Options
pezzdog
Help...I have the shopping wizard as well as the dang "AIM Beach Pics" never had this problem until my dang sister used my machine and got suckered into clicking somebody's beach pics away message. Here is my hijack before I delete anything.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\Default\Desktop\HIJACK\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://nkvd.us (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nkvd.us (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bifuy.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bifuy.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\bifuy.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bifuy.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bifuy.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\bifuy.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\bifuy.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {88F58E91-2349-CEB7-A893-765E5171E648} - C:\WINDOWS\netjf.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BitDefender Antivirus] BITDEFENDERX.EXE
O4 - HKLM\..\Run: [nsvcin] C:\Documents and Settings\Default\n20050308.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [Narrator] C:\WINDOWS\System32\igqoyq.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.10\WlanCU.exe
O4 - Global Startup: winlogin.exe
O4 - Global Startup: uifpyf.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {83D5556F-4224-4fc7-A578-4D09AAD5DED4} - C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\O96ZS96B\access[1].exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Microsoft® JavaScript® Console - {E6C19DCE-F37F-4311-AEE2-163CCFFFB598} - C:\WINDOWS\System32\comdlg32.ocx
O9 - Extra 'Tools' menuitem: JavaScript Console - {E6C19DCE-F37F-4311-AEE2-163CCFFFB598} - C:\WINDOWS\System32\comdlg32.ocx
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\remove_it.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {83D5556F-4224-4fc7-A578-4D09AAD5DED4} - C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\O96ZS96B\access[1].exe (file missing) (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {E6C19DCE-F37F-4311-AEE2-163CCFFFB598} - C:\WINDOWS\System32\comdlg32.ocx (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {E6C19DCE-F37F-4311-AEE2-163CCFFFB598} - C:\WINDOWS\System32\comdlg32.ocx (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {2AD5DBAE-2DDB-11D4-A96C-00E09872DF17} (PrintRoomUploader Class) - http://www.printroom.com/_vti_dnl/PrintroomUploaderX3.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\o0rola931d.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Performance Manager (svhost) - Unknown owner - c:\Program Files\Common Files\fh.exe (file missing)
O23 - Service: Workstation NetLogon Service (%AF夶À¨) - Unknown owner - C:\WINDOWS\winmy32.exe
Thanks for the help
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\Default\Desktop\HIJACK\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://nkvd.us (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nkvd.us (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bifuy.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bifuy.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\bifuy.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bifuy.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bifuy.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\bifuy.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\bifuy.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {88F58E91-2349-CEB7-A893-765E5171E648} - C:\WINDOWS\netjf.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BitDefender Antivirus] BITDEFENDERX.EXE
O4 - HKLM\..\Run: [nsvcin] C:\Documents and Settings\Default\n20050308.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [Narrator] C:\WINDOWS\System32\igqoyq.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.10\WlanCU.exe
O4 - Global Startup: winlogin.exe
O4 - Global Startup: uifpyf.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {83D5556F-4224-4fc7-A578-4D09AAD5DED4} - C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\O96ZS96B\access[1].exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Microsoft® JavaScript® Console - {E6C19DCE-F37F-4311-AEE2-163CCFFFB598} - C:\WINDOWS\System32\comdlg32.ocx
O9 - Extra 'Tools' menuitem: JavaScript Console - {E6C19DCE-F37F-4311-AEE2-163CCFFFB598} - C:\WINDOWS\System32\comdlg32.ocx
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\remove_it.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {83D5556F-4224-4fc7-A578-4D09AAD5DED4} - C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\O96ZS96B\access[1].exe (file missing) (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {E6C19DCE-F37F-4311-AEE2-163CCFFFB598} - C:\WINDOWS\System32\comdlg32.ocx (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {E6C19DCE-F37F-4311-AEE2-163CCFFFB598} - C:\WINDOWS\System32\comdlg32.ocx (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {2AD5DBAE-2DDB-11D4-A96C-00E09872DF17} (PrintRoomUploader Class) - http://www.printroom.com/_vti_dnl/PrintroomUploaderX3.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\o0rola931d.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Performance Manager (svhost) - Unknown owner - c:\Program Files\Common Files\fh.exe (file missing)
O23 - Service: Workstation NetLogon Service (%AF夶À¨) - Unknown owner - C:\WINDOWS\winmy32.exe
Thanks for the help
0
Comments
Download LSPFix from http://www.cexx.org/lspfix.zip and run it.
Check the I know what I'm doing box.
In the Keep box you should see one or more instances of the following files.
aklsp.dll
dolsp.dll
Select every instance of these files, but no others, and move each one to the Remove box by clicking the >> button.
Reboot and post a new hijackthis log.
When you are done click Finish>>.