Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack Log


  • This topic is locked This topic is locked
10 replies to this topic

#1 TheYoda

TheYoda

  • Members
  • 466 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:06:18 AM

Posted 01 April 2006 - 09:29 PM

This is my friends computer and I am his personal fixer, but I've seem to come to a dead end. I came here because my own computer had gotten Smitfraud and you guys helped me out great, so let's hope i can get some help with this one. Thanks again.

Logfile of HijackThis v1.99.1
Scan saved at 9:21:41 PM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\VG9tIENhcHJpbm8\command.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\udonhkw.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\1138215164\ee\aolsoftware.exe
c:\program files\common files\aol\1138215164\ee\aexplore.exe
c:\program files\common files\aol\1138215164\ee\aexplore.exe
c:\program files\common files\aol\1138215164\ee\aexplore.exe
c:\program files\common files\aol\1138215164\ee\aim6.exe
C:\Documents and Settings\Tom Caprino\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\system32\spxen.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,ekfhxxn.exe
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [freexstylel] lockts.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: repairs303169563.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Syncmgr - C:\WINNT\system32\lv4o09h3e.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\VG9tIENhcHJpbm8\command.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: WMP54GSVC - Unknown owner - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe" "WMP54G.exe (file missing)

"A coward dies a thousand times before his death. The valiant never taste of death but once." -William Shakespeare

Fold for your future...Help us find a cure.


BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:18 PM

Posted 02 April 2006 - 04:48 AM

Hello and welcome.. You sure have infections there. Lets get started. :thumbsup:

==

1) Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

==

2) Please get the free version of AVG.

Download & install it, configure it how you wish, update it. Next, run a scan with it (set it to scan everything it can). Remove/quarantine everything found. Reboot.

==

Post back with a fresh HijackThis log so that we can get started with the rest of the cleaning. :flowers:
Hi there, stranger!

#3 TheYoda

TheYoda
  • Topic Starter

  • Members
  • 466 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:06:18 AM

Posted 02 April 2006 - 07:10 PM

Ok, I did that and the pop-ups seem to have subsided a bit. What else can I do for the rest?

Logfile of HijackThis v1.99.1
Scan saved at 8:08:36 PM, on 4/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\VG9tIENhcHJpbm8\command.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\tcpsvcs.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Tom Caprino\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\system32\spxen.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,ekfhxxn.exe
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [cwlqnp] C:\WINNT\system32\cghanr.exe reg_run
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [xtrso] C:\WINNT\system32\cghanr.exe reg_run
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: repairs303169563.dll
O20 - Winlogon Notify: App Management - C:\WINNT\system32\n4p40e7qeh.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\VG9tIENhcHJpbm8\command.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: WMP54GSVC - Unknown owner - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe" "WMP54G.exe (file missing)

"A coward dies a thousand times before his death. The valiant never taste of death but once." -William Shakespeare

Fold for your future...Help us find a cure.


#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:18 PM

Posted 02 April 2006 - 11:19 PM

Lets continue. :thumbsup:

Please print these instructions out, or write them down, as you can't read them during the fix.

Please download Look2Me-Destroyer to your desktop.

Before continuing with the fix there is something you must do:
  • Click Start -> Run and type in: services.msc
  • Check that the following services are running and that their startup is set to automatic:
  • Seclogon, or Secondary logon service
  • Next your machine needs to be offline, manually disconnect the network cable if necessary.
  • Your antivirus, and every other security software MUST be disabled.
Now continue:
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Re-launch your Anti-virus/Firewall protection.
  • Re-connect back to the internet.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a fresh HiJackThis log. :flowers:
If Look2Me-Destroyer does not reopen automatically, reboot and try again.
Hi there, stranger!

#5 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:18 PM

Posted 08 April 2006 - 05:10 AM

Due to lack of feedback, this thread has been closed. If you're the original poster and need this Topic reopened, please PM a Staff member with the address of this thread.
Hi there, stranger!

#6 TheYoda

TheYoda
  • Topic Starter

  • Members
  • 466 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:06:18 AM

Posted 08 April 2006 - 02:59 PM

Look2Me log:
Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 4/8/2006 3:43:30 PM

Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP103\A0007566.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP103\A0007567.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP108\A0007623.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP108\A0007624.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP109\A0007641.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP109\A0007642.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007742.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007743.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007761.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007762.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007769.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007770.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007777.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007779.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007783.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007788.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007798.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007803.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP119\A0008806.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP123\A0008967.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP123\A0008976.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP123\A0008986.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP123\A0008995.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP124\A0009136.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP124\A0009138.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP124\A0009148.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP124\A0009149.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP125\A0009174.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP125\A0009175.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP128\A0009234.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP128\A0009235.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP86\A0005114.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP86\A0005182.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP86\A0005192.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP86\A0005229.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP86\A0005235.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP87\A0005246.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP87\A0005251.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP87\A0005258.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP87\A0005263.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP88\A0006263.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP88\A0007267.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP89\A0007296.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP89\A0007366.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP95\A0007478.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP95\A0007481.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP96\A0007500.dll
Infected! C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP96\A0007501.dll
Infected! C:\WINNT\system32\dnl6013se.dll
Infected! C:\WINNT\system32\enrul1991.dll
Infected! C:\WINNT\system32\fysapi.dll
Infected! C:\WINNT\system32\gpnsl3571.dll
Infected! C:\WINNT\system32\hrjo0513e.dll
Infected! C:\WINNT\system32\k208lcdu1f08.dll
Infected! C:\WINNT\system32\kedbene.dll
Infected! C:\WINNT\system32\m028lafu1d28.dll
Infected! C:\WINNT\system32\rqcrt4.dll
Infected! C:\WINNT\system32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP103\A0007566.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP103\A0007566.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP103\A0007567.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP103\A0007567.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP108\A0007623.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP108\A0007623.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP108\A0007624.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP108\A0007624.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP109\A0007641.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP109\A0007641.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP109\A0007642.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP109\A0007642.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007742.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007742.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007743.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007743.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007761.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007761.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007762.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007762.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007769.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007769.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007770.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007770.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007777.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007777.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007779.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007779.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007783.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007783.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007788.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007788.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007798.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007798.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007803.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP117\A0007803.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP119\A0008806.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP119\A0008806.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP123\A0008967.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP123\A0008967.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP123\A0008976.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP123\A0008976.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP123\A0008986.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP123\A0008986.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP123\A0008995.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP123\A0008995.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP124\A0009136.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP124\A0009136.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP124\A0009138.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP124\A0009138.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP124\A0009148.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP124\A0009148.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP124\A0009149.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP124\A0009149.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP125\A0009174.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP125\A0009174.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP125\A0009175.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP125\A0009175.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP128\A0009234.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP128\A0009234.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP128\A0009235.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP128\A0009235.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP86\A0005114.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP86\A0005114.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP86\A0005182.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP86\A0005182.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP86\A0005192.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP86\A0005192.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP86\A0005229.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP86\A0005229.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP86\A0005235.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP86\A0005235.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP87\A0005246.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP87\A0005246.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP87\A0005251.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP87\A0005251.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP87\A0005258.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP87\A0005258.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP87\A0005263.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP87\A0005263.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP88\A0006263.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP88\A0006263.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP88\A0007267.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP88\A0007267.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP89\A0007296.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP89\A0007296.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP89\A0007366.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP89\A0007366.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP95\A0007478.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP95\A0007478.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP95\A0007481.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP95\A0007481.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP96\A0007500.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP96\A0007500.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP96\A0007501.dll
C:\System Volume Information\_restore{AC54B1DA-8B53-40E9-9FD9-E145F6E89AE2}\RP96\A0007501.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\dnl6013se.dll
C:\WINNT\system32\dnl6013se.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\enrul1991.dll
C:\WINNT\system32\enrul1991.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\fysapi.dll
C:\WINNT\system32\fysapi.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\gpnsl3571.dll
C:\WINNT\system32\gpnsl3571.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\hrjo0513e.dll
C:\WINNT\system32\hrjo0513e.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\k208lcdu1f08.dll
C:\WINNT\system32\k208lcdu1f08.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\kedbene.dll
C:\WINNT\system32\kedbene.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\m028lafu1d28.dll
C:\WINNT\system32\m028lafu1d28.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\rqcrt4.dll
C:\WINNT\system32\rqcrt4.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\guard.tmp
C:\WINNT\system32\guard.tmp Deleted successfully!

Making registry repairs.


Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B712BA5A-9060-4F88-B900-47DE971932F9}"
HKCR\Clsid\{B712BA5A-9060-4F88-B900-47DE971932F9}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 3:58:27 PM, on 4/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\VG9tIENhcHJpbm8\command.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\wdfmgr.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\1138215164\ee\aolsoftware.exe
C:\WINNT\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Tom Caprino\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.dogpile.com/info.dogpl.toolbar/...orms/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.dogpile.com/info.dogpl.toolbar/...orms/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\system32\spxen.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,ekfhxxn.exe
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Dogpile Toolbar - {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} - C:\Program Files\DogpileToolbar\insptbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Dogpile Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\DogpileToolbar\contextsearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: repairs303169563.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NetCache - C:\WINNT\system32\gpnsl3571.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\VG9tIENhcHJpbm8\command.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: WMP54GSVC - Unknown owner - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe" "WMP54G.exe (file missing)

"A coward dies a thousand times before his death. The valiant never taste of death but once." -William Shakespeare

Fold for your future...Help us find a cure.


#7 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:18 PM

Posted 08 April 2006 - 03:58 PM

Welcome back. I merged your new topic to the older one. :thumbsup:

Lets continue. Go ahead and delete Look2Me-Destroyer.

==

Please download Brute Force Uninstaller to your desktop.
  • Right-click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk ( C: ) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download SideKickFix.
Save it in the same folder you made earlier (c:\BFU).

Please close ALL other open windows & explorer folder's, then double-click on sidekickFix.bat.
Click YES and follow the prompts, when prompted to restart the PC please do so.
Then please post back with a fresh HijackThis log by using AddReply. :flowers:
Hi there, stranger!

#8 TheYoda

TheYoda
  • Topic Starter

  • Members
  • 466 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:06:18 AM

Posted 08 April 2006 - 04:33 PM

Ok the first time I ran it, it stopped responding, but Idid it over and it worked fine. I don't know if that will change anything, but that's what happened.

Logfile of HijackThis v1.99.1
Scan saved at 5:30:33 PM, on 4/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\VG9tIENhcHJpbm8\command.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\wdfmgr.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tom Caprino\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.dogpile.com/info.dogpl.toolbar/...orms/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.dogpile.com/info.dogpl.toolbar/...orms/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\system32\spxen.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,ekfhxxn.exe
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Dogpile Toolbar - {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} - C:\Program Files\DogpileToolbar\insptbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Dogpile Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\DogpileToolbar\contextsearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: repairs303169563.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NetCache - C:\WINNT\system32\gpnsl3571.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\VG9tIENhcHJpbm8\command.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: WMP54GSVC - Unknown owner - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe" "WMP54G.exe (file missing)

"A coward dies a thousand times before his death. The valiant never taste of death but once." -William Shakespeare

Fold for your future...Help us find a cure.


#9 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:18 PM

Posted 08 April 2006 - 04:49 PM

Well.. It didn't work at-all.

But that isn't too bad.. We'll just remove it another way. :thumbsup:

Please print these instructions out, or save them to a notepad file, as you can't read them during the fix.

Lets try the following. Please run a scan with HijackThis and check the following object for removal:

O20 - Winlogon Notify: NetCache - C:\WINNT\system32\gpnsl3571.dll (file missing)

Now close ALL other open windows except for HijackThis and hit FIX CHECKED.

==

Please download NTrights.zip by freeatlast.Please reboot.

Double-click the Debug.bat again after reboot.

It will create a log.
If the log says:
"Granting SeDebugPrivilege to Administrators ... successful", you must be ok and things restored well.

==

Then lets go to the actual next fix:

Please download the trial version of Ewido Anti-malware here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

==

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


==

Please run a scan with Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily. (Maybe Desktop)
  • Close Ewido Anti-Malware.
==

Now, reboot back into Normal mode, open the Report.txt file and copy & paste it's content to this thread along with a fresh HijackThis log. :flowers:
Hi there, stranger!

#10 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:18 PM

Posted 16 April 2006 - 04:55 AM

Are you still in need of help or should I close the topic up due to lack of response?

I really don't have time for stuff like this.
Hi there, stranger!

#11 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:18 PM

Posted 16 April 2006 - 10:00 AM

Topic closed due to user request.
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users