Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Surf Side Kick Problems


  • This topic is locked This topic is locked
76 replies to this topic

#1 madphizx

madphizx

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:01 AM

Posted 20 December 2007 - 06:25 PM

I have surf side kick virus and dont know how to take it off and internet explorer keeps popping up and i want it off my computer cause i use firefox heres my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:45 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\RGVsbA\command.exe
C:\WINDOWS\system32\dfcnibbs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\NewDotNet\nnrun.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\dpkkleo.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\TEMP\win2E.tmp.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\NewDotNet\nnrun.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.adnet-plus.com/banners.php
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\vavyx.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,gvddixd.exe
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\Downloaded Program Files\webdlg32.dll
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [D4C80W] C:\WINDOWS\cxyql.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [Yiewtq] C:\Program Files\Yltpjo\Ukeo.exe
O4 - HKLM\..\Run: [# L"h'9œ3rWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\cxyql.exe
O4 - HKLM\..\Run: [# L"h'9œ3rWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\cxyql.exe
O4 - HKLM\..\Run: [webrebates] "C:\Program Files\WebRebates4\webrebates.exe"
O4 - HKLM\..\Run: [kcsrihv] C:\WINDOWS\kcsrihv.exe
O4 - HKLM\..\Run: [D0D1D5D3D3D2D9D] 9B9CA09E9E9DA.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [ula0U] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e127.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad17.exe
O4 - HKLM\..\Run: [newname] C:\\nwnm_1.exe
O4 - HKLM\..\Run: [{65-54-47-77-ZN}] C:\windows\system32\qodsregn.exe CORN001
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [mmxp2passion.exe] C:\WINDOWS\system32\mmxp2passion.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
O4 - HKLM\..\Run: [Tagasuarus7.exerg] C:\WINDOWS\system32\Tagasuarus7.exerg
O4 - HKLM\..\Run: [expload.exe] C:\WINDOWS\system32\expload.exe
O4 - HKLM\..\Run: [fns-8.exeML 4.] C:\WINDOWS\system32\fns-8.exeML 4.
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [w00a3f75.dll] RUNDLL32.EXE w00a3f75.dll,I2 0008893d000a3f75
O4 - HKLM\..\Run: [fns-8.exe] C:\WINDOWS\system32\fns-8.exe
O4 - HKLM\..\Run: [is11] C:\WINDOWS\system32\is11
O4 - HKLM\..\Run: [# {"h'9œ3r WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\cxyql.exe
O4 - HKLM\..\Run: [edkiuc] C:\WINDOWS\system32\edkiuc.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_127.exe
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [dpkkleoA] C:\WINDOWS\dpkkleoA.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lwinprdq.exe CORN001
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [new.exe] C:\WINDOWS\system32\new.exe
O4 - HKLM\..\Run: [win3207585-522824] C:\WINDOWS\win3207585-522824.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [w004c0bf.dll] RUNDLL32.EXE w004c0bf.dll,I2 0008893d0004c0bf
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu361.exe 61A847B5BBF72811349A284503996897C881250221C8670836AC4FA7C88332017491394662E901F3D29332022288670A26F362E9AEE45B6C46E45F351EA453BC94DA7C57319D394827B144
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\xhrdccwy.dll",sitypnow
O4 - HKLM\..\Run: [AppID] C:\WINDOWS\system32\fqfuxr.exe reg_run
O4 - HKLM\..\Run: [zcdyxmba] rundll32.exe "C:\Program Files\tofezibc\xcfmbujo.dll",Init
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win2E.tmp.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvcub.dll,startup
O4 - HKLM\..\Run: [xatczoti] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\xatczoti.dll"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ibyfkzop] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ibyfkzop.dll"
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - S-1-5-18 Startup: Zeno.lnk = C:\WINDOWS\system32\lwinprag.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Zeno.lnk = C:\WINDOWS\system32\lwinprag.exe (User 'Default user')
O4 - .DEFAULT Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab
O18 - Filter hijack: text/html - {D55E80B0-433D-442F-A524-060DEA41DEE0} - C:\WINDOWS\system32\icda0wpw5.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGVsbA\command.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\dfcnibbs.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NNServ - New.net, Inc. - C:\Program Files\NewDotNet\nnrun.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\dpkkleo.exe

--
End of file - 10329 bytes

Edited by madphizx, 20 December 2007 - 06:31 PM.


BC AdBot (Login to Remove)

 


#2 madphizx

madphizx
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:01 AM

Posted 20 December 2007 - 06:29 PM

also, my computer wont let me install the spybot program, the install thing pops up and to install it then it goes away, every time i try to install it even in my taskmanager, it justs goes away every 5 seconds, same thing to the registry mechanics program

Edited by madphizx, 20 December 2007 - 06:30 PM.


#3 madphizx

madphizx
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:01 AM

Posted 22 December 2007 - 12:14 AM

can anyone help me?

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 23 December 2007 - 12:35 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:
Preparation Guide For Use Before Posting A HijackThis Log
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 madphizx

madphizx
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:01 AM

Posted 29 December 2007 - 05:32 PM

srry 4 the wait

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:39 PM, on 12/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://s2.thezirius.com/?name=706F776572706F7765722E657865
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkklj.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,gvddixd.exe
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [D0D1D5D3D3D2D9D] 9B9CA09E9E9DA.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [fns-8.exeML 4.] C:\WINDOWS\system32\fns-8.exeML 4.
O4 - HKLM\..\Run: [is11] C:\WINDOWS\system32\is11
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win2E.tmp .exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\xhrdccwy.dll",sitypnow
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e127.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_127.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab
O18 - Filter hijack: text/html - {D55E80B0-433D-442F-A524-060DEA41DEE0} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5397 bytes

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 30 December 2007 - 09:47 AM

Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply.

I'd also like a new Hijackthis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 madphizx

madphizx
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:01 AM

Posted 31 December 2007 - 08:50 PM

ComboFix 07-12-31.4 - On The Go 2007-12-31 14:31:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.108 [GMT -8:00]
Running from: C:\Documents and Settings\On The Go\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\2.exe
C:\Documents and Settings\Administrator\Application Data\Starware
C:\Documents and Settings\Administrator\Application Data\Starware\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Administrator\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Administrator\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Administrator\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Administrator\Application Data\Starware\Games\GamesOptions.xml
C:\Documents and Settings\Administrator\Application Data\Starware\Games\GamesOptions.xml.backup
C:\Documents and Settings\Administrator\Application Data\Starware\Layouts\PreferencesLayout.xml
C:\Documents and Settings\Administrator\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\Administrator\Application Data\Starware\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Administrator\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Administrator\Application Data\Starware\Manager\ManagerOptions.xml
C:\Documents and Settings\Administrator\Application Data\Starware\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Administrator\Application Data\Starware\Movies\MoviesOptions.xml
C:\Documents and Settings\Administrator\Application Data\Starware\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Administrator\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml
C:\Documents and Settings\Administrator\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup
C:\Documents and Settings\Administrator\Application Data\Starware\Reference\ReferenceOptions.xml
C:\Documents and Settings\Administrator\Application Data\Starware\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Administrator\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Administrator\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Administrator\Application Data\Starware\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\Administrator\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\Administrator\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Administrator\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Administrator\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\Administrator\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\Administrator\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\Administrator\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\Administrator\Application Data\Starware\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Administrator\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Administrator\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Administrator\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Administrator\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Administrator\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Administrator\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Administrator\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\Program Files\asks~1
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\icroso~1
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\pppatc~1
C:\Program Files\Common Files\pppatc~1\?ppPatch\
C:\Program Files\Common Files\sks~1
C:\Program Files\Common Files\smante~1
C:\Program Files\Common Files\stem~1
C:\Program Files\Common Files\windows
C:\Program Files\crosof~1.net
C:\Program Files\deskbar
C:\Program Files\folder.js\
C:\Program Files\Helper
C:\Program Files\ini.ini\
C:\Program Files\Insider
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\racle~1
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Temporary
C:\Program Files\winupdates
C:\Program Files\winupdates\a.zip
C:\Program Files\wnsxs~1
C:\temp\tn3
C:\WINDOWS\curity~1
C:\WINDOWS\default.htm
C:\WINDOWS\dobe~1
C:\WINDOWS\keyboard131.dat
C:\WINDOWS\keyboard171.dat
C:\WINDOWS\keyboard31.dat
C:\WINDOWS\keyboard71.dat
C:\WINDOWS\keyboard91.dat
C:\WINDOWS\saiemod.dll
C:\WINDOWS\satmat.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\sysrlb32.exe
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\awpkbrrb.ini
C:\WINDOWS\system32\bbhikghc.dll
C:\WINDOWS\system32\brrbkpwa.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cemetrix.dll
C:\WINDOWS\system32\chgkihbb.ini
C:\WINDOWS\system32\dajbfpnt.exe
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\drivers\alert_icon.gif
C:\WINDOWS\system32\drivers\close_icon.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\header_bg.gif
C:\WINDOWS\system32\drivers\icon_warning.gif
C:\WINDOWS\system32\drivers\remove_spyware_button.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\secuity_center_logo.gif
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\jkklj.exe
C:\WINDOWS\system32\jlkkj.ini
C:\WINDOWS\system32\jlkkj.ini2
C:\WINDOWS\system32\kmukumfs.dll
C:\WINDOWS\system32\lclcfg32.ini
C:\WINDOWS\system32\lfd32.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mnqru.bak1
C:\WINDOWS\system32\mnqru.bak2
C:\WINDOWS\system32\mnqru.ini
C:\WINDOWS\system32\njprckha
C:\WINDOWS\system32\njprckha\bg1.gif
C:\WINDOWS\system32\njprckha\bgtop.gif
C:\WINDOWS\system32\njprckha\bottom1.gif
C:\WINDOWS\system32\njprckha\essentials.gif
C:\WINDOWS\system32\njprckha\icon1.ico
C:\WINDOWS\system32\njprckha\install1.gif
C:\WINDOWS\system32\njprckha\left1.gif
C:\WINDOWS\system32\njprckha\li.gif
C:\WINDOWS\system32\njprckha\logo.gif
C:\WINDOWS\system32\njprckha\main.htm
C:\WINDOWS\system32\njprckha\mainframe.htm
C:\WINDOWS\system32\njprckha\reinstall1.gif
C:\WINDOWS\system32\njprckha\right1.gif
C:\WINDOWS\system32\njprckha\s1.htm
C:\WINDOWS\system32\njprckha\s2.htm
C:\WINDOWS\system32\njprckha\s3.htm
C:\WINDOWS\system32\njprckha\SMTop1.gif
C:\WINDOWS\system32\njprckha\SMTop2.gif
C:\WINDOWS\system32\njprckha\SMTop3.gif
C:\WINDOWS\system32\njprckha\SMTop4.gif
C:\WINDOWS\system32\njprckha\soft1_off.gif
C:\WINDOWS\system32\njprckha\soft1_off_ext.gif
C:\WINDOWS\system32\njprckha\soft1_on.gif
C:\WINDOWS\system32\njprckha\soft1_on_ext.gif
C:\WINDOWS\system32\njprckha\soft2_off.gif
C:\WINDOWS\system32\njprckha\soft2_off_ext.gif
C:\WINDOWS\system32\njprckha\soft2_on.gif
C:\WINDOWS\system32\njprckha\soft2_on_ext.gif
C:\WINDOWS\system32\njprckha\soft3_off.gif
C:\WINDOWS\system32\njprckha\soft3_off_ext.gif
C:\WINDOWS\system32\njprckha\soft3_on.gif
C:\WINDOWS\system32\njprckha\soft3_on_ext.gif
C:\WINDOWS\system32\njprckha\softbottom_off.gif
C:\WINDOWS\system32\njprckha\softbottom_on.gif
C:\WINDOWS\system32\njprckha\softleft_off.gif
C:\WINDOWS\system32\njprckha\softleft_on.gif
C:\WINDOWS\system32\njprckha\top1.gif
C:\WINDOWS\system32\njprckha\top2.gif
C:\WINDOWS\system32\njprckha\turnoff1.gif
C:\WINDOWS\system32\njprckha\turnon1.gif
C:\WINDOWS\system32\sfmukumk.ini
C:\WINDOWS\system32\sl.bin
C:\WINDOWS\system32\sstem~1
C:\WINDOWS\system32\stem32~1
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\vhrmeowh.dll
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\system32\xhrdccwy.dll
C:\WINDOWS\system32\ywccdrhx.ini
C:\WINDOWS\TEMP.\salm.exe
C:\WINDOWS\win3207585-5228242007.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\ystem~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NNSERV
-------\DomainService
-------\NNServ


((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 )))))))))))))))))))))))))))))))
.

2007-12-31 17:39 . 2007-12-31 17:39 323,072 --------- C:\WINDOWS\system32\jkklj.dll
2007-12-31 14:26 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 20:09 . 2007-12-30 20:09 326,656 --a------ C:\WINDOWS\system32\RCX21.tmp
2007-12-30 19:59 . 2007-12-30 19:59 12,288 --a------ C:\Program Files\77006729.exe
2007-12-30 19:26 . 2007-12-30 19:26 12,288 --a------ C:\Program Files\75008176.exe
2007-12-30 15:56 . 2007-12-30 15:56 12,288 --a------ C:\Program Files\62409700.exe
2007-12-30 11:21 . 2007-12-30 11:21 326,656 --a------ C:\WINDOWS\system32\RCX98.tmp
2007-12-29 23:48 . 2007-12-29 23:48 <DIR> d-------- C:\Program Files\AliveMedia
2007-12-29 22:39 . 2007-12-29 22:39 326,656 --a------ C:\WINDOWS\system32\RCX20.tmp
2007-12-29 22:34 . 2007-12-29 22:34 <DIR> d-------- C:\Program Files\4U Computing
2007-12-29 22:34 . 2003-03-26 06:59 573,440 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2007-12-29 22:34 . 2002-12-03 03:02 491,520 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
2007-12-29 22:34 . 2003-03-25 15:08 286,720 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll
2007-12-29 22:34 . 2002-12-03 03:07 168,448 --a------ C:\WINDOWS\system32\NCTAudioPlayer.dll
2007-12-29 22:34 . 2002-12-03 03:11 143,872 --a------ C:\WINDOWS\system32\NCTWMAFile.dll
2007-12-29 22:34 . 2002-03-19 07:18 120,832 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-12-29 14:25 . 2007-12-29 14:25 294 --ahs---- C:\WINDOWS\system32\hasypgva.ini
2007-12-27 00:01 . 2007-12-27 00:01 <DIR> d--h----- C:\temp\pt8q3khslw
2007-12-26 21:10 . 2007-12-26 21:10 326,656 --a------ C:\WINDOWS\system32\RCX91.tmp
2007-12-26 21:06 . 2007-12-27 18:21 1,609,728 --a------ C:\WINDOWS\MEDB.mdb
2007-12-26 21:06 . 2007-05-01 14:23 528,384 --a------ C:\WINDOWS\system32\VZWDownManager.exe
2007-12-26 21:06 . 2007-05-01 14:23 49,152 --a------ C:\WINDOWS\system32\VZWDLManager.dll
2007-12-26 21:06 . 2007-05-02 00:34 375 --a------ C:\WINDOWS\system32\VZWDLManager.inf
2007-12-26 21:05 . 2007-12-26 21:05 <DIR> d-------- C:\Program Files\Verizon Wireless
2007-12-26 13:36 . 2007-12-26 13:36 <DIR> d-------- C:\Documents and Settings\On The Go\Application Data\Apple Computer
2007-12-26 13:35 . 2007-12-26 21:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-26 13:35 . 2007-12-26 13:35 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-25 23:39 . 2007-12-25 23:38 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-25 23:38 . 2007-12-26 13:34 <DIR> d-------- C:\Documents and Settings\On The Go\.housecall6.6
2007-12-25 23:26 . 2007-12-26 21:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-25 21:54 . 2007-12-25 21:54 <DIR> d----c--- C:\Linksys Driver
2007-12-25 15:53 . 2007-12-25 15:59 1,310,376 --a------ C:\WINDOWS\system32\new .exe
2007-12-25 15:53 . 2007-12-25 15:53 326,656 --a------ C:\WINDOWS\system32\RCX38.tmp
2007-12-25 15:52 . 2007-12-31 17:39 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe
2007-12-25 15:52 . 2007-12-25 15:59 126,976 --a------ C:\WINDOWS\system32\hkcmd .exe
2007-12-25 13:31 . 2007-12-30 11:20 <DIR> d-------- C:\Documents and Settings\On The Go\Application Data\uTorrent
2007-12-25 13:28 . 2007-12-25 13:28 <DIR> d-------- C:\Program Files\LG Electronics
2007-12-25 13:28 . 2007-04-09 09:55 22,912 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2007-12-25 13:28 . 2007-04-09 09:56 21,248 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
2007-12-25 13:28 . 2007-04-09 09:53 12,672 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2007-12-25 13:26 . 2007-12-25 13:26 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-20 15:37 . 2007-12-31 14:46 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-20 15:37 . 2007-12-20 15:37 <DIR> d-------- C:\Documents and Settings\On The Go\Application Data\SUPERAntiSpyware.com
2007-12-20 15:37 . 2007-12-20 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-20 15:36 . 2007-12-20 15:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-17 21:48 . 2007-12-17 21:48 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-17 21:34 . 2007-12-30 22:21 <DIR> d-------- C:\Documents and Settings\On The Go\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 22:46 --------- d-----w C:\Program Files\QuickTime
2007-12-31 16:23 78,880 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-31 11:01 2,053,664 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-31 07:29 512 ----a-w C:\ScanSectorLog.dat
2007-12-31 04:09 483,328 ----a-w C:\WINDOWS\system32\igfxtray.exe
2007-12-31 04:09 --------- d-----w C:\Program Files\Zune
2007-12-31 04:09 --------- d-----w C:\Program Files\iTunes
2007-12-31 04:09 --------- d-----w C:\Program Files\enie
2007-12-25 23:53 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
2007-12-25 23:52 371,712 ----a-w C:\WINDOWS\system32\ezSP_Px.exe
2007-12-25 23:16 --------- d-----w C:\Program Files\uTorrent
2007-12-25 21:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-21 01:06 --------- d-----w C:\Program Files\EQTraffic
2007-12-21 00:59 --------- d-----w C:\Program Files\Common Files\rmww
2007-12-18 06:32 --------- d-----w C:\Documents and Settings\On The Go\Application Data\LimeWire
2007-11-25 06:31 149 ----a-w C:\Program Files\ini.ini
2007-11-25 06:26 --------- d-----w C:\Program Files\LimeWire
2007-11-20 17:50 --------- d-----w C:\Program Files\IMVU
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-08-04 13:06 1,972 ----a-w C:\Program Files\installer.js
2007-06-26 04:12 94,311 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_06_13_23_21_50_small.dmp.zip
2006-04-21 16:15 2,097 -c--a-w C:\Program Files\folder.js
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.
----a-w			68,608 2007-12-31 10:07:32  C:\Program Files\enie\ramb .exe
----a-w		   256,576 2007-12-31 04:09:44  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			36,975 2007-12-31 04:09:39  C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
----a-w		 1,694,208 2007-12-31 04:09:54  C:\Program Files\Messenger\msmsgs .exe
----a-w		   636,416 2007-12-31 04:09:41  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   636,416 2007-12-30 19:21:32  C:\Program Files\QuickTime\qttask	.exe
----a-w		   636,416 2007-12-30 06:39:50  C:\Program Files\QuickTime\qttask   .exe
----a-w		   636,416 2007-12-27 05:10:44  C:\Program Files\QuickTime\qttask .exe
----a-w			26,112 2007-12-31 04:09:55  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w		 1,460,560 2007-12-31 22:10:05  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w		 1,318,912 2007-12-31 22:10:04  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
----a-w			24,104 2007-12-31 04:09:44  C:\Program Files\Zune\ZuneLauncher .exe
----a-w		   158,208 2007-12-25 23:53:34  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w		   126,976 2007-12-25 23:59:08  C:\WINDOWS\system32\hkcmd .exe
----a-w		   155,648 2008-01-01 01:39:48  C:\WINDOWS\system32\igfxtray .exe
----a-w		 1,310,376 2007-12-25 23:59:22  C:\WINDOWS\system32\new .exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56D7D794-F317-4E36-AA1A-39BFFBC8148C}]
2007-12-31 17:39 323072 --------- C:\WINDOWS\system32\jkklj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-30 20:09 483328]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"D0D1D5D3D3D2D9D"="9B9CA09E9E9DA.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2007-12-30 20:09 364544]
"fns-8.exeML 4."="C:\WINDOWS\system32\fns-8.exeML 4." [2006-04-21 06:45 0]
"is11"="C:\WINDOWS\system32\is11" [2007-12-31 17:40 1636864]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-30 11:21 674816]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-12-30 11:21 351744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-12-30 20:09 363008]
"RegistryMechanic"="" []

C:\Documents and Settings\On The Go\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-02-16 14:03:17]
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-12-26 21:05:59]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 16:23:32]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\jkklj.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkklj

S3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;C:\WINDOWS\system32\drivers\A311.sys [2003-02-04 22:04]
S3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;C:\WINDOWS\system32\drivers\A310.sys [2003-02-04 22:04]
S3 USB-100;USB 10/100 Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\USBER100.SYS [2002-10-10 18:03]
S3 WDNEBBFB;WDNEBBFBWinmodem icon;C:\WINDOWS\system32\DRIVERS\WDNEBBFB.sys [2000-01-28 16:36]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 22:53]

.
Contents of the 'Scheduled Tasks' folder
"2007-09-01 20:28:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 17:41:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-31 17:46:44 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 01:46:26
.
2007-12-26 15:26:40 --- E O F ---

----------------------------------------------------------------
my HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:06 PM, on 12/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://s2.thezirius.com/?name=706F776572706F7765722E657865
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkklj.exe
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [D0D1D5D3D3D2D9D] 9B9CA09E9E9DA.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [fns-8.exeML 4.] C:\WINDOWS\system32\fns-8.exeML 4.
O4 - HKLM\..\Run: [is11] C:\WINDOWS\system32\is11
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4500 bytes

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 02 January 2008 - 04:03 PM

Using My Computer, navigate to where you have HijackThis saved.
Right-click on the HijackThis.exe file.
Select "Rename", call it fluffybunny and press enter.
Use fluffybunny.exe from now on.

Then I'd like a new HijackThis log using the renamed file.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 madphizx

madphizx
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:01 AM

Posted 03 January 2008 - 12:27 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:49 PM, on 1/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\fluffybunny.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://s2.thezirius.com/?name=706F776572706F7765722E657865
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkklj.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5F6982BF-6BA0-4581-9DC7-791143C68A39} - C:\WINDOWS\system32\jkklj.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [D0D1D5D3D3D2D9D] 9B9CA09E9E9DA.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [fns-8.exeML 4.] C:\WINDOWS\system32\fns-8.exeML 4.
O4 - HKLM\..\Run: [is11] C:\WINDOWS\system32\is11
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4478 bytes

#10 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 03 January 2008 - 09:48 AM

Please print off a copy of these instructions, and also save them to a Notepad file on your Desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

F3 - REG:win.ini: load=C:\WINDOWS\system32\jkklj.exe
O2 - BHO: (no name) - {5F6982BF-6BA0-4581-9DC7-791143C68A39} - C:\WINDOWS\system32\jkklj.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [D0D1D5D3D3D2D9D] 9B9CA09E9E9DA.exe
O4 - HKLM\..\Run: [fns-8.exeML 4.] C:\WINDOWS\system32\fns-8.exeML 4.
O4 - HKLM\..\Run: [is11] C:\WINDOWS\system32\is11


Then close all other windows - you should only see HijackThis on your Desktop - and click the Fix checked button.

Reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Set your system to show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders".
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Find and delete the following files (if present):

C:\WINDOWS\system32\fns-8.exe
C:\WINDOWS\system32\jkklj.dll

Navigate to Start | Search | All files and folders.
Expand More advanced options, check 'Search system folders', 'Search hidden files and folders' and 'Search subfolders'.
Paste this into the All or part of the file name box:9B9CA09E9E9DA.exe
is11

Then click Search.
If you find any examples of these, please remove them.

Reboot into Normal Mode again.

You're using an outdated version of Java (the latest one is Java Runtime Environment (JRE) 6u3), and these can be exploited by malware, so you need to update it as soon as possible. Please update and remove the older versions from your computer. Do the following:
Go to Start | Control Panel | Add/Remove Programs
Search in the list for all previous installed versions of Java (J2SE Runtime Environment ...)
Select it and click Remove.
Then download and install the newest version from here:
Java Runtime Environment (JRE) 6u3

Then I'd like to see a new Combofix and Hijackthis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#11 madphizx

madphizx
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:01 AM

Posted 18 January 2008 - 10:43 PM

hey sorry for the wait and i tryed the combo fix thing and it kept just leaving me with a blank desktop and i waited 2 more hours and still the same so all i have is the hijackthis log, also at randoms times a message comes up about a debugger and i look on my taskmanager and it says windows with like 200,000 mem usages and it just crashes can u help me fix that!!! thx!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39, on 2008-01-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\StorageProtector\strpmon .exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Common Files\StorageProtector\strpmon .exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\fluffybunny.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://storageprotector.com/clean/sale.php...26676&addt=
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {61821B57-6935-4430-8D44-5E3A2F6D9AA3} - C:\WINDOWS\system32\jkklj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\jikvpvpu.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Five 01 else bias] C:\Documents and Settings\All Users\Application Data\Web Okay Five 01\atom nurb.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [e0d654d8] rundll32.exe "C:\WINDOWS\system32\nowqqmyd.dll",b
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StorageProtector] C:\Program Files\StorageProtector\SysRep .exe
O4 - HKLM\..\Run: [ucookw] "C:\PROGRA~1\STORAG~1\ucookw.exe" -start
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(2)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(3)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(4)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(5)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(6)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKCU\..\Run: [CLOSESTART] C:\DOCUME~1\ONTHEG~1\APPLIC~1\CREATI~1\idlescrpoll.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - Winlogon Notify: jikvpvpu - C:\WINDOWS\SYSTEM32\jikvpvpu.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8001 bytes

#12 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 19 January 2008 - 03:55 PM

Please download VundoFix to your Desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove.
VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please include VundoFix.txt and a new HijackThis log in your next reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#13 madphizx

madphizx
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:01 AM

Posted 20 January 2008 - 03:38 AM

well i followed the steps just like you said and i didnt get no log from the vundo fix but i have a hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:26 AM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher .exe
C:\Program Files\Common Files\StorageProtector\strpmon .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Common Files\StorageProtector\strpmon .exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\enie\ramb.exe
C:\Program Files\enie\ramb.exe
C:\Program Files\enie\ramb.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ad-w-a-r-e.com/cgi-bin/PopupV3?...=1&rnd=7872
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkklj.exe
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Five 01 else bias] C:\Documents and Settings\All Users\Application Data\Web Okay Five 01\atom nurb.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StorageProtector] C:\Program Files\StorageProtector\SysRep .exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(2)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(3)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(4)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(5)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(6)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(7)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(8)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(9)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(10)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(11)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKCU\..\Run: [Tgoeq] C:\Documents and Settings\limewire\My Documents\W?nSxS\??chost.exe
O4 - HKCU\..\Run: [Ojaph] "C:\Documents and Settings\limewire\Application Data\?ystem\l?ass.exe"
O4 - HKCU\..\Run: [Hrtd] "C:\Program Files\enie\ramb.exe" -vt yazb
O4 - HKCU\..\Run: [CLOSESTART] C:\DOCUME~1\limewire\APPLIC~1\CREATI~1\idlescrpoll.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\fsyshiiz.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 8446 bytes

#14 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 21 January 2008 - 02:27 AM

If you look in the root of your C:\ drive, is there a log?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#15 madphizx

madphizx
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:01 AM

Posted 21 January 2008 - 07:11 PM

nvm i found it may bad lol

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 9:09:26 PM 1/19/2008

Listing files found while scanning....

C:\windows\system32\jikvpvpu.dll
C:\windows\system32\jikvpvpu.dllbox
C:\windows\system32\jkklj.dll
C:\windows\system32\jlkkj.ini
C:\windows\system32\jlkkj.ini2

Beginning removal...

Attempting to delete C:\windows\system32\jikvpvpu.dll
C:\windows\system32\jikvpvpu.dll Has been deleted!

Attempting to delete C:\windows\system32\jikvpvpu.dllbox
C:\windows\system32\jikvpvpu.dllbox Has been deleted!

Attempting to delete C:\windows\system32\jkklj.dll
C:\windows\system32\jkklj.dll Could not be deleted.

Attempting to delete C:\windows\system32\jlkkj.ini
C:\windows\system32\jlkkj.ini Has been deleted!

Attempting to delete C:\windows\system32\jlkkj.ini2
C:\windows\system32\jlkkj.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 11:35:05 PM 1/19/2008

Listing files found while scanning....

C:\windows\system32\jkklj.dll
C:\windows\system32\jlkkj.ini
C:\windows\system32\jlkkj.ini2

Beginning removal...

Attempting to delete C:\windows\system32\jkklj.dll
C:\windows\system32\jkklj.dll Has been deleted!

Attempting to delete C:\windows\system32\jlkkj.ini
C:\windows\system32\jlkkj.ini Has been deleted!

Attempting to delete C:\windows\system32\jlkkj.ini2
C:\windows\system32\jlkkj.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\jkklj.dll
C:\windows\system32\jkklj.dll Could not be deleted.

Attempting to delete C:\windows\system32\jlkkj.ini
C:\windows\system32\jlkkj.ini Has been deleted!

Attempting to delete C:\windows\system32\jlkkj.ini2
C:\windows\system32\jlkkj.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Beginning removal...

Edited by madphizx, 21 January 2008 - 07:12 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users