Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

please help me rid this from my copmuter

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Bertha » August 10th, 2005, 6:58 pm

Hi darrin,

No i will reply, its just late now so I will reply tomorrow morning
(Please remeber that we do this as an Interest, and time is a factor)

Bertha
User avatar
Bertha
Admin/Teacher Emeritus
 
Posts: 2053
Joined: February 6th, 2005, 1:17 pm
Location: Midlands
Advertisement
Register to Remove

Unread postby Bertha » August 14th, 2005, 11:50 am

Hi,

Sorry for the wait, if you still require assisstance please post a new HJT log

Bertha
User avatar
Bertha
Admin/Teacher Emeritus
 
Posts: 2053
Joined: February 6th, 2005, 1:17 pm
Location: Midlands

New HijackThis Log

Unread postby darrin06241985 » August 16th, 2005, 10:39 pm

Logfile of HijackThis v1.99.1
Scan saved at 8:35:30 PM, on 8/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\secserv.exe
C:\WINDOWS\System32\secserv.exe
C:\WINDOWS\System32\l?ass.exe
C:\Program Files\tlop\aapu.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Documents and Settings\Alyssa\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
O1 - Hosts: 66.180.173.39 http://www.google.ae
O1 - Hosts: 66.180.173.39 http://www.google.am
O1 - Hosts: 66.180.173.39 http://www.google.as
O1 - Hosts: 66.180.173.39 http://www.google.at
O1 - Hosts: 66.180.173.39 http://www.google.az
O1 - Hosts: 66.180.173.39 http://www.google.be
O1 - Hosts: 66.180.173.39 http://www.google.bi
O1 - Hosts: 66.180.173.39 http://www.google.ca
O1 - Hosts: 66.180.173.39 http://www.google.cd
O1 - Hosts: 66.180.173.39 http://www.google.cg
O1 - Hosts: 66.180.173.39 http://www.google.ch
O1 - Hosts: 66.180.173.39 http://www.google.ci
O1 - Hosts: 66.180.173.39 http://www.google.cl
O1 - Hosts: 66.180.173.39 http://www.google.co.cr
O1 - Hosts: 66.180.173.39 http://www.google.co.hu
O1 - Hosts: 66.180.173.39 http://www.google.co.il
O1 - Hosts: 66.180.173.39 http://www.google.co.in
O1 - Hosts: 66.180.173.39 http://www.google.co.je
O1 - Hosts: 66.180.173.39 http://www.google.co.jp
O1 - Hosts: 66.180.173.39 http://www.google.co.ke
O1 - Hosts: 66.180.173.39 http://www.google.co.kr
O1 - Hosts: 66.180.173.39 http://www.google.co.ls
O1 - Hosts: 66.180.173.39 http://www.google.co.nz
O1 - Hosts: 66.180.173.39 http://www.google.co.th
O1 - Hosts: 66.180.173.39 http://www.google.co.ug
O1 - Hosts: 66.180.173.39 http://www.google.co.uk
O1 - Hosts: 66.180.173.39 http://www.google.co.ve
O1 - Hosts: 66.180.173.39 http://www.google.com
O1 - Hosts: 66.180.173.39 http://www.google.com.ag
O1 - Hosts: 66.180.173.39 http://www.google.com.ar
O1 - Hosts: 66.180.173.39 http://www.google.com.au
O1 - Hosts: 66.180.173.39 http://www.google.com.br
O1 - Hosts: 66.180.173.39 http://www.google.com.co
O1 - Hosts: 66.180.173.39 http://www.google.com.cu
O1 - Hosts: 66.180.173.39 http://www.google.com.do
O1 - Hosts: 66.180.173.39 http://www.google.com.ec
O1 - Hosts: 66.180.173.39 http://www.google.com.fj
O1 - Hosts: 66.180.173.39 http://www.google.com.gi
O1 - Hosts: 66.180.173.39 http://www.google.com.gr
O1 - Hosts: 66.180.173.39 http://www.google.com.gt
O1 - Hosts: 66.180.173.39 http://www.google.com.hk
O1 - Hosts: 66.180.173.39 http://www.google.com.ly
O1 - Hosts: 66.180.173.39 http://www.google.com.mt
O1 - Hosts: 66.180.173.39 http://www.google.com.mx
O1 - Hosts: 66.180.173.39 http://www.google.com.my
O1 - Hosts: 66.180.173.39 http://www.google.com.na
O1 - Hosts: 66.180.173.39 http://www.google.com.nf
O1 - Hosts: 66.180.173.39 http://www.google.com.ni
