Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

need help surfsidekick3

Reply

Join Date: Sep 2005
Posts: 1
Reputation: idiot19 is an unknown quantity at this point 
Solved Threads: 0
idiot19 idiot19 is offline Offline
Newbie Poster

need help surfsidekick3

 
0
  #1
Sep 5th, 2005
Logfile of HijackThis v1.99.1
Scan saved at 8:49:21 PM, on 9/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00

(6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RnJhbmsgSG91c2UA\command.ex

e
C:\Program Files\ewido\security

suite\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy

Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\crmoxen.exe
C:\Program Files\VERITAS Software\Update

Manager\sgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common

Files\Real\Update_OB\realsched.exe
C:\Program

Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH

Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH

Jukebox\mmtask.exe
C:\WINDOWS\System32\medgs1.exe
C:\WINDOWS\System32\opr.exe
C:\Program Files\Webroot\Spy

Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program

Files\InterVideo\Common\Bin\WinCinemaMgr.

exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\dwwin.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Window Title = Microsoft
Internet Explorer provided by Optimum Online

R1 -
HKCU\Software\Microsoft\Windows\CurrentVer
sion\Internet Settings,ProxyServer =
192.168.100.11

R3 - URLSearchHook: (no name) -
{02EE5B04-F144-47BB-83FB-A60BD91B74A9} -
C:\Program Files\SurfSideKick 3\SskBho.dll

F2 - REG:system.ini: Shell=Explorer.exe
C:\WINDOWS\Nail.exe

O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search &
Destroy\SDHelper.dll

O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [StorageGuard] "C:\Program
Files\VERITAS Software\Update
Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [iTunesHelper] C:\Program
Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe"
-atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Program
Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program
Files\Common
Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [SunJavaUpdateSched]
C:\Program
Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [MMTray] "C:\Program
Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [mmtask] "C:\Program
Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [uveruh]
C:\WINDOWS\uveruh.exe

O4 - HKLM\..\Run: [MedGS]
C:\WINDOWS\System32\medgs1.exe

O4 - HKLM\..\Run: [opr]
C:\WINDOWS\System32\opr.exe

O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSCo
nfig.exe /auto

O4 - HKLM\..\Run: [SpySweeper] "C:\Program
Files\Webroot\Spy Sweeper\SpySweeper.exe"
/startintray

O4 - HKLM\..\Run: [winsync]
C:\WINDOWS\System32\drtrpg.exe reg_run

O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program
Files\SurfSideKick 3\Ssk.exe

O4 - HKLM\..\Run: [KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [jqsdea]
C:\WINDOWS\System32\crmoxen.exe r

O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program
Files\SurfSideKick 3\Ssk.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: InterVideo WinCinema
Manager.lnk = C:\Program
Files\InterVideo\Common\Bin\WinCinemaMgr.
exe

O4 - Global Startup: Microsoft Office.lnk =
C:\Program Files\Microsoft
Office\Office\OSA9.EXE

O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links -
res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.ht
ml

O8 - Extra context menu item: Cached Snapshot
of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages -
res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into
English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF:

START_PAGE_URL=http://www.optonline.net
O16 - DPF:

{0878B424-1F95-4E26-B5AB-F0D349D89650} -

http://download.bargain-buddy.net/download/b

argain_buddy/cab/installer_MARKETING32.cab
O16 - DPF:

{15589FA1-C456-11CE-BF01-00AA0055595A} -

http://www.qoolaid.com/download/224/installe

r.exe
O16 - DPF:

{54823A9D-6BAE-11D5-B519-0050BA2413EB}

(ChkDVDCtl Class) -

http://www.gocyberlink.com/winxp/CheckDVD.

cab
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6

/V5Controls/en/x86/client/wuweb_site.cab?1125

863338365
O16 - DPF:

{8EDAD21C-3584-4E66-A8AB-EB0E5584767D} -

http://toolbar.google.com/data/GoogleActivate.c

ab
O16 - DPF:

{972BB342-14A7-4660-83C1-51DDBEE171DB} -

http://www.pacimedia.com/install/pcs_0022.ex

e
O16 - DPF:

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

(ActiveScan Installer Class) -

http://www.pandasoftware.com/activescan/as5/

asinst.cab
O16 - DPF:

{D719897A-B07A-4C0C-AEA9-9B663A28DFCB}

(iTunesDetector Class) -

http://ax.phobos.apple.com.edgesuite.net/detect

ion/ITDetector.cab
O16 - DPF:

{E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -

http://download.abacast.com/download/files/ab

asetup142f1.cab
O20 - AppInit_DLLs: repairs.dll
O23 - Service: Command Service (cmdService) -

Unknown owner -

C:\WINDOWS\RnJhbmsgSG91c2UA\command.ex

e
O23 - Service: ewido security suite control -

ewido networks - C:\Program

Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Gear Security Service

(GEARSecurity) - GEAR Software -

C:\WINDOWS\System32\gearsec.exe
O23 - Service: InstallDriver Table Manager

(IDriverT) - Macrovision Corporation -

C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel

32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple

Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service

(NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) -

Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Webroot Spy Sweeper Engine

(svcWRSSSDK) - Webroot Software, Inc. -

C:\Program Files\Webroot\Spy

Sweeper\WRSSSDK.exe
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 210
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: need help surfsidekick3

 
0
  #2
Sep 6th, 2005
Hi idiot19, welcome to DaniWeb

Please follow the suggestions and instructions in the links below (don't skip the Windows Updates!). When you get to the end of the last one, go to post #5 to remove Aurora.

When you've completed that, post a new HijackThis log (include the entire log next time) along with your Ewido log.
Links to help you help yourself :

Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html

Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html

Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus apple attack audio backtoschoolspeech bar blackhat botnet botnets china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia email europe exam facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC