Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Surf Sidekick 3

  1. 2006-05-03, 07:25 #1
    thetimfactor
    thetimfactor is offline
    Junior Member
    Join Date
    May 2006
    Posts
    27

    Default Surf Sidekick 3

    I don't know how but somehow Surf Sidekick 3 got installed on my computer and nothing will remove it. I looked up other threads but all I found was Hijack This logs... I don't even know what Hijack This is. Any help would be appreaciated.

    -Tim
  2. 2006-05-03, 08:39 #2
    LonnyRJones
    LonnyRJones is offline
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Welcome to the forum
    Post a HijackThis 1.99.1 log
    First Make a new folder, example C:\AntiSpyWare
    and download/Save HijackThis, to that new folder.
    This is necessary to ensure you have backups should anything go wrong
    http://www.merijn.org/files/HijackThis.exe
    Double click HijackThis.exe, Hit None of the above, just start the program.
    Hit Scan When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log somewhere, and please show us its contents.
    Most of what it lists will be harmless or even required, so do NOT fix anything yet.

    If no one replys for four days (they usualy do before that) post in this thread
    If you have waited FOUR days for advice post here.: http://forums.spybot.info/showthread.php?t=1137
  3. 2006-05-03, 11:33 #3
    thetimfactor
    thetimfactor is offline
    Junior Member
    Join Date
    May 2006
    Posts
    27

    Default

    Ok here's the log, and thanks heaps to anyone that helps. You guys are amazing.

    Logfile of HijackThis v1.99.1
    Scan saved at 7:31:42 PM, on 5/3/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe
    C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\mousepad16.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\System32\imapi.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Tim\Desktop\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Tim\Desktop\AntiSpyWare\HijackThis.exe

    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {138DB3E9-C742-40C8-8406-8481E1AEEF55} - C:\Program Files\Macromedia\mego.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {F7A1CBA8-7910-49D9-E983-9EC2EBCE6D06} - C:\WINDOWS\kehuuriw.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Search - {3621BC4A-6EB8-D313-F919-F2EE89C741DE} - C:\WINDOWS\kehuuriw.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [keyboard] C:\\keyboard16.exe
    O4 - HKLM\..\Run: [newname] C:\\newname16.exe
    O4 - HKLM\..\Run: [mousepad] C:\\mousepad16.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot
  4. 2006-05-04, 08:35 #4
    LonnyRJones
    LonnyRJones is offline
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    thetimfactor , post the entire log next time please

    In addremove programs uninstall surfsidekick, afterwards restart the pc, once back post another log.
  5. 2006-05-04, 15:42 #5
    thetimfactor
    thetimfactor is offline
    Junior Member
    Join Date
    May 2006
    Posts
    27

    Default

    Ok I thought I had the whole logfile this time. This is it now for sure. Unfortunately SurfSidekick was not in my Add/Remove Programs... It's definately installed though because it doesn't stop popping up. :(

    There is a File in C:/Program Files/Surf Sidekick 3 but that won't delete...

    Thanks for the help heaps And here's the Full Log

    Logfile of HijackThis v1.99.1
    Scan saved at 11:37:25 PM, on 5/4/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe
    C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\lg_fwupdate\fwupdate.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\mousepad16.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Shareaza\Shareaza.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\Tim\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {138DB3E9-C742-40C8-8406-8481E1AEEF55} - C:\Program Files\Macromedia\mego.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {F7A1CBA8-7910-49D9-E983-9EC2EBCE6D06} - C:\WINDOWS\kehuuriw.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Search - {3621BC4A-6EB8-D313-F919-F2EE89C741DE} - C:\WINDOWS\kehuuriw.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [keyboard] C:\\keyboard16.exe
    O4 - HKLM\..\Run: [newname] C:\\newname16.exe
    O4 - HKLM\..\Run: [mousepad] C:\\mousepad16.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_7
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by5fd.bay5.hotmail.msn.com/re...s/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1146556295484
    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://xlonhcld.xlontech.net/100348/...ie06011811.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: repairs303169581.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
  6. 2006-05-05, 01:45 #6
    LonnyRJones
    LonnyRJones is offline
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Start Hijackthis and place a check next to these items If there.
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    O2 - BHO: (no name) - {F7A1CBA8-7910-49D9-E983-9EC2EBCE6D06} - C:\WINDOWS\kehuuriw.dll (file missing)
    O3 - Toolbar: Search - {3621BC4A-6EB8-D313-F919-F2EE89C741DE} - C:\WINDOWS\kehuuriw.dll (file missing)
    O4 - HKLM\..\Run: [keyboard] C:\\keyboard16.exe
    O4 - HKLM\..\Run: [newname] C:\\newname16.exe
    O4 - HKLM\..\Run: [mousepad] C:\\mousepad16.exe
    ====================================
    Hit fix checked and close Hijackthis.
    Restart the PC
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    i strongly recommend uninstalling Shareaza and limewire

