|
Member Login:
|
|
 |
May 29th, 2006
|
Top | #1 |
OSNN Junior Addict
Joined: May 2006
Posts: 6
Reputation: 0
Power: 74 |
Surfsidekick3 Removal Help - Logfile included
Scan saved at 10:31:19 AM, on 5/29/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\defender23.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Network Monitor\wnetmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\userinit.exe C:\Documents and Settings\Owner\Desktop\eqplaynice\WinEQ2\WinEQ2.exe C:\Program Files\Trillian\trillian.exe C:\Program Files\Sony\EverQuest\eqgame.exe C:\Program Files\Sony\EverQuest\eqgame.exe c:\defender24.exe C:\WINDOWS\system32\owpqmp.exe C:\WINDOWS\system32\eggul.exe C:\WINDOWS\system32\eggul.exe C:\WINDOWS\system32\eggul.exe c:\ac2_0003.exe C:\WINDOWS\system32\RUNDLL32.EXE c:\windows\system32\pqdsregm.exe C:\WINDOWS\system32\owinrqez.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll F2 - REG  ystem.ini: Shell=Explorer.exe, C:\WINDOWS\system32\eggul.exeF2 - REG ystem.ini: UserInit=C:\WINDOWS\system32\userinit.exe,pbnywvx.exeO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpBB5C.tmp (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [defender] c:\\defender24.exe O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKLM\..\Run: [newname] c:\\newname24.exe O4 - HKLM\..\Run: [keyboard] c:\\keyboard24.exe O4 - HKLM\..\Run: [nntiln] C:\WINDOWS\system32\owpqmp.exe reg_run O4 - HKLM\..\Run: [w2945a99.dll] RUNDLL32.EXE w2945a99.dll,I2 0011cd9e02945a99 O4 - HKLM\..\Run: [{5F-FD-DF-F8-ZN}] c:\windows\system32\pqdsregm.exe CORN003 O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\owinrqez.exe CORN003 O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: gebrs.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\Program Files\Starluck Casino\bin\IEExtension_SL.dll O9 - Extra 'Tools' menuitem: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\Program Files\Starluck Casino\bin\IEExtension_SL.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazzl...cab?refid=1162 O20 - AppInit_DLLs: repairs303169587.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Userinit Logon Verification (UsrInitVerif) - Unknown owner - C:\WINDOWS\userinit.exe tried the steps i found online to remove in safe mode but said prog was in use. Any help would be greatly appreciated! thank you |
|
|
|
May 29th, 2006
|
Top | #2 |
█▄█ ▀█▄ █
Joined: December 2003
Location: Sterling Heights, MICHIGAN
Posts: 3,507
Blog Entries: 19
Reputation: 2905
Power: 168 |
Re: Surfsidekick3 Removal Help - Logfile included
Run Ccleaner with the default options to clean out temporary files. Only use the Default Scan on the Windows Tab and select Run Cleaner. Do not run any other options from other tabs.
