1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

sspmydoom.cih version .2.018.

Discussion in 'Virus & Other Malware Removal' started by blindboy_178, Feb 9, 2005.

Thread Status:
Not open for further replies.
  1. blindboy_178

    blindboy_178 Thread Starter

    Joined:
    Feb 9, 2005
    Messages:
    2
    I got this **** some how and I read how to fix it in another post and I got the hijack info so im going to post it here in a diff thread because that is what i was told to do.


    Logfile of HijackThis v1.99.0
    Scan saved at 5:32:26 PM, on 2/9/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\ipvv32.exe
    C:\WINDOWS\sdkmc32.exe
    C:\DOCUME~1\Default\LOCALS~1\Temp\3.tmp
    C:\WINDOWS\System32\cmd.exe
    C:\WINDOWS\System32\tibs5.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Default\Desktop\ewhtt.exe
    C:\WINDOWS\System32\Regsvr32.exe
    C:\Documents and Settings\Default\Desktop\dddd.exe
    C:\WINDOWS\System32\234216.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WebSiteViewer\127062.dlr
    C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\RZT3J94W\HijackThis199Final[www.click-now.net][1]\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vrdjc.dll/sp.html#14044
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vrdjc.dll/sp.html#14044
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vrdjc.dll/sp.html#14044
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vrdjc.dll/sp.html#14044
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vrdjc.dll/sp.html#14044
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
    R3 - Default URLSearchHook is missing
    F3 - REG:win.ini: run=C:\WINDOWS\System32\soft.exe
    O2 - BHO: (no name) - {091DD5A2-BCF3-5ABD-CDB0-DEE71178B028} - C:\WINDOWS\sdkmc32.dll
    O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\boln.dll
    O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [3.tmp] C:\DOCUME~1\Default\LOCALS~1\Temp\3.tmp.exe 1 10001
    O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\System32\tibs5.exe
    O4 - HKLM\..\Run: [sdkmc32.exe] C:\WINDOWS\sdkmc32.exe
    O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\System32\web.exe
    O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
    O4 - HKLM\..\Run: [3.tmp.exe] C:\DOCUME~1\Default\LOCALS~1\Temp\3.tmp.exe 1 10001
    O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\dddd.exe
    O4 - HKLM\..\Run: [antiware] c:\windows\system32\elitepeg32.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Web Service] C:\WINDOWS\System32\web.exe
    O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\dddd.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.addictivetechnologies.com
    O15 - Trusted Zone: *.addictivetechnologies.net
    O15 - Trusted Zone: *.admin2cash.biz
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.bettersearch.biz
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.c4tdownload.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.crazywinnings.com
    O15 - Trusted Zone: *.f1organizer.com
    O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.iframe.biz
    O15 - Trusted Zone: *.megapornix.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.newiframe.biz
    O15 - Trusted Zone: *.overpro.com
    O15 - Trusted Zone: *.pizdato.biz
    O15 - Trusted Zone: *.private-dialer.biz
    O15 - Trusted Zone: *.private-iframe.biz
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.sp2admin.biz
    O15 - Trusted Zone: *.sp2****ed.biz
    O15 - Trusted Zone: *.static.topconverting.com
    O15 - Trusted Zone: *.topconverting.com
    O15 - Trusted Zone: *.vse-moe.biz
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.ysbweb.com
    O15 - Trusted Zone: *.05p.com (HKLM)
    O15 - Trusted Zone: *.awmdabest.com (HKLM)
    O15 - Trusted Zone: *.blazefind.com (HKLM)
    O15 - Trusted Zone: *.clickspring.net (HKLM)
    O15 - Trusted Zone: *.flingstone.com (HKLM)
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.my-internet.info (HKLM)
    O15 - Trusted Zone: *.scoobidoo.com (HKLM)
    O15 - Trusted Zone: *.searchbarcash.com (HKLM)
    O15 - Trusted Zone: *.searchmiracle.com (HKLM)
    O15 - Trusted Zone: *.slotch.com (HKLM)
    O15 - Trusted Zone: *.static.topconverting.com (HKLM)
    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
    O15 - Trusted IP range: 206.161.125.149
    O15 - Trusted IP range: 206.161.125.149 (HKLM)
    O16 - DPF: v3cab - http://searchmiracle.com/cab/1.cab
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\system32\ipvv32.exe
     
  2. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Hi blindboy_178

    Welcome to TSG! :)

    I see you are running Hijack This from your Temporary Internet Files folder now. This is a bad idea because it cannot create and restore backups from there. You need to create a new folder in My Documents and name it Hijack This. Now Click here to download Hijack This again. Download it and click "Save". Save it to the Hijack This folder you just created. That way it can create and restore backups if needed. HJT will store the backups in the same location that it is run from.

    After you have done that, rescan with Hijack This and post a new log.

    After you post the next Hijack This log, it is very important that you not restart your computer or attempt to do anything to remove this until I have posted the removal directions because the files and the entries in HJT will change and we will have to start all over again. It would be best that you do nothing at all with the computer until you get the directions.
     
  3. blindboy_178

    blindboy_178 Thread Starter

    Joined:
    Feb 9, 2005
    Messages:
    2
    Logfile of HijackThis v1.99.0
    Scan saved at 7:10:52 PM, on 2/9/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\ipvv32.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\Regsvr32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\javarq32.exe
    C:\Documents and Settings\Default\Desktop\hijack\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vrdjc.dll/sp.html#14044
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vrdjc.dll/sp.html#14044
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vrdjc.dll/sp.html#14044
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vrdjc.dll/sp.html#14044
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vrdjc.dll/sp.html#14044
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vrdjc.dll/sp.html#14044
    R3 - Default URLSearchHook is missing
    F3 - REG:win.ini: run=C:\WINDOWS\System32\soft.exe
    O2 - BHO: (no name) - {091DD5A2-BCF3-5ABD-CDB0-DEE71178B028} - C:\WINDOWS\sdkmc32.dll
    O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\boln.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [3.tmp] C:\DOCUME~1\Default\LOCALS~1\Temp\3.tmp.exe 5 10001
    O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\System32\tibs5.exe
    O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\System32\web.exe
    O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
    O4 - HKLM\..\Run: [3.tmp.exe] C:\DOCUME~1\Default\LOCALS~1\Temp\3.tmp.exe 1 10001
    O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\dddd.exe
    O4 - HKLM\..\Run: [antiware] c:\windows\system32\elitepeg32.exe
    O4 - HKLM\..\Run: [javarq32.exe] C:\WINDOWS\system32\javarq32.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Web Service] C:\WINDOWS\System32\web.exe
    O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\dddd.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.addictivetechnologies.com
    O15 - Trusted Zone: *.addictivetechnologies.net
    O15 - Trusted Zone: *.admin2cash.biz
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.bettersearch.biz
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.c4tdownload.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.crazywinnings.com
    O15 - Trusted Zone: *.f1organizer.com
    O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.iframe.biz
    O15 - Trusted Zone: *.megapornix.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.newiframe.biz
    O15 - Trusted Zone: *.overpro.com
    O15 - Trusted Zone: *.pizdato.biz
    O15 - Trusted Zone: *.private-dialer.biz
    O15 - Trusted Zone: *.private-iframe.biz
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.sp2admin.biz
    O15 - Trusted Zone: *.sp2****ed.biz
    O15 - Trusted Zone: *.static.topconverting.com
    O15 - Trusted Zone: *.topconverting.com
    O15 - Trusted Zone: *.vse-moe.biz
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.ysbweb.com
    O15 - Trusted Zone: *.05p.com (HKLM)
    O15 - Trusted Zone: *.awmdabest.com (HKLM)
    O15 - Trusted Zone: *.blazefind.com (HKLM)
    O15 - Trusted Zone: *.clickspring.net (HKLM)
    O15 - Trusted Zone: *.flingstone.com (HKLM)
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.my-internet.info (HKLM)
    O15 - Trusted Zone: *.scoobidoo.com (HKLM)
    O15 - Trusted Zone: *.searchbarcash.com (HKLM)
    O15 - Trusted Zone: *.searchmiracle.com (HKLM)
    O15 - Trusted Zone: *.slotch.com (HKLM)
    O15 - Trusted Zone: *.static.topconverting.com (HKLM)
    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
    O15 - Trusted IP range: 206.161.125.149
    O15 - Trusted IP range: 206.161.125.149 (HKLM)
    O16 - DPF: v3cab - http://searchmiracle.com/cab/1.cab
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\system32\ipvv32.exe
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/328696

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice