Hi and Welcome to TSF
Before attacking an adware/spyware problem with hijackthis make sure you have already run ad-aware SE with VX2 addon cleaner, Spybot Search & Destroy (with updated database) and CWShredder as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log…..
Please update hijackthis as your using an old version!!
Run an online virus scan from
TrendMicro Please select the “autoclean” option when prompted to do so.
Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore.
Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove SurfSideKick if listed. Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper100.dll
O2 - BHO: (no name) - {658E695C-9D49-1F82-8256-10550CD52F4A} - C:\WINDOWS\System32\aoev.dll (file missing)
O2 - BHO: (no name) - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINDOWS\System32\lmf32.dll
O2 - BHO: (no name) - {8F68E103-F21F-4AA3-9B11-77E98B3AF993} - C:\WINDOWS\System32\fqbzj.dll
O4 - HKLM\..\Run: [pgtaff] C:\WINDOWS\pgtaff.exe
O4 - HKLM\..\Run: [fqbzjc] C:\WINDOWS\System32\fqbzjc.exe
O4 - HKLM\..\Run: [cjrsddsxhsen] C:\WINDOWS\System32\lclviey.exe
O4 - HKLM\..\Run: [ldgh] C:\WINDOWS\Ufdvne.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Wang-Wang\Application Data\ttuh.exe
O4 - HKCU\..\Run: [pgtaff] C:\WINDOWS\pgtaff.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_8742.dll' missing
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/c...DC_1_0_0_41.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1093223657734
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.c...7889.7825578704
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/...are/install.cab
Delete the following Files/Folders in
RED (delete folders if no filename is specified) according to their directory (If you can't find them...do a search for them)
C:\Program Files\SurfSideKick 2\SskBho.dll
C:\WINDOWS\Helper100.dll
C:\WINDOWS\System32\aoev.dll
C:\WINDOWS\System32\lmf32.dll
C:\WINDOWS\System32\fqbzj.dll
C:\WINDOWS\pgtaff.exe
C:\WINDOWS\System32\fqbzjc.exe
C:\WINDOWS\System32\lclviey.exe
C:\Documents and Settings\Wang-Wang\Application Data\ttuh.exe
C:\WINDOWS\Ufdvne.exe
xfire_lsp_8742.dll
In safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.
Once done reboot into Normal Mode and post a new HijackThis log file to confirm what was removed and if it's clean or not. Once your clean you can enable system restore again.