# Run Ad-Aware SE and select Perform full system scan box and allow it to fix all that it finds # Run Spybot Search & Destroy and allow it to fix all that it finds. Make sure you use the Immunize feature and use the SDHelper function but do not use Teatimer. # Run Microsoft Windows Defender and allow it to fix all that it finds. now remove these lines: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpBB5C.tmp (file missing) O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe Make sure you check your PC with more then one spyware scanner. After doing so. Repost a new log. |
|
|
|
|
May 29th, 2006
|
Top | #3 |
Glaanies script monkey
Joined: February 2003
Location: Chicago
Posts: 2,725
Reputation: 1520
Power: 155 |
Re: Surfsidekick3 Removal Help - Logfile included
There is a look2me infection here, follow these instructions:
Please download Look2Me-Destroyer.exe to your desktop. http://www.atribune.org/ccount/click.php?id=7 * Close all windows before continuing. * Double-click Look2Me-Destroyer.exe to run it. * Put a check next to Run this program as a task. * You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK * When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal. * Once it's done scanning, click the Remove L2M button. * You will receive a Done Scanning message, click OK. * When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK. * Your computer will then shutdown. * Turn your computer back on. Post a new log. |
|
|
|
|
May 29th, 2006
|
Top | #4 |
|
OSNN Junior Addict
Joined: May 2006
Posts: 6
Reputation: 0
Power: 74 |
Re: Surfsidekick3 Removal Help - Logfile included
Logfile of HijackThis v1.99.1
Scan saved at 12:39:42 PM, on 5/29/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\userinit.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\explorer.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll F2 - REG ystem.ini: UserInit=C:\WINDOWS\system32\userinit.exe,pbnywvx.exeO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [defender] C:\\defender24.exe O4 - HKLM\..\Run: [newname] C:\\newname24.exe O4 - HKLM\..\Run: [keyboard] C:\\keyboard24.exe O4 - HKLM\..\Run: [{5F-FD-DF-F8-ZN}] C:\windows\system32\pqdsregm.exe CORN003 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [nntiln] C:\WINDOWS\system32\owpqmp.exe reg_run O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [kkajn] C:\WINDOWS\system32\owpqmp.exe reg_run O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: gebrs.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\Program Files\Starluck Casino\bin\IEExtension_SL.dll O9 - Extra 'Tools' menuitem: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\Program Files\Starluck Casino\bin\IEExtension_SL.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1162 O20 - AppInit_DLLs: repairs303169587.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Userinit Logon Verification (UsrInitVerif) - Unknown owner - C:\WINDOWS\userinit.exe new log |
|
|
|
|
May 29th, 2006
|
Top | #5 |
|
Glaanies script monkey
Joined: February 2003
Location: Chicago
Posts: 2,725
Reputation: 1520
Power: 155 |
Re: Surfsidekick3 Removal Help - Logfile included
Have HJT fix:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll F2 - REGystem.ini: UserInit=C:\WINDOWS\system32\userinit.exe,pbnywvx.exe O4 - HKLM\..\Run: [defender] C:\\defender24.exe O4 - HKLM\..\Run: [newname] C:\\newname24.exe O4 - HKLM\..\Run: [keyboard] C:\\keyboard24.exe O4 - HKLM\..\Run: [{5F-FD-DF-F8-ZN}] C:\windows\system32\pqdsregm.exe CORN003 O4 - HKLM\..\Run: [nntiln] C:\WINDOWS\system32\owpqmp.exe reg_run O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - Global Startup: gebrs.exe O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1162 O20 - AppInit_DLLs: repairs303169587.dll Reboot into safemode and delete the following: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gebrs.exe <--file C:\Documents and Settings\Owner\Local Settings\Temp <-- entire contents of this folder C:\Program Files\SurfSideKick 3\ <--folder C:\windows\system32\pqdsregm.exe <--file C:\defender24.exe <--file C:\keyboard24.exe <--file C:\newname24.exe <--file Reboot and post a new log. |
|
|
|
|
May 29th, 2006
|
Top | #6 |
|
OSNN Junior Addict
Joined: May 2006
Posts: 6
Reputation: 0
Power: 74 |
Re: Surfsidekick3 Removal Help - Logfile included
Logfile of HijackThis v1.99.1
Scan saved at 5:41:12 PM, on 5/29/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\userinit.exe c:\defender24.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Outlook Express\msimn.exe C:\WINDOWS\system32\ctfmon.exe R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [kkajn] C:\WINDOWS\system32\owpqmp.exe reg_run O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\Program Files\Starluck Casino\bin\IEExtension_SL.dll O9 - Extra 'Tools' menuitem: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\Program Files\Starluck Casino\bin\IEExtension_SL.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O20 - AppInit_DLLs: repairs303169587.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Userinit Logon Verification (UsrInitVerif) - Unknown owner - C:\WINDOWS\userinit.exe cant remove some items on hjt and 04 hkcu\ surfsidekick 3 keeps coming up after delete. An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: repairs303169587.dll) Error #5 - Invalid procedure call or argument Please email me at merijn@spywareinfo.com, reporting the following: * What you were trying to fix when the error occurred, if applicable * How you can reproduce the error * A complete HijackThis scan log, if possible Windows version: Windows NT 5.01.2600 MSIE version: 6.0.2900.2180 HijackThis version: 1.99.1 This message has been copied to your clipboard. Click OK to continue the rest of the scan. |
|
|
|
|
May 29th, 2006
|
Top | #7 |
|
Glaanies script monkey
Joined: February 2003
Location: Chicago
Posts: 2,725
Reputation: 1520
Power: 155 |
Re: Surfsidekick3 Removal Help - Logfile included
Ok, you have some new stuff there too, you need to go into Add/Remove programs and uninstall new.net. Then try this new Sidekick fix:
Download Brute Force Uninstaller to your desktop.
sidekickFix.bat (rightclick on that link and choose save as)
Post a new log. |
|
|
|
|
June 6th, 2006
|
Top | #8 |
|
OSNN Junior Addict
Joined: May 2006
Posts: 6
Reputation: 0
Power: 74 |
Re: Surfsidekick3 Removal Help - Logfile included
Logfile of HijackThis v1.99.1
Scan saved at 6:08:36 PM, on 6/6/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\userinit.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Windows Defender\MSASCui.exe C:\defender25.exe C:\WINDOWS\system32\ctfmon.exe C:\windows\system32\pqdsregm.exe C:\Documents and Settings\Owner\Application Data\W?nSxS\msconfig.exe C:\Program Files\Network Monitor\netmon.exe C:\WINDOWS\yjdqgxgA.exe c:\ac2_0003.exe C:\Program Files\Weather\wweather_install.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\!update.exe C:\Program Files\apsi\wtta.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll F2 - REG ystem.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,pbnywvx.exeO2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\system32\x3cqp0.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [newname] C:\\newname25.exe O4 - HKLM\..\Run: [defender] C:\\defender25.exe O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe O4 - HKLM\..\Run: [{5F-FD-DF-F8-ZN}] C:\windows\system32\pqdsregm.exe CORN003 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\owinrqez.exe CORN003 O4 - HKLM\..\Run: [yjdqgxgA] C:\WINDOWS\yjdqgxgA.exe O4 - HKLM\..\Run: [w00154e1.dll] RUNDLL32.EXE w00154e1.dll,I2 0011cd9e000154e1 O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKLM\..\RunOnce: [refdft] cmd /c IF EXIST "C:\WINDOWS\system32\ftuninst.exe" del /s /q "C:\WINDOWS\system32\ftuninst.exe" O4 - HKLM\..\RunOnce: [v36Yq] "C:\WINDOWS\system32\gbe90qs.exe" -Ho61xAVDI O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Notn] "C:\Program Files\apsi\wtta.exe" -vt tzt O4 - HKCU\..\Run: [Wqza] C:\Documents and Settings\Owner\Application Data\W?nSxS\msconfig.exe O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\owinrqez.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\Program Files\Starluck Casino\bin\IEExtension_SL.dll O9 - Extra 'Tools' menuitem: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\Program Files\Starluck Casino\bin\IEExtension_SL.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\system32\x3cqp0.dll O20 - AppInit_DLLs: repairs303169590.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Userinit Logon Verification (UsrInitVerif) - Unknown owner - C:\WINDOWS\userinit.exe O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\yjdqgxg.exe have adware.cmdservice popups now, not sure how to remove also ssk3 wont unistall, used the bfu and rebooted but did not work. Thank You |
|
|
|
|
June 6th, 2006
|
Top | #9 |
|
Glaanies script monkey
Joined: February 2003
Location: Chicago
Posts: 2,725
Reputation: 1520
Power: 155 |
Re: Surfsidekick3 Removal Help - Logfile included
Let me look for more info on this one, seems like it is morphing again.
|
|
|
|
|
June 6th, 2006
|
Top | #10 |
|
Glaanies script monkey
Joined: February 2003
Location: Chicago
Posts: 2,725
Reputation: 1520
Power: 155 |
Re: Surfsidekick3 Removal Help - Logfile included
You have tons of trojans on this PC. Disconnect it from the internet and follow these steps. First go to Start > Run > type in services.msc and hit enter. Scroll down to
Userinit Logon Verification (UsrInitVerif) Double click it and change its startup type to disabled. Do the same thing for Windows Overlay Components Now have HJT fix: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll F2 - REGystem.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,pbnywvx.exe O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\system32\x3cqp0.dll O4 - HKLM\..\Run: [newname] C:\\newname25.exe O4 - HKLM\..\Run: [defender] C:\\defender25.exe O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe O4 - HKLM\..\Run: [{5F-FD-DF-F8-ZN}] C:\windows\system32\pqdsregm.exe CORN003 O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\owinrqez.exe CORN003 O4 - HKLM\..\Run: [yjdqgxgA] C:\WINDOWS\yjdqgxgA.exe O4 - HKLM\..\Run: [w00154e1.dll] RUNDLL32.EXE w00154e1.dll,I2 0011cd9e000154e1 O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKLM\..\RunOnce: [refdft] cmd /c IF EXIST "C:\WINDOWS\system32\ftuninst.exe" del /s /q "C:\WINDOWS\system32\ftuninst.exe" O4 - HKLM\..\RunOnce: [v36Yq] "C:\WINDOWS\system32\gbe90qs.exe" -Ho61xAVDI O4 - HKCU\..\Run: [Notn] "C:\Program Files\apsi\wtta.exe" -vt tzt O4 - HKCU\..\Run: [Wqza] C:\Documents and Settings\Owner\Application Data\W?nSxS\msconfig.exe O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\owinrqez.exe O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\system32\x3cqp0.dll O20 - AppInit_DLLs: repairs303169590.dll O23 - Service: Userinit Logon Verification (UsrInitVerif) - Unknown owner - C:\WINDOWS\userinit.exe O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\yjdqgxg.exe Reboot into safemode and delete the following: C:\Documents and Settings\Owner\Application Data\W?nSxS\msconfig.exe <--file C:\Program Files\apsi\ <--folder C:\Program Files\SurfSideKick 3\ <--folder C:\windows\system32\pqdsregm.exe <--file C:\WINDOWS\system32\x3cqp0.dll <--file C:\WINDOWS\userinit.exe <--file C:\WINDOWS\yjdqgxg.exe <--file c:\ac2_0003.exe <--file C:\defender25.exe <--file C:\keyboard25.exe <--file C:\newname25.exe <--file Reboot normally, redo the BFU instructions. Reboot normally and post a new log. If you can keep the PC off of the internet during this whole process, that should help. |
|
|
|
|
June 7th, 2006
|
Top | #11 |
|
OSNN Junior Addict
Joined: May 2006
Posts: 6
Reputation: 0
Power: 74 |
Re: Surfsidekick3 Removal Help - Logfile included
Logfile of HijackThis v1.99.1
Scan saved at 8:17:35 PM, on 6/6/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DVD Shrink\Version History.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\Program Files\Starluck Casino\bin\IEExtension_SL.dll O9 - Extra 'Tools' menuitem: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\Program Files\Starluck Casino\bin\IEExtension_SL.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe looks likes its gone, fixed? Thank you so much for all the help. |
|
|
|
|
June 7th, 2006
|
Top | #12 |
|
Glaanies script monkey
Joined: February 2003
Location: Chicago
Posts: 2,725
Reputation: 1520
Power: 155 |
Re: Surfsidekick3 Removal Help - Logfile included
Yep looks clean, you should update Sun's java, http://www.java.com/en/index.jsp
I also highly suggest installing Spyware Blaster, it is a nice little tool to help prevent spyware, http://www.javacoolsoftware.com/spywareblaster.html |
|
|
|
|
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Need Help Removing SurfSideKick3 | thesniper60 | Windows Desktop Systems | 11 | May 15th, 2006 8:02pm |
| Surfsidekick3 Hijack log | Striker | Windows Desktop Systems | 12 | May 7th, 2006 9:56pm |
| i need a script that can write the current ip of computer to a logfile on a local dr | VenomXt | Web Design & Coding | 0 | July 23rd, 2005 6:44am |
| Nero - What's Included | American Zombie | Windows Desktop Systems | 3 | November 4th, 2004 5:37pm |
| msn (xp) problem~pic included | the_music_man | Windows Desktop Systems | 24 | October 1st, 2002 5:43am |
