7765722E657865 F3 - REG:win.ini: load=C:\WINDOWS\system32\jkklj.exe O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [D0D1D5D3D3D2D9D] 9B9CA09E9E9DA.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [fns-8.exeML 4.] C:\WINDOWS\system32\fns-8.exeML 4. O4 - HKLM\..\Run: [is11] C:\WINDOWS\system32\is11 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 4500 bytes

rookie147 View Member Profile	Jan 2 2008, 04:03 PM Post #8
Forum Addict Group: HJT Team Coach Posts: 5,084 Joined: 1-April 06 Member No.: 62,052	Using My Computer, navigate to where you have HijackThis saved. Right-click on the HijackThis.exe file. Select "Rename", call it fluffybunny and press enter. Use fluffybunny.exe from now on. Then I'd like a new HijackThis log using the renamed file. Thanks, Charles -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.

madphizx View Member Profile	Jan 3 2008, 12:27 AM Post #9
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:26:49 PM, on 1/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\fluffybunny.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://s2.thezirius.com/?name=706F776572706F7765722E657865 F3 - REG:win.ini: load=C:\WINDOWS\system32\jkklj.exe O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5F6982BF-6BA0-4581-9DC7-791143C68A39} - C:\WINDOWS\system32\jkklj.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [D0D1D5D3D3D2D9D] 9B9CA09E9E9DA.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [fns-8.exeML 4.] C:\WINDOWS\system32\fns-8.exeML 4. O4 - HKLM\..\Run: [is11] C:\WINDOWS\system32\is11 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 4478 bytes

rookie147