Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Surfsidekick And Alot Of Dll Errors At Startup


  • This topic is locked This topic is locked
8 replies to this topic

#1 getbizzier

getbizzier

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 26 June 2006 - 12:42 AM

I am trying to fix a friends computer he has surf sidekick and the w000___.dll files at startup he is on a Win XP ver. 2002 SP2 AMD atholon xp2500 1.82ghz 512ram tried his virus program but it restarts when i do a scan. the spybot wont let me remove the SSk.exe file and the C:/program files/surf sidekick 3/ssk.exe \u didint work here is he Hijack log and thank you for your help

Logfile of HijackThis v1.99.1
Scan saved at 1:35:27 AM, on 6/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\s?stem32\l?ass.exe
C:\Program Files\Common Files\AOL\1149029634\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1149029634\ee\AOLServiceHost.exe
C:\hijack\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,eybpcev.exe
O2 - BHO: (no name) - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [404240494247444A] 595B59625B605D.exe
O4 - HKLM\..\Run: [win32103-213504080] C:\WINDOWS\win32103-213504080.exe
O4 - HKLM\..\Run: [sys02135040803-2] C:\WINDOWS\sys02135040803-2.exe
O4 - HKLM\..\Run: [win320903-21350408] C:\WINDOWS\win320903-21350408.exe
O4 - HKLM\..\Run: [w290ee41.dll] RUNDLL32.EXE w290ee41.dll,I2 00003ff00290ee41
O4 - HKLM\..\Run: [w0006532.dll] RUNDLL32.EXE w0006532.dll,I2 00003ff000006532
O4 - HKLM\..\Run: [w00d6f74.dll] RUNDLL32.EXE w00d6f74.dll,I2 00003ff0000d6f74
O4 - HKLM\..\Run: [w0006188.dll] RUNDLL32.EXE w0006188.dll,I2 00003ff000006188
O4 - HKLM\..\Run: [w0006b0e.dll] RUNDLL32.EXE w0006b0e.dll,I2 00003ff000006b0e
O4 - HKLM\..\Run: [w0008155.dll] RUNDLL32.EXE w0008155.dll,I2 00003ff000008155
O4 - HKLM\..\Run: [w01ff045.dll] RUNDLL32.EXE w01ff045.dll,I2 00003ff0001ff045
O4 - HKLM\..\Run: [w0d54876.dll] RUNDLL32.EXE w0d54876.dll,I2 00003ff000d54876
O4 - HKLM\..\Run: [w0007c34.dll] RUNDLL32.EXE w0007c34.dll,I2 00003ff000007c34
O4 - HKLM\..\Run: [w0005bdb.dll] RUNDLL32.EXE w0005bdb.dll,I2 00003ff000005bdb
O4 - HKLM\..\Run: [w0005b3f.dll] RUNDLL32.EXE w0005b3f.dll,I2 00003ff000005b3f
O4 - HKLM\..\Run: [w0005d43.dll] RUNDLL32.EXE w0005d43.dll,I2 00003ff000005d43
O4 - HKLM\..\Run: [w0375826.dll] RUNDLL32.EXE w0375826.dll,I2 00003ff000375826
O4 - HKLM\..\Run: [w00063ca.dll] RUNDLL32.EXE w00063ca.dll,I2 00003ff0000063ca
O4 - HKLM\..\Run: [w0005a83.dll] RUNDLL32.EXE w0005a83.dll,I2 00003ff000005a83
O4 - HKLM\..\Run: [w00061c7.dll] RUNDLL32.EXE w00061c7.dll,I2 00003ff0000061c7
O4 - HKLM\..\Run: [w040940b.dll] RUNDLL32.EXE w040940b.dll,I2 00003ff00040940b
O4 - HKLM\..\Run: [w0006aa0.dll] RUNDLL32.EXE w0006aa0.dll,I2 00003ff000006aa0
O4 - HKLM\..\Run: [w0011364.dll] RUNDLL32.EXE w0011364.dll,I2 00003ff000011364
O4 - HKLM\..\Run: [defender] C:\\defender23.exe
O4 - HKLM\..\Run: [w0006c37.dll] RUNDLL32.EXE w0006c37.dll,I2 00003ff000006c37
O4 - HKLM\..\Run: [w0005851.dll] RUNDLL32.EXE w0005851.dll,I2 00003ff000005851
O4 - HKLM\..\Run: [w0375335.dll] RUNDLL32.EXE w0375335.dll,I2 00003ff000375335
O4 - HKLM\..\Run: [w0006002.dll] RUNDLL32.EXE w0006002.dll,I2 00003ff000006002
O4 - HKLM\..\Run: [w000735b.dll] RUNDLL32.EXE w000735b.dll,I2 00003ff00000735b
O4 - HKLM\..\Run: [w0006d02.dll] RUNDLL32.EXE w0006d02.dll,I2 00003ff000006d02
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [w0376d25.dll] RUNDLL32.EXE w0376d25.dll,I2 00003ff000376d25
O4 - HKLM\..\Run: [w000664b.dll] RUNDLL32.EXE w000664b.dll,I2 00003ff00000664b
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149029634\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [w0006561.dll] RUNDLL32.EXE w0006561.dll,I2 00003ff000006561
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [w0024f4f.dll] RUNDLL32.EXE w0024f4f.dll,I2 00003ff000024f4f
O4 - HKLM\..\Run: [ljcaodvA] C:\WINDOWS\ljcaodvA.exe
O4 - HKLM\..\Run: [gysegyqA] C:\WINDOWS\gysegyqA.exe
O4 - HKLM\..\Run: [w0006d8e.dll] RUNDLL32.EXE w0006d8e.dll,I2 00003ff000006d8e
O4 - HKLM\..\Run: [w000687e.dll] RUNDLL32.EXE w000687e.dll,I2 00003ff00000687e
O4 - HKLM\..\Run: [w0051f86.dll] RUNDLL32.EXE w0051f86.dll,I2 00003ff000051f86
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [w000759d.dll] RUNDLL32.EXE w000759d.dll,I2 00003ff00000759d
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Xyuirinf] C:\WINDOWS\s?stem32\l?ass.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000140.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O20 - AppInit_DLLs: repairs303169545.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

