Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help. Can't Remove Vcclient.exe / Surfsidekick


  • Please log in to reply
2 replies to this topic

#1 mossalli

mossalli

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 12 March 2006 - 02:18 PM

Help. Everytime in the last week when I startup my computer I get a message saying "VCMain.exe - Application Error The application failed to initialize properly (0xc0000135), click on OK to terminate the application." and the same thing right afterwards for "VCClient.exe".

Then when i use Internet explorer, pop-ups start going crazy, programs like "freepod" show up on my desktop, and miscellaneous other programs keep showing up on my c drive. I have tried many times to use ad-aware, spyware doctor, to remove. My c drive is right about completely full, so i'm not able to install windows sp2 or microsoft antispyware, or many other programs for that matter.

I scan in both safe-mode and regular startup but the application errors return and as soon as i connect to the internet, all the programs return even stronger than the last time.

Any help to get rid of this nuisance would be much appreciated.
thanks,
mossalli

here's my HJT log:

Logfile of HijackThis v1.99.1

Scan saved at 1:50:17 PM, on 3/12/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\SGlzaGFtIE1vc3NhbGxp\command.exe

C:\Program Files\Network Monitor\netmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\EQAdvice\EQAdvice.exe

C:\WINDOWS\System32\atiptaxx.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe

C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe

C:\WINDOWS\System32\WScript.exe

C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\iWare\iWare Mouse\3.2\lwbwheel.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

c:\progra~1\Support.com\client\bin\tgcmd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\outlook\outlook.exe

C:\WINDOWS\System32\winlog.exe

C:\WINDOWS\SYSC00.exe

C:\WINDOWS\System32\hpsw.exe

C:\windows\system32\qldsregr.exe

C:\WINDOWS\System32\wgse.exe

C:\mousepad1.exe

C:\WINDOWS\newfrn.exe

C:\WINDOWS\win32074821350109.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Belkin\Bluetooth Software\BTTray.exe

C:\Program Files\PowerPanel\Program\PcfMgr.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe

C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

C:\Documents and Settings\Hisham Mossalli\Desktop\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll

O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\System32\irsmgbbv.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"

O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"

O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs

O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\iWare\iWare Mouse\3.2\lwbwheel.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto

O4 - HKLM\..\Run: [winlog] winlog.exe

O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe

O4 - HKLM\..\Run: [susse] "C:\WINDOWS\System32\hpsw.exe"

O4 - HKLM\..\Run: [{90-09-92-2A-ZN}] C:\windows\system32\qldsregr.exe CORN001

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\wprawa.exe reg_run

O4 - HKLM\..\Run: [gimmysmileys] c:\\gimmysmileys1.exe

O4 - HKLM\..\Run: [keyboard] c:\\keyboard1.exe

O4 - HKLM\..\Run: [mousepad] C:\\mousepad1.exe

O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe

O4 - HKLM\..\Run: [win32074821350109] C:\WINDOWS\win32074821350109.exe

O4 - HKLM\..\RunServices: [winlog] winlog.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe

O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\System32\irssyncd.exe

O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"

O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: PowerPanel.lnk = ?

O4 - Global Startup: svchost.exe

O4 - Global Startup: xogz.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: Microsoft AntiSpyware helper - {C87AC926-1120-49BB-AEBB-E215D4210082} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C87AC926-1120-49BB-AEBB-E215D4210082} - (no file) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll

O20 - AppInit_DLLs: Runner.dll

O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\WDVADVE.DLL (file missing)

O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\tRembed.dll (file missing)

O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\lhrt.dll (file missing)

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SGlzaGFtIE1vc3NhbGxp\command.exe

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe

BC AdBot (Login to Remove)

 


m

#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:02 PM

Posted 13 March 2006 - 02:28 AM

Hello mossalli, and welcome to BleepingComputer,

We'll try to help you out, just give us some time to study your log.

Greetings,
BMThor
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:02 PM

Posted 13 March 2006 - 04:39 PM

Hello mossalli,

You have quite a collection here! It will take several steps to get rid of those.

Please follow these instructions very carefully, and in the specified order (very important!).

1. You wil need to make some space available on your hard disk!
Please remove whatever personal files you no longer need.

Also use the Windows disk cleanup tool: go to Start > Run and type cleanmgr, click OK and allow the cleaning up of all temperary files.

2. Please download Brute Force Uninstaller.Unzip it to itís own folder (c:\BFU)

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra Remover.
Save it in the folder you made earlier (c:\BFU).

Open My Computer and navigate to the c:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe

In the scriptline to execute field copy and paste c:\bfu\p2pnetwork.bfu
Press execute and let it do itís job.

Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
3. Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK.
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

4. Go to Start > Settings > Control Panel > Software, and by using Add/Remove programs remove if found:Surf SideKick
SafeSurfing
ZenoSearch
CasinoClient

5. Reboot your computer.

6. Is your TrendMicro PC-cillin antivirus program still operational?? If so, update it now.
Run a full system scan and let it remove any malware it finds.

7. Reboot your computer.

8. Please post the contents of C:\Look2Me-Destroyer.txt and a new HijackThis log.

Greetings,
BMThor
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users