Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » Please help Search sidekick and betterinternet(!

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

Please help Search sidekick and betterinternet(!

Reply
Page 1 of 2 1 2
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 14-06-2006, 02:37 PM
Junior Member
New Recruit
  
Join Date: Feb 2006
Posts: 26
andrew2 Is a beginner here at D-A-L
Please help Search sidekick and betterinternet(!
Please help me to remove this. Search side kick is in C /programs

but it won't let me delete the files. It is not in the add/remove programs list.

Logfile of HijackThis v1.99.1
Scan saved at 9:33:53 AM, on 6/14/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\system32\MSTask.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Verdiem\SurveyorSD\Bin\SurveyorSD.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\Verdiem\SurveyorSD\bin\SurveyorSession.exe
C:\WINNT\thiselt.exe
C:\WINNT\CCZoop05.exe
C:\WINNT\sys021627652016.exe
C:\Program Files\atce\trdb.exe
C:\Program Files\??sks\?xplorer.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\Security\HJT\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\system32\btycb.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,mpgfluj.ex e
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINNT\system32\nspE.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINNT\system32\irsmswva.dll
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINNT\system32\adrotate.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SurveyorSession] C:\Program Files\Verdiem\SurveyorSD\bin\SurveyorSession.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINNT\thiselt.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\CCZoop05.exe
O4 - HKLM\..\Run: [sys021627652016] C:\WINNT\sys021627652016.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\system32\lkiwbp.exe reg_run
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [irssyncd] C:\WINNT\system32\irssyncd.exe
O4 - HKCU\..\Run: [Brct] "C:\Program Files\atce\trdb.exe" -vt yazb
O4 - HKCU\..\Run: [Reidi] C:\Program Files\??sks\?xplorer.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://finance.admin.ccny.cuny.edu/C...ses/CFJava.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://134.74.86.5/activex/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS2\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS3\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O20 - AppInit_DLLs: repairs303169590.dll
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINNT\system32\HPZipm12.exe (file missing)
O23 - Service: Verdiem Surveyor Client (SurveyorSD) - Verdiem Corp. - C:\Program Files\Verdiem\SurveyorSD\Bin\SurveyorSD.exe
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 14-06-2006, 10:01 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Please help Search sidekick and betterinternet(!
Welcome to DAL,


Please download Brute Force Uninstaller to your desktop. (rightclick on this link and choose save as, if using IE save target as)
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
  • Download qoofix.bat (rightclick on this link and choose save as, if using IE save target as)
  • Place qoofix.bat in your C:\BFU - folder. (Important!)
  • Doubleclick qooFix.bat, Close all browsers and explorer folders.
  • Choose option 1 (Qoolfix autofix) and follow the prompts.
  • Please be patient, it will take about five minutes.
  • After the PC has restarted please post another hijackthis log.


Also...


To UNINSTALL Surf Sidekick 3


Go Start>>Run>>copy/paste the following into the box:

"C:\Program Files\SurfSidekick 3\Ssk.exe" /u

Note: (Quotation marks are required)

Press OK

REBOOT your system

Please post a fresh HJT log[/list]
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 16-06-2006, 05:08 PM
Junior Member
New Recruit
  
Join Date: Feb 2006
Posts: 26
andrew2 Is a beginner here at D-A-L
Re: Please help Search sidekick and betterinternet(!
Thanks, followed the above directions, but pop ups still appearing

Logfile of HijackThis v1.99.1
Scan saved at 12:06:45 PM, on 6/16/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\system32\MSTask.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Verdiem\SurveyorSD\Bin\SurveyorSD.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\Verdiem\SurveyorSD\bin\SurveyorSession.exe
C:\WINNT\thiselt.exe
C:\WINNT\sys021627652016.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\??sks\?xplorer.exe
C:\WINNT\ASEMBL~1\userinit.exe
D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\PROGRA~1\HOSTEX~1.NT\HOSTEX32.EXE
D:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\Security\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SurveyorSession] C:\Program Files\Verdiem\SurveyorSD\bin\SurveyorSession.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINNT\thiselt.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\CCZoop05.exe
O4 - HKLM\..\Run: [sys021627652016] C:\WINNT\sys021627652016.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Reidi] C:\Program Files\??sks\?xplorer.exe
O4 - HKCU\..\Run: [Brct] "C:\WINNT\ASEMBL~1\userinit.exe" -vt ndrv
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://finance.admin.ccny.cuny.edu/C...ses/CFJava.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS2\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS3\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O20 - AppInit_DLLs: C:\WINNT\system32\spool32.dll
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINNT\system32\HPZipm12.exe (file missing)
O23 - Service: Verdiem Surveyor Client (SurveyorSD) - Verdiem Corp. - C:\Program Files\Verdiem\SurveyorSD\Bin\SurveyorSD.exe
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 17-06-2006, 04:39 AM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Please help Search sidekick and betterinternet(!
HI,



Go to Start>Control Panel>Add/Remove Programs and look for PuritySCAN By OIN, , OIN or similar or click spring , click on it and click remove.

If not listed, download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed

Reboot when done and delete this folder if found:
C:\Program Files\PurityScan


post a new HJT log please. Thanks.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 19-06-2006, 02:52 PM
Junior Member
New Recruit
  
Join Date: Feb 2006
Posts: 26
andrew2 Is a beginner here at D-A-L
Re: Please help Search sidekick and betterinternet(!
Tried above, but still getting elite-media and other pop-ups. Sorry.

Logfile of HijackThis v1.99.1
Scan saved at 9:51:19 AM, on 6/19/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\system32\MSTask.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Verdiem\SurveyorSD\Bin\SurveyorSD.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\Verdiem\SurveyorSD\bin\SurveyorSession.exe
C:\WINNT\thiselt.exe
C:\WINNT\sys021627652016.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\DOCUME~1\user\APPLIC~1\WNSXS~1\ntvdm.exe
C:\Documents and Settings\user\Application Data\?ymantec\w?wexec.exe
C:\Documents and Settings\user\Desktop\Security\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SurveyorSession] C:\Program Files\Verdiem\SurveyorSD\bin\SurveyorSession.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINNT\thiselt.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\CCZoop05.exe
O4 - HKLM\..\Run: [sys021627652016] C:\WINNT\sys021627652016.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Atf] C:\Documents and Settings\user\Application Data\?ymantec\w?wexec.exe
O4 - HKCU\..\Run: [Brct] "C:\DOCUME~1\user\APPLIC~1\WNSXS~1\ntvdm.exe" -vt ndrv
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://finance.admin.ccny.cuny.edu/C...ses/CFJava.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS2\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS3\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O20 - AppInit_DLLs: C:\WINNT\system32\spool32.dll C:\WINNT\system32\msdtc.dll
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINNT\system32\HPZipm12.exe (file missing)
O23 - Service: Verdiem Surveyor Client (SurveyorSD) - Verdiem Corp. - C:\Program Files\Verdiem\SurveyorSD\Bin\SurveyorSD.exe
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 19-06-2006, 08:03 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Please help Search sidekick and betterinternet(!
OK, thanks,


Please download this file to your desktop - http://www.mvps.org/winhelp2002/DelDomains.inf

Right click on the file you downloaded and select install. This resets the trusted and restricted zones to defaults.

Note: if you have immunized with Spybot this takes those off. You will have to re-immunize with Spybot. If you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both of those afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.

Reboot.


I need to see an Ewido scan log, you still have it don't you?


If not:



Please download, install, and update the NEW free version of Ewido trojan scanner:

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

From the main ewido screen, click on update in the left menu, then click the Start update button.

After the update finishes (the status bar at the bottom will display "Update successful")

Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.

If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.

When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Post the log Ewido makes back here please and a new hijackthis log. Thanks.



Also:


Go here BitDefender and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).

And post a new HJT log also..
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 21-06-2006, 07:09 PM
Junior Member
New Recruit
  
Join Date: Feb 2006
Posts: 26
andrew2 Is a beginner here at D-A-L
Re: Please help Search sidekick and betterinternet(!
Yes, I'm embarrased to be back here, I guess I will never learn not to download Sharon Stone stuff at work.

Anyway here I downloaded new version of ewido:

wido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:01:41 PM 6/21/2006

+ Scan result:



C:\Program Files\Common Files\misc001\webhc1.exe/whAgent.exe -> Adware.WebHancer : No action taken.
C:\Program Files\whInstall -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\Sporder.dll -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\webhdll.dll -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\whAgent.exe -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\whSurvey.exe -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\whiehlpr.dll -> Adware.Webhancer : No action taken.
C:\Program Files\Common Files\svchostsys\svchostsys.exe -> Downloader.Small : No action taken.
C:\Program Files\Common Files\svchostsys\svchostupdate.exe -> Downloader.Small : No action taken.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\VMWFVDGP\new[1].htm -> Not-A-Virus.Constructor.Perl.Msdds.b : No action taken.
C:\Documents and Settings\user\Local Settings\Temp\ICD1.tmp\UWA6P_0001_N822M1605NetInst aller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : No action taken.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\WinAntiVirusPro2006Free Install[1].cab/UWA6P_0001_N822M1605NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : No action taken.
C:\WINNT\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N822M1605NetInstaller. exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : No action taken.
C:\WINNT\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N822M1605NetInstaller. exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : No action taken.
C:\WINNT\Downloaded Program Files\UWA6P_0001_N822M1605NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : No action taken.
C:\Documents and Settings\user\Cookies\user@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\user\Cookies\user@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\user\Cookies\user@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\user\Cookies\user@adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\user\Cookies\user@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\user\Cookies\user@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\user\Cookies\user@bfast[1].txt -> TrackingCookie.Bfast : No action taken.
C:\Documents and Settings\user\Cookies\user@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\user\Cookies\user@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\user\Cookies\user@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\user\Cookies\user@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\user\Cookies\user@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\user\Cookies\user@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\user\Cookies\user@fastclick[3].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\user\Cookies\user@ehg-411web.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\user\Cookies\user@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\user\Cookies\user@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\user\Cookies\user@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\user\Cookies\user@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\user\Cookies\user@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\user\Cookies\user@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\user\Cookies\user@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\user\Cookies\user@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\user\Cookies\user@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\user\Cookies\user@h.starware[1].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\user\Cookies\user@try.starware[1].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\user\Cookies\user@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\user\Cookies\user@anat.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\user\Cookies\user@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\user\Cookies\user@targetnet[2].txt -> TrackingCookie.Targetnet : No action taken.
C:\Documents and Settings\user\Cookies\user@login.tracking101[1].txt -> TrackingCookie.Tracking101 : No action taken.
C:\Documents and Settings\user\Cookies\user@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\user\Cookies\user@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.28:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.29:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.30:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Program Files\Common Files\simtest\sysstall.exe -> Trojan.Zapchast.bl : No action taken.


::Report end

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:03:54 PM, on 6/21/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\system32\MSTask.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Verdiem\SurveyorSD\Bin\SurveyorSD.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\Verdiem\SurveyorSD\bin\SurveyorSession.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINNT\ms057652016162.exe
D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Documents and Settings\user\Desktop\Security\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SurveyorSession] C:\Program Files\Verdiem\SurveyorSD\bin\SurveyorSession.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\CCZoop05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [ms057652016162] C:\WINNT\ms057652016162.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Atf] C:\Documents and Settings\user\Application Data\?ymantec\w?wexec.exe
O4 - HKCU\..\Run: [Brct] "C:\DOCUME~1\user\APPLIC~1\WNSXS~1\ntvdm.exe" -vt ndrv
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://finance.admin.ccny.cuny.edu/C...ses/CFJava.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS2\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS3\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O20 - AppInit_DLLs: C:\WINNT\system32\spool32.dll C:\WINNT\system32\msdtc.dll
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINNT\system32\HPZipm12.exe (file missing)
O23 - Service: Verdiem Surveyor Client (SurveyorSD) - Verdiem Corp. - C:\Program Files\Verdiem\SurveyorSD\Bin\SurveyorSD.exe
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe

BitDefender log to follow.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 22-06-2006, 12:10 AM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Please help Search sidekick and betterinternet(!
Hi,

You have to run Ewido again and stay with it and remove all it finds. Thanks.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 22-06-2006, 02:44 PM
Junior Member
New Recruit
  
Join Date: Feb 2006
Posts: 26
andrew2 Is a beginner here at D-A-L
Re: Please help Search sidekick and betterinternet(!
Ok running ewido again. Meanwhile:

BitDefender Online Scanner



Scan report generated at: Wed, Jun 21, 2006 - 17:31:23





Scan path: A:\;C:\;D:\;E:\;







Statistics

Time
01:27:36

Files
277992

Folders
2296

Boot Sectors
5

Archives
4036

Packed Files
40828




Results

Identified Viruses
13

Infected Files
15

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
15




Engines Info

Virus Definitions
388968

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
39

Unpack plugins
5

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav a.jar-3197ec81-6f9ba7e9.zip=>GetAccess.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav a.jar-3197ec81-6f9ba7e9.zip=>GetAccess.class
Disinfection failed

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav a.jar-3197ec81-6f9ba7e9.zip=>GetAccess.class
Deleted

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav a.jar-3197ec81-6f9ba7e9.zip
Updated

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav a.jar-3197ec81-6f9ba7e9.zip=>Installer.class
Infected with: Trojan.Downloader.Java.Openconnection.AJ

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav a.jar-3197ec81-6f9ba7e9.zip=>Installer.class
Disinfection failed

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav a.jar-3197ec81-6f9ba7e9.zip=>Installer.class
Deleted

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav a.jar-3197ec81-6f9ba7e9.zip
Updated

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav a.jar-3197ec81-6f9ba7e9.zip=>NewSecurityClassLoader.class
Infected with: Trojan.Exploit.Byteverify.G

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav a.jar-3197ec81-6f9ba7e9.zip=>NewSecurityClassLoader.class
Disinfection failed

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav a.jar-3197ec81-6f9ba7e9.zip=>NewSecurityClassLoader.class
Deleted

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav a.jar-3197ec81-6f9ba7e9.zip
Updated

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav a.jar-3197ec81-6f9ba7e9.zip=>NewURLClassLoader.class
Infected with: Trojan.Java.Byteverify.Exploit.C

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav a.jar-3197ec81-6f9ba7e9.zip=>NewURLClassLoader.class
Disinfection failed

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav a.jar-3197ec81-6f9ba7e9.zip=>NewURLClassLoader.class
Deleted

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav a.jar-3197ec81-6f9ba7e9.zip
Updated

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv640.jar-2b09cfd1-71775736.zip=>Matrix.class
Infected with: Java.Trojan.Downloader.OpenStream.C

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv640.jar-2b09cfd1-71775736.zip=>Matrix.class
Disinfection failed

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv640.jar-2b09cfd1-71775736.zip=>Matrix.class
Deleted

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv640.jar-2b09cfd1-71775736.zip
Updated

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv640.jar-2b09cfd1-71775736.zip=>Counter.class
Infected with: Trojan.Java.Classloader.H

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv640.jar-2b09cfd1-71775736.zip=>Counter.class
Disinfection failed

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv640.jar-2b09cfd1-71775736.zip=>Counter.class
Deleted

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv640.jar-2b09cfd1-71775736.zip
Updated

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv640.jar-2b09cfd1-71775736.zip=>Dummy.class
Infected with: Trojan.Java.Classloader.G

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv640.jar-2b09cfd1-71775736.zip=>Dummy.class
Disinfection failed

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv640.jar-2b09cfd1-71775736.zip=>Dummy.class
Deleted

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv640.jar-2b09cfd1-71775736.zip
Updated

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv640.jar-2b09cfd1-71775736.zip=>Parser.class
Infected with: Trojan.Java.Classloader.D

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv640.jar-2b09cfd1-71775736.zip=>Parser.class
Disinfection failed

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv640.jar-2b09cfd1-71775736.zip=>Parser.class
Deleted

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv640.jar-2b09cfd1-71775736.zip
Updated

C:\Documents and Settings\user\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\75C4A929-BBC6-462E-A23F-352D95\252F4327-7F48-4468-95DC-600D0F
Infected with: Trojan.Clicker.Small.JF

C:\Documents and Settings\user\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\75C4A929-BBC6-462E-A23F-352D95\252F4327-7F48-4468-95DC-600D0F
Disinfection failed

C:\Documents and Settings\user\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\75C4A929-BBC6-462E-A23F-352D95\252F4327-7F48-4468-95DC-600D0F
Deleted

C:\Documents and Settings\user\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\75C4A929-BBC6-462E-A23F-352D95\70788C14-C835-409E-8EC9-2C39B7
Infected with: Dropped:Trojan.Clicker.Small.JF

C:\Documents and Settings\user\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\75C4A929-BBC6-462E-A23F-352D95\70788C14-C835-409E-8EC9-2C39B7
Disinfection failed

C:\Documents and Settings\user\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\75C4A929-BBC6-462E-A23F-352D95\70788C14-C835-409E-8EC9-2C39B7
Deleted

C:\Documents and Settings\user\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\75C4A929-BBC6-462E-A23F-352D95\7B7F406E-E4E2-4512-A772-AE63B0
Infected with: Dropped:Trojan.Clicker.Small.JF

C:\Documents and Settings\user\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\75C4A929-BBC6-462E-A23F-352D95\7B7F406E-E4E2-4512-A772-AE63B0
Disinfection failed

