Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Malware /Spyware Removal Spybot and Online Virus Scanner won't open. Surfsidekick?
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Malware /Spyware Removal Spybot and Online Virus Scanner won't open. Surfsidekick?  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : Malware /Spyware Removal Spybot and Online Virus Scanner won't open. Surfsidekick?
[ << Previous Thread | Next Thread >> ]

chadcraddock
New Member


Date Joined Aug 2006
Total Posts : 3
  		   Posted 8-31-2006 9:29 (GMT +1)    Quote: Malware /Spyware Removal Spybot and Online Virus Scanner won't open. Surfsidekick?Alert an admin about: Malware /Spyware Removal Spybot and Online Virus Scanner won't open. Surfsidekick?
I think i may have some Malware/spyware/virus on my PC. I few days ago I noticed more and more pop up adverts and eventually discovered 'Surf Side Kick3'. I have followed numerous posts on various sites to remove this and it does appear to be gone now. However I can no longer open my Norton Anti Virus. The subsription did run out last week but I can't open it to update it. I have also followed the 'Before Posting A Log' post but i cannot open Spybot once downloaded. I also can't use any of the online virus scanners (the window just closes as soon as i open it). Below is my Hijack this log. I am on Windows 2000 professional. I hope someone can help.

Logfile of HijackThis v1.99.1
Scan saved at 11:06:58 PM, on 8/30/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\winservnt32.exe
C:\WINNT\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
F2 - REG:system.ini: Shell=Explorer.exe winservnt32.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,winservnt32.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [defender] C:\\dfndrff_14.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_14.exe
O4 - HKLM\..\Run: [bhxbaf2e] RUNDLL32.EXE w0f7ddc7.dll,n 003baf2b0000000a0f7ddc7
O4 - HKLM\..\Run: [newname] C:\\nwnmff_14.exe
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKLM\..\RunServices: [System Services] pah.exe
O4 - HKLM\..\RunServices: [SP2 Firewall/Internet Updater] crssrs.exe
O4 - HKLM\..\RunServices: [Windows Kernel System Service] wkssvc.exe
O4 - HKLM\..\RunServices: [MS Java for Windows XP & NT] javanet.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
O4 - HKCU\..\Run: [Atrl] C:\Documents and Settings\Administrator\Application Data\basa.exe
O4 - HKCU\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKCU\..\RunServices: [Windows Kernel System Service] wkssvc.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{894C8480-0E9F-4439-9E62-FE7DD2902920}: NameServer = 212.74.114.129 212.74.112.66
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


PLease let me know if there is anything else I need to post.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 8-31-2006 10:34 (GMT +1)    Quote: Malware /Spyware Removal Spybot and Online Virus Scanner won't open. Surfsidekick?Alert an admin about: Malware /Spyware Removal Spybot and Online Virus Scanner won't open. Surfsidekick?
Hi cool
 
 
We´ll try fix it manually - for a start
 
 
Show hidden Files:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html#4
 
 
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
 
 
Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked.
F2 - REG:system.ini: Shell=Explorer.exe winservnt32.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,winservnt32.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_14.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_14.exe
O4 - HKLM\..\Run: [bhxbaf2e] RUNDLL32.EXE w0f7ddc7.dll,n 003baf2b0000000a0f7ddc7
O4 - HKLM\..\Run: [newname] C:\\nwnmff_14.exe
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKLM\..\RunServices: [System Services] pah.exe
O4 - HKLM\..\RunServices: [SP2 Firewall/Internet Updater] crssrs.exe
O4 - HKLM\..\RunServices: [Windows Kernel System Service] wkssvc.exe
O4 - HKLM\..\RunServices: [MS Java for Windows XP & NT] javanet.exe
O4 - HKCU\..\Run: [Atrl] C:\Documents and Settings\Administrator\Application Data\basa.exe
O4 - HKCU\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKCU\..\RunServices: [Windows Kernel System Service] wkssvc.exe
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone


 
Reboot into Safe  Mode   by tapping F8 after the BIOS has loaded.
The Windows Advanced Options Menu appears.
Ensure that the Safe mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
 
 
Delete the following files or folders (delete item in bold). Please do not be concerned if
any of the items are not found as they may have been automatically removed by actions I had
you take earlier in the cleaning process.
 

Delete:
Files:
C:\WINNT\system32\winservnt32.exe
C:\\dfndrff_14.exe
C:\\kybrdff_14.exe
C:\Documents and Settings\Administrator\Application Data\basa.exe


Next go to Start- Search and scrolldown using the scroll bar on the right. Go down to More advanced options and click.
Be sure the first three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders
And delete:
w0f7ddc7.dll
wkssvc.exe
javanet.exe
pah.exe
--------------------------
crssrs.exe
<<Note – Don´t delete the legal csrss.exe


 
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
 
 
 
Reboot normally, post new log and tell how things are running
 
 

Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top
 

chadcraddock
New Member


Date Joined Aug 2006
Total Posts : 3
  		   Posted 8-31-2006 10:32 (GMT +1)    Quote: Malware /Spyware Removal Spybot and Online Virus Scanner won't open. Surfsidekick?Alert an admin about: Malware /Spyware Removal Spybot and Online Virus Scanner won't open. Surfsidekick?
Nice one that appears to have worked!!! Everything seems fine now updated my norton antivirus and ran a couple of online scanners! Thanks so much though i was going to have to take it to an expensive repair shop!! New Hijack Log below:

Logfile of HijackThis v1.99.1
Scan saved at 10:36:08 PM, on 8/31/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://uk.search.yahoo.com
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{894C8480-0E9F-4439-9E62-FE7DD2902920}: NameServer = 212.74.114.129 212.74.112.66
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 9-1-2006 8:59 (GMT +1)    Quote: Malware /Spyware Removal Spybot and Online Virus Scanner won't open. Surfsidekick?Alert an admin about: Malware /Spyware Removal Spybot and Online Virus Scanner won't open. Surfsidekick?
That´s good news yeah
 
 
 
Hide systemfiles again
From Windows Explorer, go to Tools>Folder Options> View tab.
Untick - Show hidden files and folder
Tick - Hide file extensions for known types
Tick - Hide protected operating system files
Click Yes to confirm & then click OK
 
 
 
You might want to read Tony Klein´s  article:

http://castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html
 

Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top
 

chadcraddock
New Member


Date Joined Aug 2006
Total Posts : 3
  		   Posted 9-2-2006 8:03 (GMT +1)    Quote: Malware /Spyware Removal Spybot and Online Virus Scanner won't open. Surfsidekick?Alert an admin about: Malware /Spyware Removal Spybot and Online Virus Scanner won't open. Surfsidekick?
Seriously thanks so much its very much appreciated!!!
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 9-3-2006 5:43 (GMT +1)    Quote: Malware /Spyware Removal Spybot and Online Virus Scanner won't open. Surfsidekick?Alert an admin about: Malware /Spyware Removal Spybot and Online Virus Scanner won't open. Surfsidekick?
Glad to help smilewinkgrin
 
 
 
Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please PM a Moderator and we will reopen it for you
 

Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top
 
New Topic Locked Topic Printable version of : Malware /Spyware Removal Spybot and Online Virus Scanner won't open. Surfsidekick?
 
Forum Information
Currently it is Wednesday, December 03, 2008 7:21 AM (GMT +1)
There are a total of 64.512 posts in 15.910 threads.
In the last 3 days there were 19 new threads and 75 reply posts. View Active Threads
Who's Online
This forum has 27326 registered members. Please welcome our newest member, DooN.
43 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Help with a (win32 trojan gen other) (0)03-12-2008 02:25:45 (finz)
Ok...I'm infected, now what? (24)03-12-2008 02:11:28 (Zalen)
Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTES (3)03-12-2008 02:08:19 (cgamm)
Trojan Horse Generic 12.KAO (5)03-12-2008 02:01:58 (Taryn)
No Safe Mode, explorer.exe crashes, no internet (0)03-12-2008 00:49:20 (roygbp)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard