Bombarded by Trojans & Spyware - Please Help

By RPalermo83
Mar 6, 2005
Topic Status:
Not open for further replies.
  1. My GF's computer has so much spyware that it is practically unusable. Surf Sidekick seems to be the biggest problem. I also found that the computer was infected by 2 Trojan's. I have cleaned up most of the problems with Ad-Aware & Spybot, but when I open IE, it stilll tries to open "toolbar.desktoptraffic.net" before the homepage. Below is my Hijack This log, please let me know what I've missed.

    Logfile of HijackThis v1.97.7
    Scan saved at 12:44:39 PM, on 3/6/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\TCDPLAY.DRV
    C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
    C:\PROGRAM FILES\CHECKPOINT\SECUREMOTE\BIN\SR_WATCHDOG.EXE
    C:\WINDOWS\SYSTEM\TWBROWSE.DRV
    C:\PROGRAM FILES\CHECKPOINT\SECUREMOTE\BIN\SR_SERVICE.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\CHECKPOINT\SECUREMOTE\BIN\SR_GUI.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\S3SYSKEY.EXE
    C:\WINDOWS\SYSTEM\TOSHIBSU.EXE
    C:\WINDOWS\SYSTEM\PSPCCARD.EXE
    C:\WINDOWS\SYSTEM\PWRTRAY.EXE
    C:\WINDOWS\SYSTEM\TESCKEY.EXE
    C:\WINDOWS\SYSTEM\TFUNCKEY.EXE
    C:\WINDOWS\SYSTEM\THOTKEY.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
    C:\WINDOWS\SYSTEM\MSNAV32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\MY DOCUMENTS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.loyola.edu/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.loyola.edu
    R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
    R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\PROGRAM FILES\SURFSIDEKICK 2\SSKBHO.DLL (file missing)
    O1 - Hosts: 144.126.1.35 avupdate.loyola.edu
    O1 - Hosts: 144.126.1.15 susserver.loyola.edu
    O2 - BHO: (no name) - {9C2B4542-DB0D-2FBB-C88F-392AB8584CE6} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\SYSTEM\DSKTRF1.DLL
    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
    O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\PYNIX.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [s3syskey] s3syskey.exe
    O4 - HKLM\..\Run: [TMOUSE] C:\Toshiba\Mouse\tmouse.exe
    O4 - HKLM\..\Run: [TOSHIBSU] TOSHIBSU.EXE
    O4 - HKLM\..\Run: [PsPCCard] PsPCCard.EXE
    O4 - HKLM\..\Run: [PowerTray] PwrTray.EXE
    O4 - HKLM\..\Run: [TEscKey] TESCKEY.EXE
    O4 - HKLM\..\Run: [TFunckey] TFUNCKEY.EXE
    O4 - HKLM\..\Run: [THotkey] THotkey.Exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\vptray.exe
    O4 - HKLM\..\Run: [App32dll] C:\WINDOWS\SYSTEM\MSNAV32.EXE dvd
    O4 - HKLM\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [TCDPlay] TCDPlay.Drv
    O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\rtvscn95.exe
    O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\defwatch.exe
    O4 - HKLM\..\RunServices: [SR_Service] C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
    O4 - HKLM\..\RunServices: [TWBrowse] TWBrowse.Drv
    O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
    O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\WINDOWS\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://diagnostics.support.hp.com/motivedocs/ces/ishield/isetup.cab
    O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0565548f78745d839817/netzip/RdxIE6.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38020.7179166667
    O16 - DPF: {276595D9-1388-512A-F24E-B6B3DE32B732} - http://media.cdigix.com/Performer/downloads/PerformerSetup.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409


    Thank you,
    Rob
  2. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.