and thanks agian

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:59 AM

Posted 26 June 2006 - 02:06 AM

Hello,

It is important you perform all my steps in exactly the same order!

Let's fix in hijackthis first to stop the errors after reboot..

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,eybpcev.exe
O2 - BHO: (no name) - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - (no file)
O4 - HKLM\..\Run: [404240494247444A] 595B59625B605D.exe
O4 - HKLM\..\Run: [win32103-213504080] C:\WINDOWS\win32103-213504080.exe
O4 - HKLM\..\Run: [sys02135040803-2] C:\WINDOWS\sys02135040803-2.exe
O4 - HKLM\..\Run: [win320903-21350408] C:\WINDOWS\win320903-21350408.exe
O4 - HKLM\..\Run: [w290ee41.dll] RUNDLL32.EXE w290ee41.dll,I2 00003ff00290ee41
O4 - HKLM\..\Run: [w0006532.dll] RUNDLL32.EXE w0006532.dll,I2 00003ff000006532
O4 - HKLM\..\Run: [w00d6f74.dll] RUNDLL32.EXE w00d6f74.dll,I2 00003ff0000d6f74
O4 - HKLM\..\Run: [w0006188.dll] RUNDLL32.EXE w0006188.dll,I2 00003ff000006188
O4 - HKLM\..\Run: [w0006b0e.dll] RUNDLL32.EXE w0006b0e.dll,I2 00003ff000006b0e
O4 - HKLM\..\Run: [w0008155.dll] RUNDLL32.EXE w0008155.dll,I2 00003ff000008155
O4 - HKLM\..\Run: [w01ff045.dll] RUNDLL32.EXE w01ff045.dll,I2 00003ff0001ff045
O4 - HKLM\..\Run: [w0d54876.dll] RUNDLL32.EXE w0d54876.dll,I2 00003ff000d54876
O4 - HKLM\..\Run: [w0007c34.dll] RUNDLL32.EXE w0007c34.dll,I2 00003ff000007c34
O4 - HKLM\..\Run: [w0005bdb.dll] RUNDLL32.EXE w0005bdb.dll,I2 00003ff000005bdb
O4 - HKLM\..\Run: [w0005b3f.dll] RUNDLL32.EXE w0005b3f.dll,I2 00003ff000005b3f
O4 - HKLM\..\Run: [w0005d43.dll] RUNDLL32.EXE w0005d43.dll,I2 00003ff000005d43
O4 - HKLM\..\Run: [w0375826.dll] RUNDLL32.EXE w0375826.dll,I2 00003ff000375826
O4 - HKLM\..\Run: [w00063ca.dll] RUNDLL32.EXE w00063ca.dll,I2 00003ff0000063ca
O4 - HKLM\..\Run: [w0005a83.dll] RUNDLL32.EXE w0005a83.dll,I2 00003ff000005a83
O4 - HKLM\..\Run: [w00061c7.dll] RUNDLL32.EXE w00061c7.dll,I2 00003ff0000061c7
O4 - HKLM\..\Run: [w040940b.dll] RUNDLL32.EXE w040940b.dll,I2 00003ff00040940b
O4 - HKLM\..\Run: [w0006aa0.dll] RUNDLL32.EXE w0006aa0.dll,I2 00003ff000006aa0
O4 - HKLM\..\Run: [w0011364.dll] RUNDLL32.EXE w0011364.dll,I2 00003ff000011364
O4 - HKLM\..\Run: [defender] C:\\defender23.exe
O4 - HKLM\..\Run: [w0006c37.dll] RUNDLL32.EXE w0006c37.dll,I2 00003ff000006c37
O4 - HKLM\..\Run: [w0005851.dll] RUNDLL32.EXE w0005851.dll,I2 00003ff000005851
O4 - HKLM\..\Run: [w0375335.dll] RUNDLL32.EXE w0375335.dll,I2 00003ff000375335
O4 - HKLM\..\Run: [w0006002.dll] RUNDLL32.EXE w0006002.dll,I2 00003ff000006002
O4 - HKLM\..\Run: [w000735b.dll] RUNDLL32.EXE w000735b.dll,I2 00003ff00000735b
O4 - HKLM\..\Run: [w0006d02.dll] RUNDLL32.EXE w0006d02.dll,I2 00003ff000006d02