O1 - Hosts: 66.180.173.39 http://www.google.com.np
O1 - Hosts: 66.180.173.39 http://www.google.com.pa
O1 - Hosts: 66.180.173.39 http://www.google.com.pe
O1 - Hosts: 66.180.173.39 http://www.google.com.ph
O1 - Hosts: 66.180.173.39 http://www.google.com.pk
O1 - Hosts: 66.180.173.39 http://www.google.com.pr
O1 - Hosts: 66.180.173.39 http://www.google.com.py
O1 - Hosts: 66.180.173.39 http://www.google.com.sa
O1 - Hosts: 66.180.173.39 http://www.google.com.sg
O1 - Hosts: 66.180.173.39 http://www.google.com.sv
O1 - Hosts: 66.180.173.39 http://www.google.com.tr
O1 - Hosts: 66.180.173.39 http://www.google.com.tw
O1 - Hosts: 66.180.173.39 http://www.google.com.ua
O1 - Hosts: 66.180.173.39 http://www.google.com.uy
O1 - Hosts: 66.180.173.39 http://www.google.com.vc
O1 - Hosts: 66.180.173.39 http://www.google.com.vn
O1 - Hosts: 66.180.173.39 http://www.google.de
O1 - Hosts: 66.180.173.39 http://www.google.dj
O1 - Hosts: 66.180.173.39 http://www.google.dk
O1 - Hosts: 66.180.173.39 http://www.google.es
O1 - Hosts: 66.180.173.39 http://www.google.fi
O1 - Hosts: 66.180.173.39 http://www.google.fm
O1 - Hosts: 66.180.173.39 http://www.google.fr
O1 - Hosts: 66.180.173.39 http://www.google.gg
O1 - Hosts: 66.180.173.39 http://www.google.gl
O1 - Hosts: 66.180.173.39 http://www.google.gm
O1 - Hosts: 66.180.173.39 http://www.google.hn
O1 - Hosts: 66.180.173.39 http://www.google.ie
O1 - Hosts: 66.180.173.39 http://www.google.it
O1 - Hosts: 66.180.173.39 http://www.google.kz
O1 - Hosts: 66.180.173.39 http://www.google.li
O1 - Hosts: 66.180.173.39 http://www.google.lt
O1 - Hosts: 66.180.173.39 http://www.google.lu
O1 - Hosts: 66.180.173.39 http://www.google.lv
O1 - Hosts: 66.180.173.39 http://www.google.mn
O1 - Hosts: 66.180.173.39 http://www.google.ms
O1 - Hosts: 66.180.173.39 http://www.google.mu
O1 - Hosts: 66.180.173.39 http://www.google.mw
O1 - Hosts: 66.180.173.39 http://www.google.nl
O1 - Hosts: 66.180.173.39 http://www.google.no
O1 - Hosts: 66.180.173.39 http://www.google.off.ai
O1 - Hosts: 66.180.173.39 http://www.google.pl
O1 - Hosts: 66.180.173.39 http://www.google.pn
O1 - Hosts: 66.180.173.39 http://www.google.pt
O1 - Hosts: 66.180.173.39 http://www.google.ro
O1 - Hosts: 66.180.173.39 http://www.google.ru
O1 - Hosts: 66.180.173.39 http://www.google.rw
O1 - Hosts: 66.180.173.39 http://www.google.se
O1 - Hosts: 66.180.173.39 http://www.google.sh
O1 - Hosts: 66.180.173.39 http://www.google.sk
O1 - Hosts: 66.180.173.39 http://www.google.sm
O1 - Hosts: 66.180.173.39 http://www.google.td
O1 - Hosts: 66.180.173.39 http://www.google.tm
O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\Alyssa\LOCALS~1\Temp\sdmfclkruti.dll (file missing)
O2 - BHO: SDWin32 Class - {80CFA6CE-29E7-4AEB-B0D6-80E96DE2EF38} - C:\WINDOWS\System32\phfwy.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [richup] C:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [18i71lvt] C:\WINDOWS\System32\18i71lvt.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [apisvc.exe] C:\WINDOWS\System32\apisvc.exe
O4 - HKLM\..\Run: [secserv.exe] C:\WINDOWS\System32\secserv.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKCU\..\Run: [byr5RXGmh] umdax.exe
O4 - HKCU\..\Run: [Yofgpd] C:\WINDOWS\System32\l?ass.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Smob] C:\Program Files\tlop\aapu.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\csutil.dll
O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
darrin06241985
Regular Member
 
Posts: 25
Joined: June 16th, 2005, 11:40 pm

Unread postby Bertha » August 17th, 2005, 1:56 pm

Hi.

Lets run some scans to see what they pick up for us,

Download AdAware Se and SpyBot from here

http://www.malwareremoval.com/forum/viewtopic.php?t=13

Set them up as shown and run them, rebooting between each one

Then update to AVG 7 it appears you are using an out of date version, click on Update in your AVG options, and it should prompt you,

If not donwload the latest version from here

http://free.grisoft.com/freeweb.php/doc/2/

Run it and reboot after the scan

Note down anyhting from these scans that they find but cannot remove and its location, then post that and a new Log back here

Bertha
User avatar
Bertha
Admin/Teacher Emeritus
 
Posts: 2053
Joined: February 6th, 2005, 1:17 pm
Location: Midlands

Unread postby darrin06241985 » August 26th, 2005, 9:55 pm

Logfile of HijackThis v1.99.1
Scan saved at 7:54:49 PM, on 8/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\secserv.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\secserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\l?ass.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Documents and Settings\Alyssa\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
O1 - Hosts: 66.180.173.39 http://www.google.ae
O1 - Hosts: 66.180.173.39 http://www.google.am
O1 - Hosts: 66.180.173.39 http://www.google.as
O1 - Hosts: 66.180.173.39 http://www.google.at
O1 - Hosts: 66.180.173.39 http://www.google.az
O1 - Hosts: 66.180.173.39 http://www.google.be
O1 - Hosts: 66.180.173.39 http://www.google.bi
O1 - Hosts: 66.180.173.39 http://www.google.ca
O1 - Hosts: 66.180.173.39 http://www.google.cd
O1 - Hosts: 66.180.173.39 http://www.google.cg
O1 - Hosts: 66.180.173.39 http://www.google.ch
O1 - Hosts: 66.180.173.39 http://www.google.ci
O1 - Hosts: 66.180.173.39 http://www.google.cl
O1 - Hosts: 66.180.173.39 http://www.google.co.cr
O1 - Hosts: 66.180.173.39 http://www.google.co.hu
O1 - Hosts: 66.180.173.39 http://www.google.co.il
O1 - Hosts: 66.180.173.39 http://www.google.co.in
O1 - Hosts: 66.180.173.39 http://www.google.co.je
O1 - Hosts: 66.180.173.39 http://www.google.co.jp
O1 - Hosts: 66.180.173.39 http://www.google.co.ke
O1 - Hosts: 66.180.173.39 http://www.google.co.kr
O1 - Hosts: 66.180.173.39 http://www.google.co.ls
O1 - Hosts: 66.180.173.39 http://www.google.co.nz
O1 - Hosts: 66.180.173.39 http://www.google.co.th
O1 - Hosts: 66.180.173.39 http://www.google.co.ug
O1 - Hosts: 66.180.173.39 http://www.google.co.uk
O1 - Hosts: 66.180.173.39 http://www.google.co.ve
O1 - Hosts: 66.180.173.39 http://www.google.com
O1 - Hosts: 66.180.173.39 http://www.google.com.ag
O1 - Hosts: 66.180.173.39 http://www.google.com.ar
O1 - Hosts: 66.180.173.39 http://www.google.com.au
O1 - Hosts: 66.180.173.39 http://www.google.com.br
O1 - Hosts: 66.180.173.39 http://www.google.com.co
O1 - Hosts: 66.180.173.39 http://www.google.com.cu
O1 - Hosts: 66.180.173.39 http://www.google.com.do
O1 - Hosts: 66.180.173.39 http://www.google.com.ec
O1 - Hosts: 66.180.173.39 http://www.google.com.fj
O1 - Hosts: 66.180.173.39 http://www.google.com.gi
O1 - Hosts: 66.180.173.39 http://www.google.com.gr
O1 - Hosts: 66.180.173.39 http://www.google.com.gt
O1 - Hosts: 66.180.173.39 http://www.google.com.hk
O1 - Hosts: 66.180.173.39 http://www.google.com.ly
O1 - Hosts: 66.180.173.39 http://www.google.com.mt
O1 - Hosts: 66.180.173.39 http://www.google.com.mx
O1 - Hosts: 66.180.173.39 http://www.google.com.my
O1 - Hosts: 66.180.173.39 http://www.google.com.na
O1 - Hosts: 66.180.173.39 http://www.google.com.nf
O1 - Hosts: 66.180.173.39 http://www.google.com.ni
O1 - Hosts: 66.180.173.39 http://www.google.com.np
O1 - Hosts: 66.180.173.39 http://www.google.com.pa
O1 - Hosts: 66.180.173.39 http://www.google.com.pe
O1 - Hosts: 66.180.173.39 http://www.google.com.ph
O1 - Hosts: 66.180.173.39 http://www.google.com.pk
O1 - Hosts: 66.180.173.39 http://www.google.com.pr
O1 - Hosts: 66.180.173.39 http://www.google.com.py
O1 - Hosts: 66.180.173.39 http://www.google.com.sa
O1 - Hosts: 66.180.173.39 http://www.google.com.sg
O1 - Hosts: 66.180.173.39 http://www.google.com.sv
O1 - Hosts: 66.180.173.39 http://www.google.com.tr
O1 - Hosts: 66.180.173.39 http://www.google.com.tw
O1 - Hosts: 66.180.173.39 http://www.google.com.ua
O1 - Hosts: 66.180.173.39 http://www.google.com.uy
O1 - Hosts: 66.180.173.39 http://www.google.com.vc
O1 - Hosts: 66.180.173.39 http://www.google.com.vn
O1 - Hosts: 66.180.173.39 http://www.google.de
O1 - Hosts: 66.180.173.39 http://www.google.dj
O1 - Hosts: 66.180.173.39 http://www.google.dk
O1 - Hosts: 66.180.173.39 http://www.google.es
O1 - Hosts: 66.180.173.39 http://www.google.fi
O1 - Hosts: 66.180.173.39 http://www.google.fm
O1 - Hosts: 66.180.173.39 http://www.google.fr
O1 - Hosts: 66.180.173.39 http://www.google.gg
O1 - Hosts: 66.180.173.39 http://www.google.gl
O1 - Hosts: 66.180.173.39 http://www.google.gm
O1 - Hosts: 66.180.173.39 http://www.google.hn
O1 - Hosts: 66.180.173.39 http://www.google.ie
O1 - Hosts: 66.180.173.39 http://www.google.it
O1 - Hosts: 66.180.173.39 http://www.google.kz
O1 - Hosts: 66.180.173.39 http://www.google.li
O1 - Hosts: 66.180.173.39 http://www.google.lt
O1 - Hosts: 66.180.173.39 http://www.google.lu
O1 - Hosts: 66.180.173.39 http://www.google.lv
O1 - Hosts: 66.180.173.39 http://www.google.mn
O1 - Hosts: 66.180.173.39 http://www.google.ms
O1 - Hosts: 66.180.173.39 http://www.google.mu
O1 - Hosts: 66.180.173.39 http://www.google.mw
O1 - Hosts: 66.180.173.39 http://www.google.nl
O1 - Hosts: 66.180.173.39 http://www.google.no
O1 - Hosts: 66.180.173.39 http://www.google.off.ai
O1 - Hosts: 66.180.173.39 http://www.google.pl
O1 - Hosts: 66.180.173.39 http://www.google.pn
O1 - Hosts: 66.180.173.39 http://www.google.pt
O1 - Hosts: 66.180.173.39 http://www.google.ro
O1 - Hosts: 66.180.173.39 http://www.google.ru
O1 - Hosts: 66.180.173.39 http://www.google.rw
O1 - Hosts: 66.180.173.39 http://www.google.se
O1 - Hosts: 66.180.173.39 http://www.google.sh
O1 - Hosts: 66.180.173.39 http://www.google.sk
O1 - Hosts: 66.180.173.39 http://www.google.sm
O1 - Hosts: 66.180.173.39 http://www.google.td
O1 - Hosts: 66.180.173.39 http://www.google.tm
O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\Alyssa\LOCALS~1\Temp\jenafcfspgx.dll
O2 - BHO: SDWin32 Class - {68E7A2A9-F198-4FA2-84A9-22E73F1FD264} - C:\WINDOWS\System32\lnilp.dll (file missing)
O2 - BHO: SDWin32 Class - {80CFA6CE-29E7-4AEB-B0D6-80E96DE2EF38} - C:\WINDOWS\System32\phfwy.dll (file missing)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [richup] C:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [18i71lvt] C:\WINDOWS\System32\18i71lvt.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [apisvc.exe] C:\WINDOWS\System32\apisvc.exe
O4 - HKLM\..\Run: [secserv.exe] C:\WINDOWS\System32\secserv.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [dnam] C:\WINDOWS\system32\d140113.a.Stub.EXE
O4 - HKCU\..\Run: [byr5RXGmh] umdax.exe
O4 - HKCU\..\Run: [Yofgpd] C:\WINDOWS\System32\l?ass.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\csutil.dll
O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
darrin06241985
Regular Member
 
Posts: 25
Joined: June 16th, 2005, 11:40 pm

hello???

Unread postby darrin06241985 » August 31st, 2005, 6:35 pm

can you help me with this????
darrin06241985
Regular Member
 
Posts: 25
Joined: June 16th, 2005, 11:40 pm

Unread postby Bertha » September 1st, 2005, 11:21 am

Hi darrin,

sorry for the wait, for some reason Im not getting the emial notifications for this topic :(

Please do as follows

Download Hoster - Hoster

http://www.funkytoad.com/download/hoster.zip

Save it to your desktop, and then run it, hopefully it will resotre your hosts

Post a new HJT Log back here,

Bertha
User avatar
Bertha
Admin/Teacher Emeritus
 
Posts: 2053
Joined: February 6th, 2005, 1:17 pm
Location: Midlands

Unread postby darrin06241985 » September 2nd, 2005, 6:53 pm

i think i did it right i opened hoster and clicked on restore original hosts here is the new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 4:51:43 PM, on 9/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\secserv.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\secserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\l?ass.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\tlop\aapu.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Alyssa\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
O1 - Hosts: 66.180.173.39 http://www.google.ae
O1 - Hosts: 66.180.173.39 http://www.google.am
O1 - Hosts: 66.180.173.39 http://www.google.as
O1 - Hosts: 66.180.173.39 http://www.google.at
O1 - Hosts: 66.180.173.39 http://www.google.az
O1 - Hosts: 66.180.173.39 http://www.google.be
O1 - Hosts: 66.180.173.39 http://www.google.bi
O1 - Hosts: 66.180.173.39 http://www.google.ca
O1 - Hosts: 66.180.173.39 http://www.google.cd
O1 - Hosts: 66.180.173.39 http://www.google.cg
O1 - Hosts: 66.180.173.39 http://www.google.ch
O1 - Hosts: 66.180.173.39 http://www.google.ci
O1 - Hosts: 66.180.173.39 http://www.google.cl
O1 - Hosts: 66.180.173.39 http://www.google.co.cr
O1 - Hosts: 66.180.173.39 http://www.google.co.hu
O1 - Hosts: 66.180.173.39 http://www.google.co.il
O1 - Hosts: 66.180.173.39 http://www.google.co.in
O1 - Hosts: 66.180.173.39 http://www.google.co.je
O1 - Hosts: 66.180.173.39 http://www.google.co.jp
O1 - Hosts: 66.180.173.39 http://www.google.co.ke
O1 - Hosts: 66.180.173.39 http://www.google.co.kr
O1 - Hosts: 66.180.173.39 http://www.google.co.ls
O1 - Hosts: 66.180.173.39 http://www.google.co.nz
O1 - Hosts: 66.180.173.39 http://www.google.co.th
O1 - Hosts: 66.180.173.39 http://www.google.co.ug
O1 - Hosts: 66.180.173.39 http://www.google.co.uk
O1 - Hosts: 66.180.173.39 http://www.google.co.ve
O1 - Hosts: 66.180.173.39 http://www.google.com
O1 - Hosts: 66.180.173.39 http://www.google.com.ag
O1 - Hosts: 66.180.173.39 http://www.google.com.ar
O1 - Hosts: 66.180.173.39 http://www.google.com.au
O1 - Hosts: 66.180.173.39 http://www.google.com.br
O1 - Hosts: 66.180.173.39 http://www.google.com.co
O1 - Hosts: 66.180.173.39 http://www.google.com.cu
O1 - Hosts: 66.180.173.39 http://www.google.com.do
O1 - Hosts: 66.180.173.39 http://www.google.com.ec
O1 - Hosts: 66.180.173.39 http://www.google.com.fj
O1 - Hosts: 66.180.173.39 http://www.google.com.gi
O1 - Hosts: 66.180.173.39 http://www.google.com.gr
O1 - Hosts: 66.180.173.39 http://www.google.com.gt
O1 - Hosts: 66.180.173.39 http://www.google.com.hk
O1 - Hosts: 66.180.173.39 http://www.google.com.ly
O1 - Hosts: 66.180.173.39 http://www.google.com.mt
O1 - Hosts: 66.180.173.39 http://www.google.com.mx
O1 - Hosts: 66.180.173.39 http://www.google.com.my
O1 - Hosts: 66.180.173.39 http://www.google.com.na
O1 - Hosts: 66.180.173.39 http://www.google.com.nf
O1 - Hosts: 66.180.173.39 http://www.google.com.ni
O1 - Hosts: 66.180.173.39 http://www.google.com.np
O1 - Hosts: 66.180.173.39 http://www.google.com.pa
O1 - Hosts: 66.180.173.39 http://www.google.com.pe
O1 - Hosts: 66.180.173.39 http://www.google.com.ph
O1 - Hosts: 66.180.173.39 http://www.google.com.pk
O1 - Hosts: 66.180.173.39 http://www.google.com.pr
O1 - Hosts: 66.180.173.39 http://www.google.com.py
O1 - Hosts: 66.180.173.39 http://www.google.com.sa
O1 - Hosts: 66.180.173.39 http://www.google.com.sg
O1 - Hosts: 66.180.173.39 http://www.google.com.sv
O1 - Hosts: 66.180.173.39 http://www.google.com.tr
O1 - Hosts: 66.180.173.39 http://www.google.com.tw
O1 - Hosts: 66.180.173.39 http://www.google.com.ua
O1 - Hosts: 66.180.173.39 http://www.google.com.uy
O1 - Hosts: 66.180.173.39 http://www.google.com.vc
O1 - Hosts: 66.180.173.39 http://www.google.com.vn
O1 - Hosts: 66.180.173.39 http://www.google.de
O1 - Hosts: 66.180.173.39 http://www.google.dj
O1 - Hosts: 66.180.173.39 http://www.google.dk
O1 - Hosts: 66.180.173.39 http://www.google.es
O1 - Hosts: 66.180.173.39 http://www.google.fi
O1 - Hosts: 66.180.173.39 http://www.google.fm
O1 - Hosts: 66.180.173.39 http://www.google.fr
O1 - Hosts: 66.180.173.39 http://www.google.gg
O1 - Hosts: 66.180.173.39 http://www.google.gl
O1 - Hosts: 66.180.173.39 http://www.google.gm
O1 - Hosts: 66.180.173.39 http://www.google.hn
O1 - Hosts: 66.180.173.39 http://www.google.ie
O1 - Hosts: 66.180.173.39 http://www.google.it
O1 - Hosts: 66.180.173.39 http://www.google.kz
O1 - Hosts: 66.180.173.39 http://www.google.li
O1 - Hosts: 66.180.173.39 http://www.google.lt
O1 - Hosts: 66.180.173.39 http://www.google.lu
O1 - Hosts: 66.180.173.39 http://www.google.lv
O1 - Hosts: 66.180.173.39 http://www.google.mn
O1 - Hosts: 66.180.173.39 http://www.google.ms
O1 - Hosts: 66.180.173.39 http://www.google.mu
O1 - Hosts: 66.180.173.39 http://www.google.mw
O1 - Hosts: 66.180.173.39 http://www.google.nl
O1 - Hosts: 66.180.173.39 http://www.google.no
O1 - Hosts: 66.180.173.39 http://www.google.off.ai
O1 - Hosts: 66.180.173.39 http://www.google.pl
O1 - Hosts: 66.180.173.39 http://www.google.pn
O1 - Hosts: 66.180.173.39 http://www.google.pt
O1 - Hosts: 66.180.173.39 http://www.google.ro
O1 - Hosts: 66.180.173.39 http://www.google.ru
O1 - Hosts: 66.180.173.39 http://www.google.rw
O1 - Hosts: 66.180.173.39 http://www.google.se
O1 - Hosts: 66.180.173.39 http://www.google.sh
O1 - Hosts: 66.180.173.39 http://www.google.sk
O1 - Hosts: 66.180.173.39 http://www.google.sm
O1 - Hosts: 66.180.173.39 http://www.google.td
O1 - Hosts: 66.180.173.39 http://www.google.tm
O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\Alyssa\LOCALS~1\Temp\jenafcfspgx.dll
O2 - BHO: SDWin32 Class - {68E7A2A9-F198-4FA2-84A9-22E73F1FD264} - C:\WINDOWS\System32\lnilp.dll (file missing)
O2 - BHO: SDWin32 Class - {80CFA6CE-29E7-4AEB-B0D6-80E96DE2EF38} - C:\WINDOWS\System32\phfwy.dll (file missing)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [richup] C:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [18i71lvt] C:\WINDOWS\System32\18i71lvt.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [apisvc.exe] C:\WINDOWS\System32\apisvc.exe
O4 - HKLM\..\Run: [secserv.exe] C:\WINDOWS\System32\secserv.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [dnam] C:\WINDOWS\system32\d140113.a.Stub.EXE
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\ddls4d.exe reg_run
O4 - HKCU\..\Run: [byr5RXGmh] umdax.exe
O4 - HKCU\..\Run: [Yofgpd] C:\WINDOWS\System32\l?ass.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Smob] C:\Program Files\tlop\aapu.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: ctnr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\System32\wuauclt.dll
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\System32\wuauclt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://hylandhillscamera.axiscam.net/activex/AMC.cab
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\csutil.dll
O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
darrin06241985
Regular Member
 
Posts: 25
Joined: June 16th, 2005, 11:40 pm

Unread postby Bertha » September 3rd, 2005, 1:25 pm

Dar,



-Print this off so you can follow it

Be sure to look this solution over before you begin.

===============

We'll need to unload (not uninstall) Intermute's SpySubtract, since it might interfere with other program(s) we might be using to 'clean' off your system.

===============

Go to www.trendmicro.com, and then:

1. Click "Free Online Scan".
2. Click "Scan now, it's free".

It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down:

1. Select all available drives.
2. Check(tick) "Auto Clean".
3. Click "Scan".

When it completes, post back the full filename of any files that cannot be cleaned or deleted.

===============

Go to ADD/Remove (via Control Panel)

Uninstall if there

SudrSideKick



Run HiJackThis then:

1. Click "Config..."
2. Click "Misc Tools"
3. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\WINDOWS\System32\secserv.exe
C:\WINDOWS\System32\l?ass.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============



Run HiJackThis and click "Scan", then check(tick) the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)

O1 - Hosts: 66.180.173.39 http://www.google.ae
O1 - Hosts: 66.180.173.39 http://www.google.am
O1 - Hosts: 66.180.173.39 http://www.google.as
O1 - Hosts: 66.180.173.39 http://www.google.at
O1 - Hosts: 66.180.173.39 http://www.google.az
O1 - Hosts: 66.180.173.39 http://www.google.be
O1 - Hosts: 66.180.173.39 http://www.google.bi
O1 - Hosts: 66.180.173.39 http://www.google.ca
O1 - Hosts: 66.180.173.39 http://www.google.cd
O1 - Hosts: 66.180.173.39 http://www.google.cg
O1 - Hosts: 66.180.173.39 http://www.google.ch
O1 - Hosts: 66.180.173.39 http://www.google.ci
O1 - Hosts: 66.180.173.39 http://www.google.cl
O1 - Hosts: 66.180.173.39 http://www.google.co.cr
O1 - Hosts: 66.180.173.39 http://www.google.co.hu
O1 - Hosts: 66.180.173.39 http://www.google.co.il
O1 - Hosts: 66.180.173.39 http://www.google.co.in
O1 - Hosts: 66.180.173.39 http://www.google.co.je
O1 - Hosts: 66.180.173.39 http://www.google.co.jp
O1 - Hosts: 66.180.173.39 http://www.google.co.ke
O1 - Hosts: 66.180.173.39 http://www.google.co.kr
O1 - Hosts: 66.180.173.39 http://www.google.co.ls
O1 - Hosts: 66.180.173.39 http://www.google.co.nz
O1 - Hosts: 66.180.173.39 http://www.google.co.th
O1 - Hosts: 66.180.173.39 http://www.google.co.ug
O1 - Hosts: 66.180.173.39 http://www.google.co.uk
O1 - Hosts: 66.180.173.39 http://www.google.co.ve
O1 - Hosts: 66.180.173.39 http://www.google.com
O1 - Hosts: 66.180.173.39 http://www.google.com.ag
O1 - Hosts: 66.180.173.39 http://www.google.com.ar
O1 - Hosts: 66.180.173.39 http://www.google.com.au
O1 - Hosts: 66.180.173.39 http://www.google.com.br
O1 - Hosts: 66.180.173.39 http://www.google.com.co
O1 - Hosts: 66.180.173.39 http://www.google.com.cu
O1 - Hosts: 66.180.173.39 http://www.google.com.do
O1 - Hosts: 66.180.173.39 http://www.google.com.ec
O1 - Hosts: 66.180.173.39 http://www.google.com.fj
O1 - Hosts: 66.180.173.39 http://www.google.com.gi
O1 - Hosts: 66.180.173.39 http://www.google.com.gr
O1 - Hosts: 66.180.173.39 http://www.google.com.gt
O1 - Hosts: 66.180.173.39 http://www.google.com.hk
O1 - Hosts: 66.180.173.39 http://www.google.com.ly
O1 - Hosts: 66.180.173.39 http://www.google.com.mt
O1 - Hosts: 66.180.173.39 http://www.google.com.mx
O1 - Hosts: 66.180.173.39 http://www.google.com.my
O1 - Hosts: 66.180.173.39 http://www.google.com.na
O1 - Hosts: 66.180.173.39 http://www.google.com.nf
O1 - Hosts: 66.180.173.39 http://www.google.com.ni
O1 - Hosts: 66.180.173.39 http://www.google.com.np
O1 - Hosts: 66.180.173.39 http://www.google.com.pa
O1 - Hosts: 66.180.173.39 http://www.google.com.pe
O1 - Hosts: 66.180.173.39 http://www.google.com.ph
O1 - Hosts: 66.180.173.39 http://www.google.com.pk
O1 - Hosts: 66.180.173.39 http://www.google.com.pr
O1 - Hosts: 66.180.173.39 http://www.google.com.py
O1 - Hosts: 66.180.173.39 http://www.google.com.sa
O1 - Hosts: 66.180.173.39 http://www.google.com.sg
O1 - Hosts: 66.180.173.39 http://www.google.com.sv
O1 - Hosts: 66.180.173.39 http://www.google.com.tr
O1 - Hosts: 66.180.173.39 http://www.google.com.tw
O1 - Hosts: 66.180.173.39 http://www.google.com.ua
O1 - Hosts: 66.180.173.39 http://www.google.com.uy
O1 - Hosts: 66.180.173.39 http://www.google.com.vc
O1 - Hosts: 66.180.173.39 http://www.google.com.vn
O1 - Hosts: 66.180.173.39 http://www.google.de
O1 - Hosts: 66.180.173.39 http://www.google.dj
O1 - Hosts: 66.180.173.39 http://www.google.dk
O1 - Hosts: 66.180.173.39 http://www.google.es
O1 - Hosts: 66.180.173.39 http://www.google.fi
O1 - Hosts: 66.180.173.39 http://www.google.fm
O1 - Hosts: 66.180.173.39 http://www.google.fr
O1 - Hosts: 66.180.173.39 http://www.google.gg
O1 - Hosts: 66.180.173.39 http://www.google.gl
O1 - Hosts: 66.180.173.39 http://www.google.gm
O1 - Hosts: 66.180.173.39 http://www.google.hn
O1 - Hosts: 66.180.173.39 http://www.google.ie
O1 - Hosts: 66.180.173.39 http://www.google.it
O1 - Hosts: 66.180.173.39 http://www.google.kz
O1 - Hosts: 66.180.173.39 http://www.google.li
O1 - Hosts: 66.180.173.39 http://www.google.lt
O1 - Hosts: 66.180.173.39 http://www.google.lu
O1 - Hosts: 66.180.173.39 http://www.google.lv
O1 - Hosts: 66.180.173.39 http://www.google.mn
O1 - Hosts: 66.180.173.39 http://www.google.ms
O1 - Hosts: 66.180.173.39 http://www.google.mu
O1 - Hosts: 66.180.173.39 http://www.google.mw
O1 - Hosts: 66.180.173.39 http://www.google.nl
O1 - Hosts: 66.180.173.39 http://www.google.no
O1 - Hosts: 66.180.173.39 http://www.google.off.ai
O1 - Hosts: 66.180.173.39 http://www.google.pl
O1 - Hosts: 66.180.173.39 http://www.google.pn
O1 - Hosts: 66.180.173.39 http://www.google.pt
O1 - Hosts: 66.180.173.39 http://www.google.ro
O1 - Hosts: 66.180.173.39 http://www.google.ru
O1 - Hosts: 66.180.173.39 http://www.google.rw
O1 - Hosts: 66.180.173.39 http://www.google.se
O1 - Hosts: 66.180.173.39 http://www.google.sh
O1 - Hosts: 66.180.173.39 http://www.google.sk
O1 - Hosts: 66.180.173.39 http://www.google.sm
O1 - Hosts: 66.180.173.39 http://www.google.td
O1 - Hosts: 66.180.173.39 http://www.google.tm

O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\Alyssa\LOCALS~1\Temp\jenafcfspgx.dll
O2 - BHO: SDWin32 Class - {68E7A2A9-F198-4FA2-84A9-22E73F1FD264} - C:\WINDOWS\System32\lnilp.dll (file missing)
O2 - BHO: SDWin32 Class - {80CFA6CE-29E7-4AEB-B0D6-80E96DE2EF38} - C:\WINDOWS\System32\phfwy.dll (file missing)

O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [richup] C:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [18i71lvt] C:\WINDOWS\System32\18i71lvt.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [apisvc.exe] C:\WINDOWS\System32\apisvc.exe
O4 - HKLM\..\Run: [secserv.exe] C:\WINDOWS\System32\secserv.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [dnam] C:\WINDOWS\system32\d140113.a.Stub.EXE
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\ddls4d.exe reg_run
O4 - HKCU\..\Run: [byr5RXGmh] umdax.exe
O4 - HKCU\..\Run: [Yofgpd] C:\WINDOWS\System32\l?ass.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\csutil.dll


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

folders...

C:\Program Files\SurfSideKick 3

files...

C:\WINDOWS\System32\secserv.exe
C:\DOCUME~1\Alyssa\LOCALS~1\Temp\jenafcfspgx.dll
C:\WINDOWS\System32\PSof1.exe
C:\WINDOWS\System32\richup.exe
C:\WINDOWS\cfgmgr52.dll
C:\WINDOWS\System32\18i71lvt.exe
C:\WINDOWS\VCMnet11.exe
C:\WINDOWS\System32\apisvc.exe
C:\WINDOWS\system32\d140113.a.Stub.EXE
C:\WINDOWS\System32\ddls4d.exe
C:\WINDOWS\system32\csutil.dll

Search for...

AUNPS2.DLL
umdax.exe

...using "Start | Search...".

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".

Launch Notepad, and copy the text in the box below into a new text file, save as

File name: Findfile.bat
Save as type: All files

Save it to your desktop


dir C:\WINDOWS\System32\l?ass.exe /a h > files.txt
notepad files.txt


Locate FindFile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the text in your reply

===============

Post back a new log, and let me know how everything goes.

-

Bertha
User avatar
Bertha
Admin/Teacher Emeritus
 
Posts: 2053
Joined: February 6th, 2005, 1:17 pm
Location: Midlands

Unread postby NonSuch » September 19th, 2005, 11:42 pm

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware