|
| ||
| surf sidekick 3 and other nondesirables so i've read about 10000000 ways to get rid of surf sidekick 3 and i swear i followed them each to a t with no luck.... so in hopes of regaining my sanity, here's my hijack this log.... thanks for any ideas you can offer.. justin Logfile of HijackThis v1.99.1 Scan saved at 3:20:04 AM, on 3/28/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINNT\services.exe C:\WINNT\winevent.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINNT\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Dudez\ProtoWall\ProtoWall.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINNT\system32\rundll32.exe C:\Program Files\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\system32\mmhqi.exe F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,winusmx.exe O1 - Hosts: 216.87.210.71 search.kazaa.com O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Dudez\ProtoWall\ProtoWall.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINNT\system32\w9seq.dll O20 - Winlogon Notify: MediaContentIndex - C:\WINNT\system32\g8joli1318.dll O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINNT\services.exe O23 - Service: Windows Event (WinEvent) - Unknown owner - C:\WINNT\winevent.exe unlike other ones i read about, i don't have the VCClient.exe or any of that business... |
| ||
| Re: surf sidekick 3 and other nondesirables First place I need you to start is download the following tools for me CCleaner http://www.filehippo.com/download/51.../download.html Ad-Aware SE Personal http://www.download.com/Ad-Aware-SE-...ml?tag=lst-0-2 Spybot Search and Destroy http://www.download.com/Spybot-Searc...ml?tag=lst-0-1 Ewido http://www.download.com/Ewido-Securi...ml?tag=lst-0-1 Spysweeper http://www.malwareteks.com/dload.php...load&file_id=5 Pocket Killbox http://www.bleepingcomputer.com/files/spyware/KillBox.zip -Unzip to its own folder Now since you have Windows XP - I want us to start in Safe Mode with Networking -Restart your PC -Repeatedly tap F8 before the "Loading Windows" screen appears -Choose Safe Mode with Networking -You will see the screen scroll down - this is normal Now on to the cleaning... Open up CCleaner first -run ONLY the default scan (Windows Tab). Do Not “Scan For Issues� unless specifically asked to do so! -Simply open it and choose Run Cleaner Open Ad-Aware -Allow it to update to the latest definitions -Run it and remove everything it finds Open Spybot -Allow it to update -Run it and fix what it finds Open Ewido -Click Update>Start Update -Run it and remove everything it finds -Save the report at the end and attach it for me when you return Now Reboot back into Normal Mode Open Spysweeper -Allow it to update then run a Sweep -Let it remove everything it finds -Please save this log for me and attach it Now run Kaspersky Online Scanner http://www.kaspersky.com/scanforvirus.html Save the log and attach it for me as well. If you can not get these logs in one post that is fine, use as many posts as necessary. I need the following
Good Luck :) |
| ||
| Re: surf sidekick 3 and other nondesirables okay so i ran everything and it seemed like there were still unreachable/undeletable files & registry entries because even in safe mode they were loaded... anyhow, here's my spysweeper log: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com To ensure proper removal of spyware, adware and other unwanted items, be sure to close any programs that are open. Your Sweep Options indicate the following will be swept: Drives: C: Also sweeping: Memory, Cookies, Registry The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com Adware found: clkoptimizer The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com Adware found: findthewebsiteyouneed hijack The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com Adware found: dollarrevenue Adware found: command Trojan Horse found: sdbot Adware found: quicklink search toolbar Adware found: targetsaver The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com Adware found: surfsidekick Adware found: look2me The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com Adware found: great net downloadware The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com Adware found: zenosearchassistant Full Sweep has completed. Elapsed time 00:15:05 Traces Found: 145 next up, my ewido log. |
| ||
| Re: surf sidekick 3 and other nondesirables --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 3:06:48 AM, 3/29/2006 + Report-Checksum: 5D9F546D + Scan result: HKLM\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup HKU\.DEFAULT\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup HKU\.DEFAULT\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup [1060] C:\WINNT\system32\lseei.dll -> Adware.Look2Me : Error during cleaning [1224] C:\WINNT\system32\lseei.dll -> Adware.Look2Me : Error during cleaning [1564] C:\WINNT\system32\ckpnypj.dll -> Downloader.Qoologic.bj : Error during cleaning [1568] C:\WINNT\system32\ckpnypj.dll -> Downloader.Qoologic.bj : Error during cleaning [1108] C:\WINNT\system32\ckpnypj.dll -> Downloader.Qoologic.bj : Error during cleaning [1596] C:\WINNT\system32\ckpnypj.dll -> Downloader.Qoologic.bj : Error during cleaning C:\315502.exe -> Trojan.Small : Cleaned with backup C:\comscore.exe -> Dropper.Agent.hl : Cleaned with backup C:\Documents and Settings\Default User\Application Data\Đ?dobe\ntvdm.exe -> Downloader.PurityScan.w : Cleaned with backup C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\238W0H1R\drsmartload[1].exe -> Downloader.Adload.ah : Cleaned with backup C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\9CPW0WEK\315502[1].exe -> Trojan.Small : Cleaned with backup C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\9CPW0WEK\aohell[1].exe -> Worm.Small.d : Cleaned with backup C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\9CPW0WEK\installerwnus[1].exe -> Downloader.Qoologic.at : Cleaned with backup C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\9CPW0WEK\izgyxwa[1].cab/slk8x2peu.exe -> Adware.Suggestor : Cleaned with backup C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\9CPW0WEK\izgyxwa[1].cab/faotvpap7.exe -> Trojan.Runner.h : Cleaned with backup C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\9CPW0WEK\keyboard6[1].exe -> Downloader.VB.zo : Cleaned with backup C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\9CPW0WEK\mousepad5[1].exe -> Hijacker.VB.ly : Cleaned with backup C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\9CPW0WEK\newname6[1].exe -> Downloader.Adload.ae : Cleaned with backup C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\9CPW0WEK\ZICORN001[1].exe -> Adware.ZenoSearch : Cleaned with backup C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\R9G34SX8\aohell[1].exe -> Worm.Small.d : Cleaned with backup C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\R9G34SX8\comscore[1].exe -> Dropper.Agent.hl : Cleaned with backup C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\R9G34SX8\d72[1].exe -> Downloader.Adload.af : Cleaned with backup C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\R9G34SX8\drsmartload46a[1].exe -> Downloader.Adload.af : Cleaned with backup C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\R9G34SX8\error[1].htm -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\R9G34SX8\keyboard5[1].exe -> Downloader.VB.zl : Cleaned with backup C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\R9G34SX8\mousepad6[1].exe -> Hijacker.VB.ly : Cleaned with backup C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\R9G34SX8\newname5[1].exe -> Downloader.Adload.ae : Cleaned with backup C:\Documents and Settings\Justin Goellner\Local Settings\Temp\Temporary Internet Files\Content.IE5\6HCZ0B3V\all_launch_reg[1].htm -> Trojan.NoClose.e : Cleaned with backup C:\drsmartload1.exe -> Downloader.Adload.ah : Cleaned with backup C:\drsmartload46a.exe -> Downloader.Adload.af : Cleaned with backup C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup C:\windows\keyboard5.exe -> Downloader.VB.zl : Cleaned with backup C:\windows\keyboard6.exe -> Downloader.VB.zo : Cleaned with backup C:\windows\mousepad5.exe -> Hijacker.VB.ly : Cleaned with backup C:\windows\mousepad6.exe -> Hijacker.VB.ly : Cleaned with backup C:\windows\newname5.exe -> Downloader.Adload.ae : Cleaned with backup C:\windows\newname6.exe -> Downloader.Adload.ae : Cleaned with backup C:\WINNT\system32\2.exe -> Dropper.Agent.hl : Cleaned with backup C:\WINNT\system32\AZYCFILT.DLL -> Adware.Look2Me : Cleaned with backup C:\WINNT\system32\AŃ€pPatch\wĎ…auboot.exe -> Adware.PurityScan : Cleaned with backup C:\WINNT\system32\bbfqt.dat -> Downloader.Qoologic.bj : Cleaned with backup C:\WINNT\system32\cerpol.dll -> Adware.Look2Me : Cleaned with backup C:\WINNT\system32\dmonwv.dll -> Downloader.Agent.agw : Cleaned with backup C:\WINNT\system32\faotvpap7.exe -> Trojan.Runner.h : Cleaned with backup C:\WINNT\system32\mwinnag.exe -> Adware.ZenoSearch : Cleaned with backup C:\WINNT\system32\myl_qic.dll -> Adware.Look2Me : Cleaned with backup C:\WINNT\system32\paytime.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup C:\WINNT\system32\pre1.exe -> Dropper.Agent.hl : Cleaned with backup C:\WINNT\system32\slk8x2peu.exe -> Adware.Suggestor : Cleaned with backup C:\WINNT\system32\vmdex.dll -> Adware.Look2Me : Cleaned with backup C:\WINNT\system32\w9seq.dll -> Adware.Suggestor : Cleaned with backup C:\WINNT\system32\winspy.exe -> Downloader.Small.ckq : Cleaned with backup C:\WINNT\system32\__delete_on_reboot__ckpnypj.dll -> Downloader.Qoologic.bj : Cleaned with backup C:\WINNT\uniq -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup C:\WINNT\winevent.exe -> Backdoor.SdBot.xd : Cleaned with backup C:\xdos.exe -> Downloader.Adload.af : Cleaned with backup C:\ZICORN001.exe -> Adware.ZenoSearch : Cleaned with backup ::Report End also kaspersky.com/scanforvirus.html isn't loading so i can't show you that log.... i guess i'm okay then? it's hard for me to tell. how do you get this crap and how do you avoid it properly? i run spybot s&d, adaware and protowall already and if i had all of these problems with them running.... i mean, is there something better i could be doing? thanks- let me know if you think i'm cleaned up. justin |
| ||
| Re: surf sidekick 3 and other nondesirables oop.s and finally my new hijack this log... Logfile of HijackThis v1.99.1 Scan saved at 4:01:21 AM, on 3/29/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINNT\Explorer.EXE C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINNT\services.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Dudez\ProtoWall\ProtoWall.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ewido\security suite\SecuritySuite.exe C:\Program Files\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\system32\mmhqi.exe F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,winusmx.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Dudez\ProtoWall\ProtoWall.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O20 - Winlogon Notify: MediaContentIndex - C:\WINNT\system32\g6220gfoe62c0.dll (file missing) O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINNT\services.exe (file missing) O23 - Service: Windows Event (WinEvent) - Unknown owner - C:\WINNT\winevent.exe (file missing) also ewido keeps finding c:\winnt\__delete_on_reboot__services.exe everytime i scan... it's the only thing left? |
| |||||
| Re: surf sidekick 3 and other nondesirables It doesnt appear you let Spysweeper remove what it found? It would say Quarantining if you did. Did you get the option, or have you already used the trial of it before? If you did not let it remove, please re-run it. First Disable Spybots TeaTimer..you should be able to right click it in the System Tray and choose Exit Go to Start>Run type Services.msc and press Enter. -Locate the following two services one at a time Quote:
-Next choose Properties -Change Startup Type to Disabled Now Open HijackThis -Choose Open Misc Tools -Choose Delete an NT Service -Copy the following two one at a time in the box and delete them. Quote:
--Close all windows before continuing. --Double-click Look2Me-Destroyer.exe to run it. --Put a check next to Run this program as a task. --You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK --When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal. --Once it's done scanning, click the Remove L2M button. --You will receive a Done Scanning message, click OK. --When completed, you will receive this message: Done removing infected files! --Look2Me-Destroyer will now shutdown your computer, click OK. --Your computer will then shutdown. --Turn your computer back on. --Please post the contents of C:\Look2Me-Destroyer.txt when you return Now scan with HijackThis and place a check next to the following Quote:
Now reboot to Safe Mode and delete the following Quote:
Reboot back to Normal Mode and attach the following logs Quote:
|
| ||
| Re: surf sidekick 3 and other nondesirables "It doesnt appear you let Spysweeper remove what it found? It would say Quarantining if you did. Did you get the option, or have you already used the trial of it before? If you did not let it remove, please re-run it." yeah maybe i didn't post the right log (i just cut and paste what it said in the window as it was scanning) but there were like 10 things quarantined "Now reboot to Safe Mode and delete the following" those files were already gone by the point i went back to delete them... here's my new hijack this. i'm a total jackass and deleted the look2me detroyer log by accidnet (i saw the .txt file and figured it was a 'readme' kind of thing not thinking 'oh thats the log') so i can't post that... here's the hjt and i'll post the spysweeper when iget done running it... thanks for helping. i feel pretty dumb. i also now have 3 quick launches on my toolbar?? who knows... justin Logfile of HijackThis v1.99.1 Scan saved at 2:51:25 AM, on 3/30/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Dudez\ProtoWall\ProtoWall.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Dudez\ProtoWall\ProtoWall.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe |
| ||
| Re: surf sidekick 3 and other nondesirables Your last log looks good, you can uninstall SpySweeper if you are not going to purchase it now if you are sure you quarantined what was found. As for the Quick launch....unusual. Can you delete two of them? |
| ||
| Re: surf sidekick 3 and other nondesirables if i delete anything from it, it gets deleted from all three... really it's so strange and only started happening when istarted messing around with the virus stuff.... maybe i went too crazy on my registry key? also last but not least, one thing keeps being found... C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\R9G34SX8\sane[1].exe -> Backdoor.SdBot.xd : Cleaned with backup everything says it's leaning it but it's always there... should i bother? should i reboot in safe mode and manually delete it? and if i were to purchase one of these fine programs that saved my poor computer, would it be ewido or spysweeper? |
| ||
| Re: surf sidekick 3 and other nondesirables Have you actually messed with your registry keys? Can you get me a screenshot of this? For that file - just do as you said and reboot to Safe Mode and delete it. Ewido and SS are both solid so the vote would go either way if you asked 100 different people. I am a SS kind of guy myself :) |
| All times are GMT -4. The time now is 9:11 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC