954,253 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
6 Years Ago
0

Help - surf sidekick 3 is attacking!

I read previous post where you suggested the person download 'hijack this' and do a copy of the log. Well, here is mine:

Scan saved at 8:36:50 PM, on 7/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
C:\Program Files\BIPAC-7000 ADSL USB Modem\CnxDslTb.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB001" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\BIPAC-7000 ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Frag Five Camp Each] C:\Documents and Settings\All Users\Application Data\AcidPhoneFragFive\Real That.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [] p2pnetworking.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [] p2pnetworking.exe
O4 - HKCU\..\Run: [CashIso] C:\DOCUME~1\Shaz\APPLIC~1\STOPPI~1\MoreBeepOption.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Winter Fun Wallpaper Changer.lnk = ?
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A38DDD8E-E970-4208-9FFE-DDC07371E65E}: NameServer = 203.193.200.2 203.193.193.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169536.dll
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\h84m0ih1e84.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


I have used spybot, adaware & xoftspy - but they cannot remove all files.
I currently cannot use add/remove programs (am thinking I am going to have to reformat :sad: )

Can you help me at all???

shazp4
Newbie Poster
12 posts since Mar 2006
Reputation Points: 10
Solved Threads: 0
 
6 Years Ago
0

You also have a Look2Me infection, we will deal with that after SSK.

I am going to give you the fix from my website here..

SurfSideKick Removal

NOTE: There are several variants of SurfSideKick. Not all the files, folders, and HijackThis entries will be present on your sytem. If you do not find one or more of the items listed, just continue with the fix.

Print out these instructions.

Download and Install:
- CCleaner
- HijackThis
- Unlocker (Windows 2000/XP Only)

Download to your Desktop:
- SSKfix98 (Windows 98/ME only)
- SSKfixXP (Windows 2000/XP only)

Read and Understand the following:
- How to view hidden, system files & folders!
- How to search for hidden files on Windows XP

Identifying SurfSideKick

In HijackThis look for lines similar to the ones belowR3 - URLSearchHook: (no name) - {000AB005-FF12-42C2-8DF5-39E12E5F9C91} - C:\Program Files\SurfSideKick\SskBho.dll
O4 - HKLM\..\Run: [SurfSideKick] C:\Program Files\SurfSideKick\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick] C:\Program Files\SurfSideKick\Ssk.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O20 - AppInit_DLLs: repairs.dll
O20 - AppInit_DLLs: repairs302972943.dll (NOTE: This may have a different number)Close all browsers and keep them closed throughout the entire removal process.

Step 1 - Stopping running Processes

In HJT Choose Open the Misc Tools Section choose Process Manager, Highlight:C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exeChooseKill Process

NOTE: If VCClient.exe and VCMain.exe are not present then continue.

Step 2 - Uninstalling SurfSideKick

Using Add or Remove Programs in the Control Panel uninstall the following:

Surfsidekick
Surfsidekick 2
Surfsidekick 3

If SurfSideKick is not in Add or Remove Programs, do the following:

Open Windows Explorer and check to see if any of the below exist. If not, skip to Step 3 - Cleaning. Otherwise continue with the below:

C:\Program Files\SurfSideKick
C:\Program Files\SurfSideKick 2
C:\Program Files\SurfSideKick 3

If one or more of the above SSK entries are found in Program Files do the following:

Start -> Run
Type "C:\Program Files\SurfSideKick\ssk.exe" /u -> OK

Start -> Run
Type "C:\Program Files\SurfSideKick 2\ssk.exe" /u -> OK

Start -> Run
Type "C:\Program Files\SurfSideKick 3\ssk.exe" /u -> OK

WARNING: DO NOT reboot your computer if prompted to do so until you have run the uninstaller for each directory that is present.

Enter the given security code (generated automatically by the uninstaller) -> OK

Click on YES at the reboot prompt.

[img]http://img24.imageshack.us/img24/9371/ssk17gh.jpg[/img]

Make sure PC boots to Safe Mode.

Step 3 - Cleaning (Done While in Safe Mode)

Open Windows Explorer and browse to:

- For Win2K/XP it may be in c:\windows\system32 or c:\winnt\system32
- For Win9x/Me it may be in c:\windows\system or c:\windows

Look for all instances of:

repairs.dll
repairs302972940.dll
repairs302972943.dll
repairs302972958.dll
repairs302972970.dll
repairs302972979.dll
repairs302972982.dll
repairs302972985.dll
repairs302972988.dll

once located, right-click > Unlocker > Unlock All

If none of the repairs.dll can be found then search for all files on the local hard drive using the search function in the Start Menu.

[img]http://img239.imageshack.us/img239/9317/ssk25uu.jpg[/img]

NOTE: Windows98/ME Systems Unlocker won't be needed at all.

Immediately afterwards delete all instances of:

repairs.dll
repairs302972940.dll
repairs302972943.dll
repairs302972958.dll
repairs302972970.dll
repairs302972979.dll
repairs302972982.dll
repairs302972985.dll
repairs302972988.dll

Now follow the patch instructions for your system.

Patch Instructions:

~ Windows 98/ME ~

Run SSKfix98.exe

Run CCLeaner

Reboot in Normal Mode; run HijackThis and fix the following lines if they exist:R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O4 - HKLM\..\Run: [SurfSideKick] C:\Program Files\SurfSideKick\Ssk.exe (file missing)
O4 - HKCU\..\Run: [SurfSideKick] C:\Program Files\SurfSideKick\Ssk.exe (file missing)
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe (file missing)
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe (file missing)
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe (file missing)
O20 - AppInit_DLLs: repairs.dll (file missing)
O20 - AppInit_DLLs: repairs302972943.dll (file missing) (NOTE: This may have a different number)Using Windows Explorer navigate to the following directories and delete them if they still exist:C:\Program Files\SurfSideKick
C:\Program Files\SurfSideKick 2
C:\Program Files\SurfSideKick 3
C:\Program Files\Common Files\VCClient

~ Windows 2000/XP ~

Now run SSKfixXP.exe (towards the end of the process it might boot your PC if that occurs, make sure you keep tapping on the F8 key to boot back in Safe Mode). Run the fix again to complete the process.

Boot back into Safe Mode.

Run CCLeaner

Reboot in Normal Mode; run HijackThis and fix the following lines if they exist:R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O4 - HKLM\..\Run: [SurfSideKick] C:\Program Files\SurfSideKick\Ssk.exe (file missing)
O4 - HKCU\..\Run: [SurfSideKick] C:\Program Files\SurfSideKick\Ssk.exe (file missing)
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe (file missing)
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe (file missing)
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe (file missing)
O20 - AppInit_DLLs: repairs.dll (file missing)
O20 - AppInit_DLLs: repairs302972943.dll (file missing) (NOTE: This may have a different number)Using Windows Explorer navigate to the following directories and delete them if they still exist:C:\Program Files\SurfSideKick
C:\Program Files\SurfSideKick 2
C:\Program Files\SurfSideKick 3
C:\Program Files\Common Files\VCClient

Reboot once more into Normal Mode and run HijackThis and post the log as an attachment.

D3m3nt3d
Posting Whiz in Training
246 posts since Feb 2006
Reputation Points: 11
Solved Threads: 14
 
6 Years Ago
0

Thanks heaps - that worked great!!
I didnt have to remove any 'repairs.dll' as there were none, and a search, including hidden files, failed to find any, and none of the programs used found any either.
Below is the HijackThis log as requested.

Shaz :-)

Logfile of HijackThis v1.99.1
Scan saved at 8:48:35 PM, on 8/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
C:\Program Files\BIPAC-7000 ADSL USB Modem\CnxDslTb.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB001" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\BIPAC-7000 ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Frag Five Camp Each] C:\Documents and Settings\All Users\Application Data\AcidPhoneFragFive\Real That.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [] p2pnetworking.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\RunServices: [] p2pnetworking.exe
O4 - HKCU\..\Run: [CashIso] C:\DOCUME~1\Shaz\APPLIC~1\STOPPI~1\MoreBeepOption.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Winter Fun Wallpaper Changer.lnk = ?
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\i4060edseh060.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

shazp4
Newbie Poster
12 posts since Mar 2006
Reputation Points: 10
Solved Threads: 0
 
6 Years Ago
0

Alright great!

One more scan that should also eliminate the Look2Me infection you have, along with others.

Spysweeper
http://www.ianag.com/files/14/SpySweeperTrialSetup_EN-MajorGeeks.exe
-Update it to the latest definitions and run it
-Remove everything it finds
-Save the log and attach it for me

Also attach one more HijackThis log for cleanup.

D3m3nt3d
Posting Whiz in Training
246 posts since Feb 2006
Reputation Points: 11
Solved Threads: 14
 
6 Years Ago
0

After running the above steps, let's do this for the P2P Networking problem..

Download and unzip BFUzip
http://computercops.biz/zx/Merijn/bfu.zip

-Run the program and click the Web button

-Use this URL to copy into the address bar of the Download script window:
http://metallica.geekstogo.com/p2pnetwork.bfu

-Execute the script by clicking the Execute button.

If you have any questions about the use of BFU please read here:
http://metallica.geekstogo.com/BFUinstructions.html

D3m3nt3d
Posting Whiz in Training
246 posts since Feb 2006
Reputation Points: 11
Solved Threads: 14
 
6 Years Ago
0



 


Sorry, the requested page is not available.


Please check the URL for proper spelling and
capitalization. If you're having trouble locating a destination on our site, try
our site
search or
click here
to browse our free
computer help forum. Also, you may find what you're looking for on our
site if you try searching below.





Search by Keywords




Enter a keyword or phrase to search by. [ Advanced Usage Help ]


 


Search Where



» All ForumsOperating Systems  |-- Windows NT/2000/2003/XP  |-- Windows 95/98/ME  |-- All Other Operating SystemsHardware  |-- Hardware/Components/Peripherals  |-- System Building/Overclocking  |-- NetworkingInternet  |-- Web Design & Web Hosting  |-- Spyware/Adware/Viruses  |---- HiJackThis Logs  |-- Internet/BrowsersSoftware  |-- Applications  |-- Games  |-- Microsoft OfficeCommunity  |-- Live Chat  |-- Arcade  |-- Off-Topic  |-- Comments/Suggestions  |-- News and Updates  |-- GeekU  |---- Tutorials  |---- Tools and Resources  |---- Spyware Fixes (Special Cases)  |---- Canned Speeches  |---- Practice Hijack This logs  |---- "Check this proposed fix before I reply"  |---- Tips and Tricks  |---- Links to Live Logs  |---- Mods Only

Show me
most relevant 
most recent first



 





(c)2004
Geeks to Go



shazp4
Newbie Poster
12 posts since Mar 2006
Reputation Points: 10
Solved Threads: 0
 
6 Years Ago
0

Alright - doesn't look like BFU worked correctly.

Let's do this

Run thru the BFU procedure once again

When it completes, scan with HijackThis and check the following
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [] p2pnetworking.exe
O4 - HKLM\..\RunServices: [] p2pnetworking.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
Now with ALL Browsers closed, clickFIX CHECKED

Now download PocketKillbox
http://files3.majorgeeks.com/files/878afc3a94e8d373d2d8b7d3fcaba9b9/admin/killbox.exe

Open Killbox
-Copy and Paste C:\WINDOWS\System32\p2pnetworking.exe into the box
-It will appear in blue if it exists
-Choose the Delete on Reboot option
-Click the red X to confirm and allow it to reboot
-If you get a Pending error, or if it doesnt reboot on its own - reboot manually

Now attach one more HijackThis log - also when we are done with this we will need to update your Java

D3m3nt3d
Posting Whiz in Training
246 posts since Feb 2006
Reputation Points: 11
Solved Threads: 14
 
6 Years Ago
0

Hi,

Did the above - killbox didnt find the file.

New log:

Logfile of HijackThis v1.99.1
Scan saved at 9:26:50 PM, on 10/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\soundman.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
C:\Program Files\BIPAC-7000 ADSL USB Modem\CnxDslTb.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\DOCUME~1\Shaz\APPLIC~1\STOPPI~1\MoreBeepOption.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB001" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\BIPAC-7000 ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CashIso] C:\DOCUME~1\Shaz\APPLIC~1\STOPPI~1\MoreBeepOption.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A38DDD8E-E970-4208-9FFE-DDC07371E65E}: NameServer = 203.193.200.2 203.193.193.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Shaz :-)

shazp4
Newbie Poster
12 posts since Mar 2006
Reputation Points: 10
Solved Threads: 0
 
6 Years Ago
0

That log looks fine - just to make sure, please use Killbox and try the following two paths:
C:\WINDOWS\p2pnetworking.exe
C:\p2pnetworking.exe
The BFU script was supposed to eliminate it, and perhaps it did, but it was still in the log so I want to verify.
After that download the newest Java here http://www.java.com/en/download/manual.jsp

Afterwords uninstall the older version thru Add/Remove Programs and you should be fine if you are not having anymore problems. :)

D3m3nt3d
Posting Whiz in Training
246 posts since Feb 2006
Reputation Points: 11
Solved Threads: 14
 
6 Years Ago
0

Thanks heaps - have really appreciated your time.

All seems to be fine - except my add/remove programs opens but wont show any files, it just sits and says "please wait while the list is being populated..." - I think this is a separate issue????
I can repost this for someone else to help me with if its another time consuming issue.

Shaz :-)

shazp4
Newbie Poster
12 posts since Mar 2006
Reputation Points: 10
Solved Threads: 0
 
6 Years Ago
0

Yeah - that is probably a different issue - couple of things to try

Does it do the same thing in Safe Mode?

Also-if you choose Switch to Classic View then choose Add/Remove Programs does it hang?

D3m3nt3d
Posting Whiz in Training
246 posts since Feb 2006
Reputation Points: 11
Solved Threads: 14
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed