Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Fully Remove Ssk


  • This topic is locked This topic is locked
4 replies to this topic

#1 Hiddle_P

Hiddle_P

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 29 April 2006 - 07:00 AM

I got some stupid program, surfsidekick 3 on my computer, then thought that i had removed it but i'm still getting heaps of annoying popups that will not go away and are slowing down my computer...if anyone knows how to help i will grateful

Logfile of HijackThis v1.99.1
Scan saved at 9:54:23 PM, on 29/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\Digital Imaging\bin\hpohmr08.exe
F:\Plauto.exe
D:\Program Files\Digital Imaging\bin\hpoevm08.exe
D:\Program Files\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\WATT\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Photo Loader supervisory.lnk = F:\Plauto.exe
O20 - Winlogon Notify: SysDM - C:\WINDOWS\system32\en46l1hs1.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:58 AM

Posted 29 April 2006 - 07:53 AM

Hello,

It looks like you already fixed some entries yourself.... However, fixing in hijackthis doesn't delete files.. so not sure what is still present here.

Perform next steps in the right order:

* Download Brute Force Uninstaller.
Unzip it to a folder of itís own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script ( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report Together with the contents of Look2Me-Destroyer.txt present on your desktop and a new HiJackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Hiddle_P

Hiddle_P
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 29 April 2006 - 08:57 AM

here are the L2M-D, HJT and Panda scan log files. Thanks for the help


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 29/04/2006 10:58:11 PM

Infected! C:\WINDOWS\SYSTEM32\en46l1hs1.dll
Infected! C:\WINDOWS\SYSTEM32\p06s0aj7edo.dll
Infected! C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP195\A0036030.dll
Infected! C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP195\A0036095.dll
Infected! C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037033.dll
Infected! C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037099.dll
Infected! C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037102.dll
Infected! C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037109.dll
Infected! C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037115.dll
Infected! C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037121.dll
Infected! C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037126.dll
Infected! C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037132.dll
Infected! C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037811.dll
Infected! C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037817.dll
Infected! C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037830.dll
Infected! C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP197\A0037848.dll
Infected! C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP197\A0037851.dll
Infected! C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP197\A0037875.dll
Infected! C:\WINDOWS\system32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\SYSTEM32\en46l1hs1.dll
C:\WINDOWS\SYSTEM32\en46l1hs1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\p06s0aj7edo.dll
C:\WINDOWS\SYSTEM32\p06s0aj7edo.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP195\A0036030.dll
C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP195\A0036030.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP195\A0036095.dll
C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP195\A0036095.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037033.dll
C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037033.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037099.dll
C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037099.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037102.dll
C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037102.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037109.dll
C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037109.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037115.dll
C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037115.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037121.dll
C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037121.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037126.dll
C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037126.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037132.dll
C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037132.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037811.dll
C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037811.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037817.dll
C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037817.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037830.dll
C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP196\A0037830.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP197\A0037848.dll
C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP197\A0037848.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP197\A0037851.dll
C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP197\A0037851.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP197\A0037875.dll
C:\System Volume Information\_restore{763FED0D-7EE2-4300-AD08-500E55A9C9CF}\RP197\A0037875.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp Deleted successfully!

Making registry repairs.


Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FDA1B0E0-1F37-42BE-B39A-3FDABAC0B7E4}"
HKCR\Clsid\{FDA1B0E0-1F37-42BE-B39A-3FDABAC0B7E4}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0D5F0B25-0186-4721-8A59-0FE33BA12119}"
HKCR\Clsid\{0D5F0B25-0186-4721-8A59-0FE33BA12119}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{062024CC-E54C-4039-9423-85885310CE9F}"
HKCR\Clsid\{062024CC-E54C-4039-9423-85885310CE9F}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3C039BA9-45C9-4819-9F39-1A2376DB3452}"
HKCR\Clsid\{3C039BA9-45C9-4819-9F39-1A2376DB3452}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded


Logfile of HijackThis v1.99.1
Scan saved at 11:55:29 PM, on 29/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\Digital Imaging\bin\hpohmr08.exe
F:\Plauto.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\mqsvc.exe
D:\Program Files\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\mqtgsvc.exe
D:\Program Files\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\WATT\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Photo Loader supervisory.lnk = F:\Plauto.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: SysDM - C:\WINDOWS\system32\en46l1hs1.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe




Incident Status Location

Spyware:Cookie/Kmpads Not disinfected C:\WINDOWS\TEMP\Cookies\watt@kmpads[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\WINDOWS\TEMP\Cookies\watt@stats1.reliablestats[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\TEMP\Cookies\watt@ad.yieldmanager[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\WINDOWS\TEMP\Cookies\watt@rn11[2].txt
Spyware:Cookie/Advnt Not disinfected C:\WINDOWS\TEMP\Cookies\watt@www.advnt01[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\WINDOWS\TEMP\Cookies\watt@winfixer[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\WATT\Local Settings\Temp\Cookies\watt@stats1.reliablestats[2].txt
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\WATT\Local Settings\Temporary Internet Files\Ssk.log

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:58 AM

Posted 29 April 2006 - 09:06 AM

Hello, the active problem you are dealing with was look2me and no Surfsidekick.
But it looks like we solved it here. :thumbsup:

Still one file to delete which is not visible for you, but hijackthis sees it, so perform next:

* Open hijackthis, click 'config' (bottom right)
Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'
In the field, copy and paste next:

C:\Documents and Settings\WATT\Local Settings\Temporary Internet Files\Ssk.log

Click open.
Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/ok
Your system should reboot now.

Check and fix next entry in hijackthis:

O20 - Winlogon Notify: SysDM - C:\WINDOWS\system32\en46l1hs1.dll (file missing)

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Let me know in your next reply how things are running now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:58 AM

Posted 05 May 2006 - 02:15 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users