Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Someone Please Help me, here's my Hijack This log


  • This topic is locked This topic is locked
17 replies to this topic

#1 Kaorirose

Kaorirose

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 05 February 2006 - 08:39 PM

I'm getting pop us that say VCMain.exe and VCClient.exe-Application Error-"The application failed to initialize properly (0xc0000135). Clicik OK to terminate the application. I'm also getting pop ups that say that my registry is damaged and to click on Ok so that I won't get any more messages like that, it seemed risky but I took the risk. Anyway, it seems to do nothing. I've uploaded Symantec Antivirus, but that won't run and Hijack this won't run unless I go into Safe Mode. Also, it will shut down, it gives a 60 second warning that I can't seem to avoid.

Anyway, here's my log. I would appreciate all the help that I can get.:

Logfile of HijackThis v1.99.1
Scan saved at 6:27:14 PM, on 2/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Ruby\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe
O4 - HKLM\..\Run: [0kg00fu4.dll] RUNDLL32.EXE 0kg00fu4.dll,b 482994
O4 - HKLM\..\Run: [winsysban] C:\\winsysban5.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Win Update] C:\WINDOWS\System32\oleupdate.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
O4 - HKLM\..\Run: [secures23] lattt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [secures23] lattt.exe
O4 - HKCU\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [kqqf] C:\PROGRA~1\COMMON~1\kqqf\kqqfm.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Thank you soooooo much. I'm at a loss since I really need my computer for work.

    Advertisements

Register to Remove


#2 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 05 February 2006 - 09:16 PM

1. Please download Stinger and save it to your desktop

2. Double-click on the stinger.exe file and open the tool

3. Choose your entire hard drive to scan.

4. Choose Scan Now

5. Stinger will fix anything that it finds

6. Click the File menu and select Save report to file

7. Post the log file results here in this thread.

NEXT

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#3 Kaorirose

Kaorirose

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 05 February 2006 - 10:29 PM

Thank you so much for this. You have no idea how much I appreciate your quick response. Anyway here's the Stinger log: McAfee AVERT Stinger Version 2.5.9 built on Feb 2 2006 Copyright © 2005 Networks Associates Technology, Inc. All Rights Reserved. Virus data file v1000 created on Feb 2 2006. Ready to scan for 55 viruses, trojans and variants. Scan initiated on Sun Feb 05 20:09:02 2006 C:\WINDOWS\sysmgr64.exe\sysmgr64.exe Found the W32/Sdbot.worm.gen.g virus !!! C:\WINDOWS\sysmgr64.exe\sysmgr64.exe has been deleted. C:\WINDOWS\System32\msconfig32.exe Found the W32/Sdbot.worm.gen virus !!! C:\WINDOWS\System32\msconfig32.exe has been deleted. C:\WINDOWS\ilt.exe\ilt.exe Found the W32/Sdbot.worm.gen.g virus !!! C:\WINDOWS\ilt.exe\ilt.exe has been deleted. C:\WINDOWS\system32\i Found the W32/Sdbot.worm!ftp virus !!! C:\WINDOWS\system32\i has been deleted. Number of clean files: 62136 Number of infected files: 4 Number of files deleted: 4

#4 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 05 February 2006 - 10:34 PM

Please also run Ewido posts its log and a new hijackthis log. Make sure that you run Ewido in safe mode and allow it to clean what it finds.

#5 Kaorirose

Kaorirose

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 06 February 2006 - 12:28 AM

Ok here are both logs....

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:17:38 PM, 2/5/2006
+ Report-Checksum: 3FD8657F

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{44BE0690-5429-47F0-85BB-3FFD8020233E} -> Spyware.UCmore : Cleaned with backup
HKLM\SOFTWARE\Effective-i -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator\IE5 -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{44BE0690-5429-47f0-85BB-3FFD8020233E} -> Spyware.UCmore : Cleaned with backup
HKU\S-1-5-21-1844237615-688789844-842925246-1003\Software\Effective-i -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKU\S-1-5-21-1844237615-688789844-842925246-1003\Software\Effective-i\TheSearchAccelerator -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKU\S-1-5-21-1844237615-688789844-842925246-1003\Software\Effective-i\TheSearchAccelerator\IE5 -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKU\S-1-5-21-1844237615-688789844-842925246-1003\Software\Maxthon\Plugin\toolbar\{44BE0690-5429-47f0-85BB-3FFD8020233E} -> Spyware.UCmore : Cleaned with backup
C:\Documents and Settings\Ruby\Cookies\ruby@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Ruby\Cookies\ruby@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Ruby\Cookies\ruby@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Ruby\Cookies\ruby@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Ruby\Cookies\ruby@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Ruby\Cookies\ruby@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Ruby\Cookies\ruby@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Ruby\Cookies\ruby@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Ruby\Cookies\ruby@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Ruby\Cookies\ruby@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Ruby\Cookies\ruby@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ruby\Cookies\ruby@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Ruby\Cookies\ruby@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Ruby\Cookies\ruby@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Ruby\Cookies\ruby@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Ruby\Cookies\ruby@sel.as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Ruby\Cookies\ruby@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Ruby\Cookies\ruby@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Ruby\Cookies\ruby@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Ruby\Local Settings\Temp\i17.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Ruby\Local Settings\Temporary Internet Files\Content.IE5\AWVXDWRH\newfrn[2].exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Ruby\Local Settings\Temporary Internet Files\Content.IE5\KSS8RC1C\newfrn[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Ruby\Local Settings\Temporary Internet Files\Content.IE5\QM082UUO\ucmoreiex[1].exe/UCMTSAIE.DLL -> Spyware.UCmore : Cleaned with backup
C:\Documents and Settings\Ruby\Local Settings\Temporary Internet Files\Content.IE5\QM082UUO\ucmoreiex[1].exe/IUCMORE.DLL -> Spyware.UCmore : Cleaned with backup
C:\Documents and Settings\Ruby\Local Settings\Temporary Internet Files\Content.IE5\VDHP1EW2\newfrn[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Ruby\Local Settings\Temporary Internet Files\Content.IE5\VDHP1EW2\newfrn[2].exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Ruby\msdirectx.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\installerus.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\inst_0004.exe -> Downloader.Small.cam : Cleaned with backup
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\NNSCAA638.EXE -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Common Files\kqqf\kqqfl.exe -> Downloader.TSUpdate.p : Cleaned with backup
C:\Program Files\Common Files\kqqf\kqqfp.exe -> Downloader.TSUpdate.f : Cleaned with backup
C:\Program Files\Common Files\VCClient\SS1001.exe -> Dropper.Small.qn : Cleaned with backup
C:\Program Files\TheSearchAccelerator\IUCmore.dll -> Spyware.UCmore : Cleaned with backup
C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\ucmoreiex.exe/UCMTSAIE.DLL -> Spyware.UCmore : Cleaned with backup
C:\ucmoreiex.exe/IUCMORE.DLL -> Spyware.UCmore : Cleaned with backup
C:\WINDOWS\newfrn.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\0kg00fu4.dll -> Adware.Sud : Cleaned with backup
C:\WINDOWS\system32\msdirectx.sys -> Trojan.Rootkit.h : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 10:24:04 PM, on 2/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Atievxx.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\QuickTime\qttask.exe
C:\winsysban5.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\oleupdate.exe
C:\WINDOWS\System32\mssvcc.exe
C:\WINDOWS\System32\lattt.exe
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\Ruby\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe
O4 - HKLM\..\Run: [0kg00fu4.dll] RUNDLL32.EXE 0kg00fu4.dll,b 482994
O4 - HKLM\..\Run: [winsysban] C:\\winsysban5.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Win Update] C:\WINDOWS\System32\oleupdate.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
O4 - HKLM\..\Run: [secures23] lattt.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [secures23] lattt.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [kqqf] C:\PROGRA~1\COMMON~1\kqqf\kqqfm.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{678D5036-DC11-44EF-95E4-951E5D7E168D}: NameServer = 209.244.0.3 209.244.0.4
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#6 Kaorirose

Kaorirose

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 06 February 2006 - 09:19 PM

It's improved quite a bit! Thank you so much. However, I'm still getting the VCClient and the VCMain errors along with a dll error. The registry error is gone.

#7 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 06 February 2006 - 10:06 PM

Print out these instructions.


Close Internet Explorer and keep it closed throughout the entire removal process.


Enter the control panel by clicking on the Start menu, then clicking on Run.


Now type control in the Open field and press the OK button.


Double-click on the Add/Remove Programs icon.


Look for and uninstall the following entries if found in the Add/Remove Programs window.

Surf Sidekick
Surf Sidekick 2
Surf Sidekick 3

It may prompt about whether or not you are sure you want to remove this program. Reply Yes to this prompt. It will then uninstall the program.

If there is no Add/Remove Programs entry for this programs, click on Start, then Run and type the followin in the Open: field:

C:\Program Files\SurfSideKick 3\Ssk.exe /u

and press the OK button. A code will be displayed that it will ask you to enter. Enter this code and reboot. Once back to your desktop continue with the rest of the fix.


Navigate to the c:\hijackthis directory and double-click on HijackThis


When the program starts, double-click on the HijackThis icon and then click on the Scan button.


Put a checkmark next to the following entries if they exist:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com

O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll (file missing)

O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe
O4 - HKLM\..\Run: [0kg00fu4.dll] RUNDLL32.EXE 0kg00fu4.dll,b 482994
O4 - HKLM\..\Run: [winsysban] C:\\winsysban5.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Win Update] C:\WINDOWS\System32\oleupdate.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
O4 - HKLM\..\Run: [secures23] lattt.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [secures23] lattt.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [kqqf] C:\PROGRA~1\COMMON~1\kqqf\kqqfm.exe

Then click the Fix button


Exit HijackThis.


Reboot your computer


Delete the following directories if they exist:

C:\PROGRAM FILES\SurfSideKick
C:\Program Files\SurfSideKick 3\
C:\Program Files\Common Files\VCClient\


Search for the following files and if found delete them:

Sskknwrd.dll
Ssk.log
SskUpdater.exe
Ssk.exe



Download the following reg file to your desktop. When it is finished downloading double-click on it and say Yes when it asks if you would like to merge the data.

Link >>>>> http://www.bleepingc...ware/fixssk.reg

Then reboot and a new hijackthis log please.

#8 Kaorirose

Kaorirose

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 07 February 2006 - 12:18 AM

gfile of HijackThis v1.99.1 Scan saved at 10:16:01 PM, on 2/6/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Atievxx.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Documents and Settings\Ruby\Desktop\hijackthis\HijackThis.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#9 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 07 February 2006 - 12:20 AM

Is that log from safe mode. If so I need one from normal mode please.

#10 Kaorirose

Kaorirose

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 07 February 2006 - 12:23 AM

No, but would you like me to do another one?

    Advertisements

Register to Remove


#11 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 07 February 2006 - 12:27 AM

:lol: I am confusing my self. I need a log that is doen in regular mode please.

#12 Kaorirose

Kaorirose

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 07 February 2006 - 12:39 AM

Ok no problem, here it is in normal mode. Logfile of HijackThis v1.99.1 Scan saved at 10:37:39 PM, on 2/6/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Atievxx.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Trillian\trillian.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Ruby\Desktop\hijackthis\HijackThis.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{678D5036-DC11-44EF-95E4-951E5D7E168D}: NameServer = 209.244.0.3 209.244.0.4 O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#13 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 07 February 2006 - 12:41 AM

Looks good, how is it running?

#14 Kaorirose

Kaorirose

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 07 February 2006 - 12:45 AM

Slow, but I'm not expecting much for a 6 year old laptop running on XP. But much much better and not getting anymore pop ups as far as I can tell. Thanx

#15 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 07 February 2006 - 12:46 AM

Lets do some cleaning.

Download ccleaner from the link below, save it to your desktop. Open ccleaner and click on run ccleaner at the bottom right.

http://www.majorgeek...wnload4191.html

Next download Regseeker from the link below. Save it to your destop. Open Regseeker and click on clean registry, next click ok. Once the scan is complete make sure the make backups is checked and then select all and delete it.


http://www.majorgeek...wnload2579.html

How is it after that?

Edited by Siggyx, 07 February 2006 - 12:47 AM.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users