    Download Brute Force Uninstaller.
    Unzip it to it’s own folder (c:\BFU)
    It must be unzipped to the c:\BFU folder (Or the drive windows is installed to, which is normaly C:\)


    Rightclick on this link and choose save target as, save sidekickFix.bat to that BFU folder.
    ====
    http://downloads.subratam.org/Lon/sidekickFix.bat
    ====
    Close all browsers, explorer folder's then Run sidekickFix.bat
    Choose yes and fallow the prompts, when prompted to restart the PC do so.

    Was your desktop wallpaper changed by the infections ?

    After the PC has restarted and you are here at the forum make and post a hijackthis log.
  7. 2006-05-05, 07:51 #7
    thetimfactor
    thetimfactor is offline
    Junior Member
    Join Date
    May 2006
    Posts
    27

    Default

    Done and done. And no the program did not change my wallpaper. It changed a lot of other things though... anyway thanks for helping heaps! and heres the logfile...

    Logfile of HijackThis v1.99.1
    Scan saved at 3:48:58 PM, on 5/5/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe
    C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\lg_fwupdate\fwupdate.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Tim\Desktop\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {138DB3E9-C742-40C8-8406-8481E1AEEF55} - C:\Program Files\Macromedia\mego.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by5fd.bay5.hotmail.msn.com/re...s/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1146556295484
    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://xlonhcld.xlontech.net/100348/...ie06011811.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
  8. 2006-05-05, 09:15 #8
    LonnyRJones
    LonnyRJones is offline
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Now a report from one or both of these free online scan's.

    Panda ActiveScan-Free online scanner,
    http://www.pandasoftware.com/products/activescan.htm
    Do a full scan > Click the my computer button
    After the scan click see report then Save the report and post it back here please.
    Kaspersky Lab - Free Online scan:
    http://www.kaspersky.com/virusscanner
    Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
    Then choose: my computer: scan all your hard drives and mapped disks.
    when finished click save as text and post that in your reply.
  9. 2006-05-05, 10:28 #9
    thetimfactor
    thetimfactor is offline
    Junior Member
    Join Date
    May 2006
    Posts
    27

    Default

    this is from the first one


    Incident Status Location

    Adware:Adware/FCHelp Not disinfected c:\program files\pecarlin\pecarlin.exe
    Adware:Adware/FCHelp Not disinfected C:\Program Files\FCAdvice\FCAdvice.dll
    Adware:Adware/Deskwizz Not disinfected C:\Program Files\Macromedia\mego.dll
    Adware:adware/dollarrevenue Not disinfected c:\drsmartload1.exe
    Adware:adware/webhancer Not disinfected c:\WHCC2.exe
    Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Ssk.log
    Adware:adware/deskwizz Not disinfected Windows Registry
    Adware:adware/cws.aboutblank Not disinfected Windows Registry
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Johnny\Cookies\johnny@112.2o7[2].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Johnny\Cookies\johnny@ad.yieldmanager[1].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Johnny\Cookies\johnny@adopt.hbmediapro[2].txt
    Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Johnny\Cookies\johnny@banners.searchingbooth[1].txt
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Johnny\Cookies\johnny@burstnet[1].txt
    Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Johnny\Cookies\johnny@errorsafe[2].txt
    Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Johnny\Cookies\johnny@i.screensavers[1].txt
    Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Johnny\Cookies\johnny@kmpads[1].txt
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Johnny\Cookies\johnny@microsofteup.112.2o7[1].txt
    Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Johnny\Cookies\johnny@rn11[2].txt
    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Johnny\Cookies\johnny@stats1.reliablestats[1].txt
    Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Johnny\Cookies\johnny@winfixer[2].txt
    Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Johnny\Cookies\johnny@www.advnt01[1].txt
    Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Johnny\Cookies\johnny@www.errorsafe[2].txt
  10. 2006-05-05, 10:45 #10
    LonnyRJones
    LonnyRJones is offline
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Download "Suspicious File Packer" Third one on this page >
    http://www.safer-networking.org/en/tools/index.html
    To your desktop, unzip the file inside
    run sfp.exe copy then paste the list below into it and hit continue.

    C:\Program Files\Macromedia\*.*
    c:\program files\pecarlin\*.*

    a .cab file will have been created on your desktop
    Send it to submitlonny AT subratam.org
    Replace AT with @ and remove spaces, then include a link back to this thread.
    Or you coud attach it here http://www.thespykiller.co.uk/forum/index.php?board=1.0

    Thanks
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules