Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • This topic is locked This topic is locked
2 replies to this topic

#1 DavyDuke17


  • Members
  • 1 posts
  • Local time:04:11 PM

Posted 29 May 2006 - 10:32 AM


When I run adware and Spybot S&D they show the following:
Zeno Search, CoolWebSearch, Look2Me, SearchSideKick, Director, and sometimes VX2.
However, each time I try to fix the infections with the following programs it says that a certain .dll file in my Windows\system32 directory can't be deleted along with all the files associated with SearchSideKick which are in there own folder in my Program Files folder. I then choose the option to have them deleted on next startup, but this never seems to work.. the SearchSideKick files are still there and the .dll file just moves to another file name. I tried using killbox to delete that file, but it still says it can't be deleted.. and manually deleted it hasn't worked either, even in safe mode. I also ran Ewido, but when it tries to fix the problems it always just stops when it gets to SurfSideKick. Here is my log, thanks for the help in advance:

Logfile of HijackThis v1.99.1
Scan saved at 11:28:02 AM, on 5/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Documents and Settings\David\Application Data\s?curity\taskmgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trillian\trillian.exe
C:\Program Files\WinZip\README.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David\Desktop\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Ttth] "C:\PROGRA~1\CURITY~1\msdtc.exe" -vt ndrv
O4 - HKCU\..\Run: [Ldvg] C:\Documents and Settings\David\Application Data\s?curity\taskmgr.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.com/pc/support/access/sdc...en/IbmEgath.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{902A0556-ED53-478F-9423-B406748C23F5}: NameServer =
O20 - AppInit_DLLs: repairs303169587.dll
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\h40q0ed5eh0.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

BC AdBot (Login to Remove)



#2 sUBs



  • Malware Response Team
  • 2,489 posts
  • Local time:04:11 AM

Posted 30 May 2006 - 08:32 AM

Download this file - combofix.zip
From within it, double click on combo.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

I shall also require a fresh HJT log

Edited by sUBs, 30 May 2006 - 08:33 AM.

#3 sUBs



  • Malware Response Team
  • 2,489 posts
  • Local time:04:11 AM

Posted 05 June 2006 - 08:02 PM

* * * * * * * * *

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

* * * * * * * * *

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users