Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Computer Is Being Taken Over By Ads/surfside. Help?


  • This topic is locked This topic is locked
6 replies to this topic

#1 Leftbehind126

Leftbehind126

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 02 April 2006 - 02:39 AM

I get loads of pop-ups non stop and I can't get rid of Surf sidekick. I've run Ad-aware and Spybot S&D. I've tried deleting some of the files, but the ones like ssk.exe won't delete. It says its being used by another person or program. I don't know if it's just SurfSideKick causing all the problems or if its more. Here is a HijackThis log. Hopefully someone can help me?



Logfile of HijackThis v1.99.1
Scan saved at 3:37:32 AM, on 4/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\YW50aG9ueQ\command.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SYSC00.exe
C:\Program Files\AIM\aim.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\?racle\m?config.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" /disabled
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [{52-2A-A9-9F-ZN}] C:\windows\system32\qkdsrego.exe CORN001
O4 - HKLM\..\Run: [win32097162143708] C:\WINDOWS\win32097162143708.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Owner\LOCALS~1\Temp\20.tmp
O4 - HKCU\..\Run: [Oscb] "C:\WINDOWS\ASEMBL~1\mmc.exe" -vt yazr
O4 - HKCU\..\Run: [Qekr] C:\Program Files\Common Files\?racle\m?config.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03b96229e5e43c...ip/RdxIE601.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O20 - AppInit_DLLs: repairs303169566.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\o2ro0c93ef.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YW50aG9ueQ\command.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe




Let me know if you need anything else. Please help.

BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:00 AM

Posted 02 April 2006 - 04:36 AM

Hello and welcome lets get started.. :thumbsup:

You have few infections there.

==

Please print these instructions out, or write them down, as you can't read them during the fix.

Please download Look2Me-Destroyer to your desktop.

Before continuing with the fix there is something you must do:
  • Click Start -> Run and type in: services.msc
  • Check that the following services are running and that their startup is set to automatic:
  • Seclogon, or Secondary logon service
  • Next your machine needs to be offline, manually disconnect the network cable if necessary.
  • Your antivirus, and every other security software MUST be disabled.
Now continue:
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Re-launch your Anti-virus/Firewall protection.
  • Re-connect back to the internet.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a fresh HiJackThis log. :flowers:
If Look2Me-Destroyer does not reopen automatically, reboot and try again.
Hi there, stranger!

#3 Leftbehind126

Leftbehind126
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 02 April 2006 - 12:09 PM

Thank you for taking your time to try to help me. I've done what the instructions say. This is the Look2Me-Destroyer.txt, followed by the new HiJackThis Log.




Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 4/2/2006 12:58:02 PM

Infected! C:\WINDOWS\system32\dnro0193e.dll
Infected! C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0182239.dll
Infected! C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0183258.dll
Infected! C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0183267.dll
Infected! C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0184261.dll
Infected! C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0184289.dll
Infected! C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0184290.dll
Infected! C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0184298.dll
Infected! C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0185298.dll
Infected! C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0186307.dll
Infected! C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0186310.dll
Infected! C:\WINDOWS\system32\dMtaclen.dll
Infected! C:\WINDOWS\system32\dnro0193e.dll
Infected! C:\WINDOWS\system32\e2jmlc111f.dll
Infected! C:\WINDOWS\system32\h20qlcd51f0.dll
Infected! C:\WINDOWS\system32\i6nm0g51e6.dll
Infected! C:\WINDOWS\system32\irr0l59m1.dll
Infected! C:\WINDOWS\system32\jt6207joe.dll
Infected! C:\WINDOWS\system32\k662lgjo16oc.dll
Infected! C:\WINDOWS\system32\mgimsg.dll
Infected! C:\WINDOWS\system32\mriqtz32.dll
Infected! C:\WINDOWS\system32\n8n6li5s18.dll
Infected! C:\WINDOWS\system32\r0r6la9s1d.dll
Infected! C:\WINDOWS\system32\wtaudsdk.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\dnro0193e.dll
C:\WINDOWS\system32\dnro0193e.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0182239.dll
C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0182239.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0183258.dll
C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0183258.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0183267.dll
C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0183267.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0184261.dll
C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0184261.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0184289.dll
C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0184289.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0184290.dll
C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0184290.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0184298.dll
C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0184298.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0185298.dll
C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0185298.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0186307.dll
C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0186307.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0186310.dll
C:\System Volume Information\_restore{A298B96A-5382-4886-94FC-24B518191764}\RP248\A0186310.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dMtaclen.dll
C:\WINDOWS\system32\dMtaclen.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dnro0193e.dll
C:\WINDOWS\system32\dnro0193e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\e2jmlc111f.dll
C:\WINDOWS\system32\e2jmlc111f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\h20qlcd51f0.dll
C:\WINDOWS\system32\h20qlcd51f0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\i6nm0g51e6.dll
C:\WINDOWS\system32\i6nm0g51e6.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\irr0l59m1.dll
C:\WINDOWS\system32\irr0l59m1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\jt6207joe.dll
C:\WINDOWS\system32\jt6207joe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k662lgjo16oc.dll
C:\WINDOWS\system32\k662lgjo16oc.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mgimsg.dll
C:\WINDOWS\system32\mgimsg.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mriqtz32.dll
C:\WINDOWS\system32\mriqtz32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\n8n6li5s18.dll
C:\WINDOWS\system32\n8n6li5s18.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\r0r6la9s1d.dll
C:\WINDOWS\system32\r0r6la9s1d.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\wtaudsdk.dll
C:\WINDOWS\system32\wtaudsdk.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCD

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4C8A8322-3594-422E-8FEB-E8D1E8A67687}"
HKCR\Clsid\{4C8A8322-3594-422E-8FEB-E8D1E8A67687}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{45367632-4756-41DF-9654-02A1A29EF19A}"
HKCR\Clsid\{45367632-4756-41DF-9654-02A1A29EF19A}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{235D34B4-6BF8-4696-A6DA-790D5D43140D}"
HKCR\Clsid\{235D34B4-6BF8-4696-A6DA-790D5D43140D}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded








Logfile of HijackThis v1.99.1
Scan saved at 1:03:15 PM, on 4/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SYSC00.exe
C:\windows\system32\qkdsrego.exe
C:\WINDOWS\win32097162143708.exe
C:\WINDOWS\ASEMBL~1\mmc.exe
C:\Program Files\Common Files\?racle\m?config.exe
C:\WINDOWS\system32\lwinlrag.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" /disabled
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [{52-2A-A9-9F-ZN}] C:\windows\system32\qkdsrego.exe CORN001
O4 - HKLM\..\Run: [win32097162143708] C:\WINDOWS\win32097162143708.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\lwinlrag.exe CORN001
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Owner\LOCALS~1\Temp\20.tmp
O4 - HKCU\..\Run: [Oscb] "C:\WINDOWS\ASEMBL~1\mmc.exe" -vt yazr
O4 - HKCU\..\Run: [Qekr] C:\Program Files\Common Files\?racle\m?config.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\lwinlrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03b96229e5e43c...ip/RdxIE601.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O20 - AppInit_DLLs: repairs303169566.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YW50aG9ueQ\command.exe (file missing)
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:00 AM

Posted 02 April 2006 - 12:20 PM

Next:

Please download Brute Force Uninstaller to your desktop.
  • Right-click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk ( C: ) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download SideKickFix.
Save it in the same folder you made earlier (c:\BFU).

Please close ALL other open windows & explorer folder's, then double-click on sidekickFix.bat.
Click YES and follow the prompts, when prompted to restart the PC please do so.
Then please post back with a fresh HijackThis log by using AddReply. :thumbsup:
Hi there, stranger!

#5 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:00 AM

Posted 08 April 2006 - 05:08 AM

Due to lack of feedback, this thread has been closed. If you're the original poster and need this Topic reopened, please PM a Staff member with the address of this thread.

EDIT: Due to user request, topic re-opened. Please proceed with the last set of instructions and we'll continue. :thumbsup:

Edited by Rawe, 08 April 2006 - 02:09 PM.

Hi there, stranger!

#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:00 AM

Posted 10 April 2006 - 09:33 AM

I can see you have another topic open with the help of Miekiemoes.. Just wondering if you are going to follow my directions or should I just reclose the thread? Or is it from another PC? 'Cause you really don't need another thread for the same issue.
Hi there, stranger!

#7 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:00 AM

Posted 16 April 2006 - 04:56 AM

Due to lack of feedback, this thread has been closed. If you're the original poster and need this Topic reopened, please PM a Staff member with the address of this thread.
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users