Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svengali_uk - SSK3 issues


  • This topic is locked This topic is locked
7 replies to this topic

#1 Svengali_uk

Svengali_uk

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 15 March 2006 - 04:21 AM

I have read the various instructions, but they all start "open the add/remove software" tool in Control Panel.
My computer will not let me! I keep getting a message saying mshta.exe has generated errors & will be shut down.
Is this part of the surfsidekick problem, or do I have another one?

BC AdBot (Login to Remove)

 


m

#2 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 15 March 2006 - 04:52 AM

Svengali_uk,

We'll require a HijackThis log from you. Please download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\PROGRAM FILES\HIJACKTHIS\

Double click on HijackThis.exe to run the program.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file

#3 Svengali_uk

Svengali_uk
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 15 March 2006 - 07:33 AM

Hi, this is my Hijack this log. I have run AdAware, Spybot & Spyware Doctor, but none of them seem able to completely clean SurfSidekick - and as I reported, I cannot use add/remove programs.
Hope you can help!
Jeremy

Logfile of HijackThis v1.99.1
Scan saved at 12:21:26, on 15/03/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
J:\WINNT\System32\smss.exe
J:\WINNT\system32\csrss.exe
J:\WINNT\system32\winlogon.exe
J:\WINNT\system32\services.exe
J:\WINNT\system32\lsass.exe
J:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
J:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\svchost.exe
J:\WINNT\System32\GEARSec.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
J:\WINNT\System32\svchost.exe
J:\WINNT\system32\regsvc.exe
J:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
J:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Belkin Bulldog Plus\upsd.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
J:\WINNT\System32\WBEM\WinMgmt.exe
J:\WINNT\Explorer.EXE
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\SSC Service Utility\ssc_serv.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
J:\WINNT\system32\internat.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\E-Color\Common\IconMgr.exe
C:\Program Files\Belkin Bulldog Plus\MUPS.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
C:\Program Files\Agent\agent.exe
C:\Program Files\ZoneLabs\zlclient.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ephotozine.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ephotozine.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AS00_Netgear] C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MSN Checker] msnchecker.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe
O4 - HKLM\..\Run: [newname] C:\\newname2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [MSN Checker] msnchecker.exe
O4 - HKLM\..\RunOnce: [WMC_RebootCheck] J:\WINNT\inf\unregmp2.exe /FixUps
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [QuickGammaLoader] C:\Program Files\QuickGamma\QuickGammaLoader.exe
O4 - HKCU\..\Run: [MSN Checker] msnchecker.exe
O4 - HKCU\..\RunServices: [MSN Checker] msnchecker.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: Java SATARaid.lnk = C:\Program Files\Silicon Image\Java SATARaid\run.bat
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://evidenceeraserpro.com/landings/EEProInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A51B5F5F-15A5-4447-BFC9-4FC2A205D8D4}: NameServer = 192.168.0.1,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{F185F382-7048-4EFD-AAC9-552C7CEFC6CE}: NameServer = 212.67.120.148 212.67.96.129
O20 - AppInit_DLLs: repairs303169536.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - J:\WINNT\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - J:\WINNT\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Program Files\Belkin Bulldog Plus\upsd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

#4 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 15 March 2006 - 08:33 AM

Before any work can be done on this machine, there is something that must first be done.

I notice that you have more than one anti-virus programs on your machine (AVG & Symantec). That's not a good idea!! Posted Image

This messes up the machine pretty badly. Alike firewalls, anti-virus programs have conflicts co-existing with each other & may produce undesirable results. Please uninstall ALL leaving only one of them.

ALL the antivirus programs must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:

re-install the program -> reboot -> uninstall

Please re-post a fresh HJT log when that's done.
Also tell me if this folder exist - Program Files\SurfSideKick (do nothing about it. just inform me)

Edited by sUBs, 15 March 2006 - 08:41 AM.


#5 Svengali_uk

Svengali_uk
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 15 March 2006 - 11:57 AM

Thanks for getting back so quickly. I didn't know that I had two anti-virus programs running. I uninstalled symantec ages ago, as I don't like the way it takes over the computer & causes crashes. The only Symantec program that I know about is Ghost, that I have just installed to make backups. I was running a RAID mirror, but of course that just gave me a second copy of any corruption that occured, so I have switched the RAID off (Hence the appearance of Drive J), and bought Ghost (Installed yesterday). Does Ghost also have anti-virus elements>
As I reported, I cannot open the add/remove program facility, I get the error message.
I DO have the folder Surfsidekick 3.
As I cannot open the add/remove program folder, and as far as I can see, I have no means of removing symantec (Unless it comes out with the uninstall of Ghost), should I remove AVG?
Regards
Jeremy

#6 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 15 March 2006 - 12:06 PM

Try this now...

Go to Start > Run - copy/paste the following in & click OK

"%systemdrive%\Program files\SurfSideKick 3\Ssk.exe" /u

Follow the prompts given & reboot when prompted. Post a fresh HJT log after you have done so.

#7 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 15 March 2006 - 12:09 PM

Follow the instructions here for repairing the mshta.exe error.

http://support.microsoft.com/?kbid=285195&sd=RMVP

#8 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 12 April 2006 - 01:53 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users