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [w0376d25.dll] RUNDLL32.EXE w0376d25.dll,I2 00003ff000376d25
O4 - HKLM\..\Run: [w000664b.dll] RUNDLL32.EXE w000664b.dll,I2 00003ff00000664b
O4 - HKLM\..\Run: [w0006561.dll] RUNDLL32.EXE w0006561.dll,I2 00003ff000006561
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [w0024f4f.dll] RUNDLL32.EXE w0024f4f.dll,I2 00003ff000024f4f
O4 - HKLM\..\Run: [ljcaodvA] C:\WINDOWS\ljcaodvA.exe
O4 - HKLM\..\Run: [gysegyqA] C:\WINDOWS\gysegyqA.exe
O4 - HKLM\..\Run: [w0006d8e.dll] RUNDLL32.EXE w0006d8e.dll,I2 00003ff000006d8e
O4 - HKLM\..\Run: [w000687e.dll] RUNDLL32.EXE w000687e.dll,I2 00003ff00000687e
O4 - HKLM\..\Run: [w0051f86.dll] RUNDLL32.EXE w0051f86.dll,I2 00003ff000051f86
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [w000759d.dll] RUNDLL32.EXE w000759d.dll,I2 00003ff00000759d
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Xyuirinf] C:\WINDOWS\s?stem32\l?ass.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000140.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O20 - AppInit_DLLs: repairs303169545.dll


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Ignore the error you will get after fixing the O20 entry. This is normal. Just click OK there.


* Go to start > controlpanel > software > add/remove programs and uninstall next programs if present:

Viewpoint
Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin in it.


If OIN not listed, download and run this uninstaller.

Reboot when done! Really important!

* Download Brute Force Uninstaller.
Unzip it to a folder of itís own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script
( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

-------------------------

* Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 getbizzier

getbizzier
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 26 June 2006 - 08:25 AM

Thanks for your help but i am at work right now so i will do it as soon as i get home i shall be there at 7 EST thank you, thanks and THANK YOU

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:59 AM

Posted 26 June 2006 - 08:28 AM

That's ok. I will read your reply with your logs later. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 getbizzier

getbizzier
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 26 June 2006 - 07:47 PM

:thumbsup: hey there thanks for the info i think i forgot a dll and i had 3 errors when i ran hijack but everything else went smooth here is the log files

Start Time= Mon 06/26/2006 20:33:44.76
Running from: C:\Documents and Settings\Luis\Desktop

(((((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))

20:35:59.45

* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-03-30 21:47:52 163,840 "C:\WINDOWS\system32\BMGi_b.exe"
2006-05-10 01:23:00 55,808 "C:\WINDOWS\system32\extmgr.dll"
2006-05-10 01:23:00 96,256 "C:\WINDOWS\system32\inseng.dll"
2006-05-19 11:08:32 3,052,544 "C:\WINDOWS\system32\mshtml.dll"
2006-05-10 01:23:02 532,480 "C:\WINDOWS\system32\mstime.dll"
2006-05-10 01:23:02 613,888 "C:\WINDOWS\system32\urlmon.dll"
2006-05-10 01:23:00 151,040 "C:\WINDOWS\system32\cdfview.dll"
2006-05-10 01:23:00 357,888 "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-10 01:23:00 205,312 "C:\WINDOWS\system32\dxtrans.dll"
2006-05-10 01:23:00 251,392 "C:\WINDOWS\system32\iepeers.dll"
2006-06-01 14:47:08 163,840 "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 14:47:08 27,648 "C:\WINDOWS\system32\jgpl400.dll"
2006-05-18 01:24:26 450,560 "C:\WINDOWS\system32\jscript.dll"
2006-05-10 01:23:00 16,384 "C:\WINDOWS\system32\jsproxy.dll"
2006-05-10 01:23:02 39,424 "C:\WINDOWS\system32\pngfilt.dll"
2006-05-29 11:30:34 1,494,016 "C:\WINDOWS\system32\shdocvw.dll"
2006-05-10 01:23:02 474,112 "C:\WINDOWS\system32\shlwapi.dll"
2006-05-29 00:55:54 8,464 "C:\WINDOWS\system32\sporder.dll"
2006-05-10 01:23:04 658,432 "C:\WINDOWS\system32\wininet.dll"
2006-05-10 01:23:00 1,054,208 "C:\WINDOWS\system32\danim.dll"
2006-05-30 21:05:50 409 "C:\WINDOWS\bpjoi.dll"
2006-05-29 00:52:16 53 "C:\WINDOWS\bvleeb.dat"


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


05/29/2006 12:52 AM 53 bvleeb.dat.vir


DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:42:42 PM, on 6/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1149029634\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1149029634\ee\AOLServiceHost.exe
C:\hijack\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149029634\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [w02a60f0.dll] RUNDLL32.EXE w02a60f0.dll,I2 00003ff0002a60f0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:59 AM

Posted 27 June 2006 - 12:01 AM

Hello,

This isn't the right log you posted... I need the C:\combofix.txt, so can you post that in your next reply?

Check and fix next entry in hijackthis:

O4 - HKLM\..\Run: [w02a60f0.dll] RUNDLL32.EXE w02a60f0.dll,I2 00003ff0002a60f0
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 getbizzier

getbizzier
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 27 June 2006 - 06:16 AM

:thumbsup: took out the dll and i am just getting ready for work SO here it is and thanks

Start Time= Mon 06/26/2006 20:33:44.76
Running from: C:\Documents and Settings\Luis\Desktop

(((((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))

20:35:59.45

* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-03-30 21:47:52 163,840 "C:\WINDOWS\system32\BMGi_b.exe"
2006-05-10 01:23:00 55,808 "C:\WINDOWS\system32\extmgr.dll"
2006-05-10 01:23:00 96,256 "C:\WINDOWS\system32\inseng.dll"
2006-05-19 11:08:32 3,052,544 "C:\WINDOWS\system32\mshtml.dll"
2006-05-10 01:23:02 532,480 "C:\WINDOWS\system32\mstime.dll"
2006-05-10 01:23:02 613,888 "C:\WINDOWS\system32\urlmon.dll"
2006-05-10 01:23:00 151,040 "C:\WINDOWS\system32\cdfview.dll"
2006-05-10 01:23:00 357,888 "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-10 01:23:00 205,312 "C:\WINDOWS\system32\dxtrans.dll"
2006-05-10 01:23:00 251,392 "C:\WINDOWS\system32\iepeers.dll"
2006-06-01 14:47:08 163,840 "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 14:47:08 27,648 "C:\WINDOWS\system32\jgpl400.dll"
2006-05-18 01:24:26 450,560 "C:\WINDOWS\system32\jscript.dll"
2006-05-10 01:23:00 16,384 "C:\WINDOWS\system32\jsproxy.dll"
2006-05-10 01:23:02 39,424 "C:\WINDOWS\system32\pngfilt.dll"
2006-05-29 11:30:34 1,494,016 "C:\WINDOWS\system32\shdocvw.dll"
2006-05-10 01:23:02 474,112 "C:\WINDOWS\system32\shlwapi.dll"
2006-05-29 00:55:54 8,464 "C:\WINDOWS\system32\sporder.dll"
2006-05-10 01:23:04 658,432 "C:\WINDOWS\system32\wininet.dll"
2006-05-10 01:23:00 1,054,208 "C:\WINDOWS\system32\danim.dll"
2006-05-30 21:05:50 409 "C:\WINDOWS\bpjoi.dll"
2006-05-29 00:52:16 53 "C:\WINDOWS\bvleeb.dat"


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


05/29/2006 12:52 AM 53 bvleeb.dat.vir


DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-03-30 21:47:52 163,840 "C:\WINDOWS\system32\BMGi_b.exe"
2006-05-10 01:23:00 151,040 "C:\WINDOWS\system32\cdfview.dll"
2006-05-10 01:23:00 357,888 "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-10 01:23:00 205,312 "C:\WINDOWS\system32\dxtrans.dll"
2006-05-10 01:23:00 251,392 "C:\WINDOWS\system32\iepeers.dll"
2006-06-01 14:47:08 163,840 "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 14:47:08 27,648 "C:\WINDOWS\system32\jgpl400.dll"
2006-05-18 01:24:26 450,560 "C:\WINDOWS\system32\jscript.dll"
2006-05-10 01:23:00 16,384 "C:\WINDOWS\system32\jsproxy.dll"
2006-05-10 01:23:02 39,424 "C:\WINDOWS\system32\pngfilt.dll"
2006-05-29 11:30:34 1,494,016 "C:\WINDOWS\system32\shdocvw.dll"
2006-05-10 01:23:02 474,112 "C:\WINDOWS\system32\shlwapi.dll"
2006-05-29 00:55:54 8,464 "C:\WINDOWS\system32\sporder.dll"
2006-05-10 01:23:04 658,432 "C:\WINDOWS\system32\wininet.dll"
2006-05-10 01:23:00 55,808 "C:\WINDOWS\system32\extmgr.dll"
2006-05-10 01:23:00 96,256 "C:\WINDOWS\system32\inseng.dll"
2006-05-19 11:08:32 3,052,544 "C:\WINDOWS\system32\mshtml.dll"
2006-05-10 01:23:02 532,480 "C:\WINDOWS\system32\mstime.dll"
2006-05-10 01:23:02 613,888 "C:\WINDOWS\system32\urlmon.dll"
2006-05-10 01:23:00 1,054,208 "C:\WINDOWS\system32\danim.dll"
2006-05-30 21:05:50 409 "C:\WINDOWS\bpjoi.dll"


((((((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169545.dll
C:\Documents and Settings\Luis\Application Data\Sskknwrd.dll
C:\Documents and Settings\Luis\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Luis\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\pat\Application Data\Sskknwrd.dll
C:\Documents and Settings\pat\Application Data\Sskuknwrd.dll
C:\Documents and Settings\pat\Local Settings\Temporary Internet Files\Ssk.log
C:\Program Files\SurfSideKick 3\SskBho.dll
C:\Program Files\SurfSideKick 3\SskCore.dll
C:\Program Files\SurfSideKick 3\SskFFCore.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



20:38:06.32
((((((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\snowball wars


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-06-26 00:39:42 ( .D... ) "C:\Documents and Settings\Luis\Application Data\Lavasoft"
2006-06-26 00:39:26 ( .D... ) "C:\Program Files\Lavasoft"
2006-06-25 16:15:54 503 ( A..H. ) "C:\Documents and Settings\Luis\Application Data\hpothb07.tif"
2006-06-25 16:15:54 355 ( A..H. ) "C:\Documents and Settings\Luis\Application Data\hpothb07.dat"
2006-06-25 12:49:36 ( .D... ) "C:\Program Files\TweakNow RegCleaner Pro"
2006-06-21 22:51:18 143360 ( A.... ) "C:\WINDOWS\ms045040803-213.exe"
2006-06-21 22:24:54 ( .D... ) "C:\Program Files\Kaspersky Lab"
2006-06-08 21:19:50 5967776 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2006-06-01 14:47:08 163840 ( A.... ) "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 14:47:08 27648 ( A.... ) "C:\WINDOWS\system32\jgpl400.dll"
2006-05-30 21:05:50 409 ( A.... ) "C:\WINDOWS\bpjoi.dll"
2006-05-30 18:54:08 ( .D... ) "C:\Documents and Settings\Luis\Application Data\Aim"
2006-05-30 18:53:28 ( .D... ) "C:\Program Files\Common Files\AOL"
2006-05-30 18:53:28 ( .D... ) "C:\Program Files\AOL"
2006-05-30 18:53:28 ( .D... ) "C:\Program Files\AOD"
2006-05-30 18:53:18 ( .D... ) "C:\Program Files\AIM"
2006-05-29 11:30:34 1494016 ( A.... ) "C:\WINDOWS\system32\shdocvw.dll"
2006-05-29 00:57:14 245760 ( A.... ) "C:\WINDOWS\system32\cemetrix.dll"
2006-05-29 00:55:54 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll"
2006-05-19 11:08:32 3052544 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2006-05-18 01:24:26 450560 ( A.... ) "C:\WINDOWS\system32\jscript.dll"
2006-05-16 19:49:12 2 ( A.... ) "C:\WINDOWS\system32\wintsvcc.exe"
2006-05-16 19:48:38 ( .D... ) "C:\Program Files\Windows"
2006-05-11 04:23:24 24576 ( A.... ) "C:\WINDOWS\system32\xpsp3res.dll"
2006-05-10 01:23:04 658432 ( A.... ) "C:\WINDOWS\system32\wininet.dll"
2006-05-10 01:23:02 613888 ( A.... ) "C:\WINDOWS\system32\urlmon.dll"
2006-05-10 01:23:02 532480 ( A.... ) "C:\WINDOWS\system32\mstime.dll"
2006-05-10 01:23:02 474112 ( A.... ) "C:\WINDOWS\system32\shlwapi.dll"
2006-05-10 01:23:02 448512 ( A.... ) "C:\WINDOWS\system32\mshtmled.dll"
2006-05-10 01:23:02 146432 ( A.... ) "C:\WINDOWS\system32\msrating.dll"
2006-05-10 01:23:02 39424 ( A.... ) "C:\WINDOWS\system32\pngfilt.dll"
2006-05-10 01:23:00 1054208 ( A.... ) "C:\WINDOWS\system32\danim.dll"
2006-05-10 01:23:00 1022976 ( A.... ) "C:\WINDOWS\system32\browseui.dll"
2006-05-10 01:23:00 357888 ( A.... ) "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-10 01:23:00 251392 ( A.... ) "C:\WINDOWS\system32\iepeers.dll"
2006-05-10 01:23:00 205312 ( A.... ) "C:\WINDOWS\system32\dxtrans.dll"
2006-05-10 01:23:00 151040 ( A.... ) "C:\WINDOWS\system32\cdfview.dll"
2006-05-10 01:23:00 96256 ( A.... ) "C:\WINDOWS\system32\inseng.dll"
2006-05-10 01:23:00 55808 ( ..... ) "C:\WINDOWS\system32\extmgr.dll"
2006-05-10 01:23:00 16384 ( A.... ) "C:\WINDOWS\system32\jsproxy.dll"
2006-04-24 15:40:00 4730880 ( A.... ) "C:\WINDOWS\system32\wmp.dll"
2006-04-18 05:25:38 286720 ( A.... ) "C:\WINDOWS\system32\{D3150260-5753-454D-9923-26CF37C6FECC}.dll"
2006-03-30 21:47:52 163840 ( A.... ) "C:\WINDOWS\system32\BMGi_b.exe"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1149029634\\ee\\AOLHostManager.exe"
"kis"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""
@=""
"w02a60f0.dll"="RUNDLL32.EXE w02a60f0.dll,I2 00003ff0002a60f0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\Internet Explorer\\hoxynagab.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\WINDOWS\\system32\\ad.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1140916205.job

Completion time: Mon 06/26/2006 20:38:14.18
ComboFix ver 06.06.26 - This logfile is located at C:\ComboFix.txt

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:59 AM

Posted 27 June 2006 - 06:28 AM

Ok, just some cleanup to do...

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Delete next files and folders:

C:\WINDOWS\ms045040803-213.exe
C:\WINDOWS\bpjoi.dll
C:\WINDOWS\system32\cemetrix.dll
C:\WINDOWS\system32\wintsvcc.exe
C:\Program Files\Windows <== this folder, contains the file WinUpdate.exe and WinUpdate.flld
C:\WINDOWS\system32\{D3150260-5753-454D-9923-26CF37C6FECC}.dll
C:\WINDOWS\system32\BMGi_b.exe
C:\Program Files\Internet Explorer\hoxynagab.html
C:\WINDOWS\system32\ad.html

Post a new hijackthislog in your next reply as a final checkup.
Also let me know how things are running now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:59 AM

Posted 03 July 2006 - 05:13 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users