antivirus.startpagina.nl

I GOT INFECTED!!!

  • Anonymous avatar

    Erik

    Now fix these lines with HJt and try to delete the surfside kick folder

    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll

    O4 - HKLM\..\Run: C:\Program Files\SurfSideKick 3\Ssk.exe

    O4 - HKCU\..\Run: C:\Program Files\SurfSideKick 3\Ssk.exe

    O20 - AppInit_DLLs: repairs302972949.dll

    Check if this repairs.dll came back please

  • Anonymous avatar

    Scott

    there is a error something about backup….

  • Anonymous avatar

    Erik

    Could you be more specific about the error :?

  • Anonymous avatar

    Scott

    i have to go ill be back in a few hours hopefully u will be around and we can continue…. sorry

  • Anonymous avatar

    Erik

    I am very sorry too but I have to get up early so I can stay for 10 more minutes and otherwise it will be tomorrow.

    You could open HJT go to config>backups>delete all

  • Anonymous avatar

    Scott

    sorry for the caps Auk didnt mean it like that

  • Anonymous avatar

    Scott

    hey i think i got rid of it i did everything again in safe mode and after i did a few things it let me delete it! check this log to make sure its all gone…. the surfside 3 is gone now though the one i could not get rid of and some of the things that were not working on my computer before work now. thanks for all the help and let me know if that is everything

    Logfile of HijackThis v1.99.1

    Scan saved at 2:09:41 PM, on 10/26/2005

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\System32\ibmpmsvc.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\S24EvMon.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    C:\Program Files\Symantec AntiVirus\DefWatch.exe

    C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\System32\QCONSVC.EXE

    C:\WINDOWS\System32\RegSrvc.exe

    C:\Program Files\Symantec AntiVirus\SavRoam.exe

    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    C:\WINDOWS\system32\TpKmpSVC.exe

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\AIM\aim.exe

    C:\Program Files\MSN Messenger\msnmsgr.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Documents and Settings\sbaldauf\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acs.nmu.edu/home.php

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.acs.nmu.edu/home.php

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 68.213.34.54:80

    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

    O4 - HKLM\..\Run: c:\nmutools\backup_reminder.exe

    O4 - HKLM\..\Run: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Image Transfer.lnk = ?

    O4 - Global Startup: TurnWirelessOff.lnk = C:\nmutools\turnwirelessoff.vbs

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

    O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

    O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

    O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

    O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE

    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

  • Anonymous avatar

    Erik

    Just fix this one line in HJT:

    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)

    If your problems are gone I considder it case closed :-)

  • Anonymous avatar

    Scott

    alright thanks so much Erik! i think it is gone ill let you know if I have any more troubles… once again thanks you saved me a ton of time and problems re-imaging my computer…

    Thanks,

    Scott

  • Anonymous avatar

    Erik

    Anytime Scott,

    My pleasure :-)