C:\Documents and Settings\user\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\75C4A929-BBC6-462E-A23F-352D95\7B7F406E-E4E2-4512-A772-AE63B0
Deleted

C:\Documents and Settings\user\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\75C4A929-BBC6-462E-A23F-352D95\CC78C072-D1AA-43C5-9B46-9D5369
Infected with: Dropped:Trojan.Clicker.Small.JF

C:\Documents and Settings\user\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\75C4A929-BBC6-462E-A23F-352D95\CC78C072-D1AA-43C5-9B46-9D5369
Disinfection failed

C:\Documents and Settings\user\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\75C4A929-BBC6-462E-A23F-352D95\CC78C072-D1AA-43C5-9B46-9D5369
Deleted

C:\Documents and Settings\user\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\B824F4C4-B82A-4E06-9252-1A66D2\73A1AF6C-4EE1-444B-8C64-806BD4
Infected with: Trojan.Dropper.Small.QN

C:\Documents and Settings\user\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\B824F4C4-B82A-4E06-9252-1A66D2\73A1AF6C-4EE1-444B-8C64-806BD4
Disinfection failed

C:\Documents and Settings\user\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\B824F4C4-B82A-4E06-9252-1A66D2\73A1AF6C-4EE1-444B-8C64-806BD4
Deleted

C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\8LENGHU3\xp-bc-728[1].swf=>[SWF command]
Infected with: Trojan.SwfDL.A

C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\8LENGHU3\xp-bc-728[1].swf=>[SWF command]
Disinfection failed

C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\8LENGHU3\xp-bc-728[1].swf=>[SWF command]
Deleted

C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\8LENGHU3\xp-bc-728[1].swf
Update failed

C:\Program Files\Common Files\svchostsys\svchostsys.exe
Infected with: Trojan.Downloader.MSIL.A

C:\Program Files\Common Files\svchostsys\svchostsys.exe
Disinfection failed

C:\Program Files\Common Files\svchostsys\svchostsys.exe
Deleted

And
Logfile of HijackThis v1.99.1
Scan saved at 9:42:13 AM, on 6/22/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\system32\MSTask.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Verdiem\SurveyorSD\Bin\SurveyorSD.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\Verdiem\SurveyorSD\bin\SurveyorSession.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINNT\ms057652016162.exe
D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\webHancer\Programs\whsurvey.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\HOSTEX~1.NT\HOSTEX32.EXE
C:\Documents and Settings\user\Desktop\Security\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SurveyorSession] C:\Program Files\Verdiem\SurveyorSD\bin\SurveyorSession.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\CCZoop05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [ms057652016162] C:\WINNT\ms057652016162.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Atf] C:\Documents and Settings\user\Application Data\?ymantec\w?wexec.exe
O4 - HKCU\..\Run: [Brct] "C:\DOCUME~1\user\APPLIC~1\WNSXS~1\ntvdm.exe" -vt ndrv
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://finance.admin.ccny.cuny.edu/C...ses/CFJava.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS2\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS3\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O20 - AppInit_DLLs: C:\WINNT\system32\spool32.dll C:\WINNT\system32\msdtc.dll
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINNT\system32\HPZipm12.exe (file missing)
O23 - Service: Verdiem Surveyor Client (SurveyorSD) - Verdiem Corp. - C:\Program Files\Verdiem\SurveyorSD\Bin\SurveyorSD.exe
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 22-06-2006, 08:48 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Please help Search sidekick and betterinternet(!
Some of that stuff "webhancer" that was ignored while doing Ewido has hijacked your internet connection and you are in danger of loseing internet connection.


After Ewido also post another HJT log please.


Did you do this from previous instructions?

Quote:
Please download this file to your desktop - http://www.mvps.org/winhelp2002/DelDomains.inf

Right click on the file you downloaded and select install. This resets the trusted and restricted zones to defaults.

Note: if you have immunized with Spybot this takes those off. You will have to re-immunize with Spybot. If you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both of those afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.

Reboot.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
CoolWebSearch, BetterInternet, and Iefeats (adware) theEricator Spyware, Adware, Viruses and HijackThis Logs 8 07-05-2005 08:40 PM
CoolWebSearch, Iefeats, and BetterInternet (adware) theEricator Windows 2000 Help 1 03-05-2005 02:56 PM


All times are GMT +1. The time now is 10:37 AM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav