got a problem... Surfsidekick

Just complete all the steps and attach the BitDefender, PandaActive, and HijackThis logs as requested. Make sure you install HijackThis exactly as instructed in step 7.

Did you run the SurfSideKick removal procedure too?

 

Okay! Just complete all the other steps!

 

First please empty your CounterSpy quarantine folder. Let me know if you can do that without any problems.

 

Why are you saving backups of cookies in the below folder?

C:\Program Files\Support.com\backup\Co\cookies.txt

Do you know what the below is? If not, delete it it:

C:\Sorrows_Furnace_Mini-Pak.exe

 

Okay! You have a ton of problems! Some of them can be real pains to fix manually. We are going to have to run a few more scanning tools but before we do that, I have a few questions and suggestions.

I see you have SpywareDoctor and CounterSpy installed and running. If they are not paid subscriptions versions, uninstall them before continuing with the below. If the are paid versions, uninstall one of them (your choice) and then continue. Let me know what your answers are for this later.

Please perform the below two scans and attach both the Ewido and Spy Sweeper logs. These two should remove a load of problems.

Running Spy Sweeper

Running Ewido Anti-Malware

Then also attach a new HJT log! Again do not reboot or power down afterwards.

 

Okay! Spy Sweeper and Ewido fixed a load of problems. Let's continue.

You need to update your version or Sun Java when we finish fixing your malware. You are way out of date.

Do you still have the below MSN, Google, and AOL Toolbars installed. They seem to be missing. Do you use these?
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)

Do you know what the below process is for? If not, add it to the list of things to fix and delete the file later.
O4 - HKCU\..\Run: [RiskIISetup.exe] C:\DOWNLO~1\RISKII~1.EXE /r


Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to Network Monitor ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

Network Monitor

Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Make sure viewing of hidden files is enabled (per the tutorial).


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [wahm] C:\windows\eee2.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
O4 - HKLM\..\Run: [ahkw] C:\windows\eee2.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O20 - Winlogon Notify: ssldr - C:\WINDOWS\
O20 - Winlogon Notify: wancp - wancp.dll (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\Network Monitor <--- the whole folder
C:\windows\eee2.exe
C:\WINDOWS\system32\loadadv64 or loadadv64.exe
C:\WINDOWS\system32\wancp.dll
C:\WINDOWS\SYSTEM32\ssldr32.dll

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Yes it was Network Monitor

Just continue with the other steps and we will see what happens.

 

You are not answering my questions.

In message number 16 I said:

You did not respond!

In message number 19 I said:

Again you have not responded!

 

Did you fix the below lines? I still see them:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)

Try again but shut down Spy Sweeper first. Also Reset Web Settings again with Spy Sweeper shut down.

 

But did you fix them again after shutting down Spy Sweeper because they were still in your previous HJT log. Check a new log and if they are still there, you must shutdown SpySweeper from the Task bar and then fix all those lines.

 

Okay then shut down all three of the below and try again:
Spy Sweeper
Ewido
Microsoft Windows Defender

 

Okay that's good. Now you do not want to leave all three of the below installed as a permanent solution:
Spy Sweeper
Ewido
Microsoft Windows Defender

The will cause your PC to slow down and can conflict with each other. The best one is Spy Sweeper but you must purchase it in order for it to be of any use in the long run. Ewido is also a pay program. Windows Defender is free right now and is a beta. So you should decide what you want to do but do not keep all three installed.

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

You're welcome. Surf Safely!