Please have a look [popups - HJT log]

I keep getting constant pop ups in aol's browswer, not IE, even though pop up blocker is tuned on - i have been advised to do 'hijack this', please find below:
---------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 02:31:29, on 13/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\FinePixViewer\wdownload.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\DOCUME~1\LEEHEA~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O4 - HKCU\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /A "C:\WINDOWS\System32\E_S5A.tmp "
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/31be793ab77db3cb4902/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126977353957
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126977291798
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/1...com/opistat/activex/opinstall_en_4.1.0.18.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/btwebcontrol013.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C125DAC-ECCD-48AD-9002-4204B476A28E}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: repairs303169536.dll
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\h00qlad51d0.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

 

Hijack this

Hi, I have done as you said, below is the Hijack report:

Logfile of HijackThis v1.99.1
Scan saved at 22:11:09, on 15/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\Online Services\Refer me to more Internet Service Providers.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\LEEHEA~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /A "C:\WINDOWS\System32\E_S5A.tmp "
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/31be793ab77db3cb4902/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126977353957
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126977291798
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/1...com/opistat/activex/opinstall_en_4.1.0.18.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/btwebcontrol013.cab
O20 - AppInit_DLLs: repairs303169536.dll
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\lv8u09l9e.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe



I AM STILL GETTING POP-UPS ON MY COMPUTER - ALSO IT KEEPS MAKING A BLEEPING SOUND EVERY SO OFTEN FOR ABOUT 20 SECONDS AND EVERYTHING FREEZES.

 

Hello RobS,

Your infected with the SurfSideKick 3 variant.

The link will take you to step by step instructions for removal.

http://forums.majorgeeks.com/showthread.php?t=74266

Afterwards:

Download and scan with Ewido http://www.ewido.net/en/

Install as a scanner only: under "Additional Options ", uncheck "Install background guard" and "Install scan via context menu" and before using it, update it. Post anything it finds here, may need more than one post for it.

Then, re scan with HJT and post here.

Regards - Charles

 

what is hyjack? is it a programe

 

Hi Rob,

Yes, I'm still here and still waiting for:

Download and scan with Ewido http://www.ewido.net/en/

Install as a scanner only: under "Additional Options ", uncheck "Install background guard" and "Install scan via context menu" and before using it, update it. Post anything it finds here, may need more than one post for it.

Then, re scan with HJT and post here.

Regards - Charles

 

Ewido

Great, im currently doing the scan as i speak - i'll post it as soon as it's done. thanks for your help....

 

hijack log and ewido report

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 23:13:19, 21/05/2006
+ Report-Checksum: 8E604C32

+ Scan result:

[780] C:\WINDOWS\system32\wgvdmoe2.dll -> Adware.Look2Me : Ignored
[1680] C:\WINDOWS\system32\xwoqcoj.dll -> Downloader.Qoologic.bj : Ignored
[508] C:\WINDOWS\system32\xwoqcoj.dll -> Downloader.Qoologic.bj : Ignored
[1352] C:\WINDOWS\system32\xwoqcoj.dll -> Downloader.Qoologic.bj : Ignored
[1024] C:\WINDOWS\system32\xwoqcoj.dll -> Downloader.Qoologic.bj : Ignored
[2072] C:\WINDOWS\system32\xwoqcoj.dll -> Downloader.Qoologic.bj : Ignored
[2144] C:\WINDOWS\system32\xwoqcoj.dll -> Downloader.Qoologic.bj : Ignored
[2336] C:\WINDOWS\system32\xwoqcoj.dll -> Downloader.Qoologic.bj : Ignored
C:\WINDOWS\system32\__delete_on_reboot__wgvdmoe2.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\__delete_on_reboot__xwoqcoj.dll -> Downloader.Qoologic.bj : Ignored
C:\WINDOWS\system32\repairs303169587.dll -> Adware.Surfside : Ignored
C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : Ignored
C:\Program Files\SurfSideKick 3\SskBho.dll -> Adware.SurfSide : Ignored
C:\Program Files\SurfSideKick 3\SskCore.dll -> Adware.SurfSide : Ignored
C:\Program Files\SurfSideKick 3\Ssk.exe -> Adware.SurfSide : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP156\A0123158.exe -> Downloader.VB.acj : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP170\A0129747.exe -> Downloader.VB.vz : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129779.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129801.exe -> Hijacker.VB.ly : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129803.exe -> Downloader.Adload.bj : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129804.exe -> Downloader.Adload.bi : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129807.exe -> Downloader.VB.ys : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129808.exe -> Downloader.VB.yn : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129809.exe -> Downloader.VB.abj : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129812.exe -> Hijacker.VB.li : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129853.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129886.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129891.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0130889.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0130946.DLL -> Downloader.Agent.ahv : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0130954.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP172\A0130992.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP172\A0130999.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP172\A0131660.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP172\A0131665.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP172\A0131671.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP172\A0131691.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP172\A0131705.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0131715.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0131733.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0131748.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0132754.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0132771.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0132794.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0132812.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0132819.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0132835.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0132848.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0132858.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0132865.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0132880.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0132904.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0132911.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0133033.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0133039.exe -> Adware.AdURL : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134908.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134923.Dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134928.exe -> Downloader.PurityScan.cl : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134939.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134944.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134960.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134973.exe -> Downloader.Qoologic.at : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134974.dll -> Adware.SideFind : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134975.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134979.ocx -> Adware.MediaMotor : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134982.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135002.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135007.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135025.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135040.dll -> Adware.Surfside : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135041.exe -> Adware.SurfSide : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135044.dll -> Adware.Surfside : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135045.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135050.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135056.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135063.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135068.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135072.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135106.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135111.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135118.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135123.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135141.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136121.ocx -> Adware.MediaMotor : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136124.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136128.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136129.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136130.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136131.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136132.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136133.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136134.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136135.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136136.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136137.dll -> Downloader.Agent.agw : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136138.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136139.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136140.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136141.dll -> Adware.Mirar : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136142.dll -> Adware.Mirar : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136143.dll -> Adware.Ezula : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136144.dll -> Adware.Mirar : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136145.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136146.exe -> Dropper.Small.qn : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136147.exe -> Downloader.Small.buy : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136148.exe -> Downloader.VB.abj : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136149.exe -> Hijacker.VB.ly : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136150.exe -> Adware.AdURL : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136151.exe -> Trojan.Qoologic : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136152.exe -> Adware.Mirar : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136153.exe -> Downloader.Swizzor.c : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136154.exe -> Downloader.Adload.bm : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136155.exe -> Dropper.Agent.mf : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136156.exe -> Trojan.Scapur.k : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136157.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136158.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136159.exe -> Dropper.Small.qn : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136160.exe -> Dropper.VB.mz : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136162.dll -> Adware.CommAd : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136163.exe -> Downloader.PurityScan.bx : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136164.exe -> Adware.Agent : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136165.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136166.exe -> Adware.CommAd : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136167.dll -> Adware.Look2Me : Ignored
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136175.exe -> Adware.Agent : Ignored


::Report End

 

hijack report

Logfile of HijackThis v1.99.1
Scan saved at 19:07:30, on 22/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\WINDOWS\F?nts\n?lookup.exe
C:\Program Files\GreatMemo\GreatMemo.exe
C:\Program Files\Microsoft Picture It! 2002\cdlayout.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\DOCUME~1\LEEHEA~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\iyful.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,stmyvlx.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe "
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /A "C:\WINDOWS\System32\E_S5A.tmp "
O4 - HKCU\..\Run: [Lrrc] "C:\PROGRA~1\WNSXS~1\wucrtupd.exe" -vt yazb
O4 - HKCU\..\Run: [Wnpfkcof] C:\WINDOWS\F?nts\n?lookup.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: GreatMemo.lnk = C:\Program Files\GreatMemo\GreatMemo.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/31be793ab77db3cb4902/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126977353957
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126977291798
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/1...com/opistat/activex/opinstall_en_4.1.0.18.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/btwebcontrol013.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C125DAC-ECCD-48AD-9002-4204B476A28E}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: repairs303169587.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\l4p20e7oeh.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGVlIEhlYXRoZXIgUGFya2Vz\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

hi, charles, heres the reports as requested, and yes i did what you said about removing surf sidekick

thanks

rob

also. any idea what may be causing the constant beeping sound?

 

Hi Rob,

Want to make sure that hidden files on the system can be seen. Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is ticked. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

Then, bootup in safe mode.

Run HJT and click "Do a system scan only."

Place a check next the following items:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll

O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)

You have to delete files. You have a file unlocker on the system. If it doesn't work, then use MoveOnBoot http://www.snapfiles.com/get/moveonboot.html It will add a new item to your right click Context Menu, target that file with Move on Boot, and then reboot.

Delete C:\WINDOWS\system32\dmonwv.dll

Delete the folder C:\Program Files\SurfSideKick.

Then run a new HJT scan and post here.

Later we'll get rid of the entries in System Restore.

Regards - Charles

 

hijack log

hi charles - i've just deleted the ove files on hijckthis, but i couldn't find
C:\WINDOWS\system32\dmonwv.dll or C:\Program Files\SurfSideKick anywhere, but below is my recent hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 23:29:53, on 01/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\PROGRA~1\WNSXS~1\wucrtupd.exe
C:\WINDOWS\F?nts\n?lookup.exe
C:\Program Files\GreatMemo\GreatMemo.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\MP3 Easy\wmp3easy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\DOCUME~1\LEEHEA~1\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R3 - URLSearchHook: (no name) - {643BAFD6-1B32-37C0-6481-4046E399D7EC} - C:\WINDOWS\system32\lwxz.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\iyful.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,stmyvlx.exe
O2 - BHO: (no name) - {643BAFD6-1B32-37C0-6481-4046E399D7EC} - C:\WINDOWS\system32\lwxz.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /A "C:\WINDOWS\System32\E_S5A.tmp "
O4 - HKCU\..\Run: [Lrrc] "C:\PROGRA~1\WNSXS~1\wucrtupd.exe" -vt ndrv
O4 - HKCU\..\Run: [Wnpfkcof] C:\WINDOWS\F?nts\n?lookup.exe
O4 - Startup: GreatMemo.lnk = C:\Program Files\GreatMemo\GreatMemo.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/31be793ab77db3cb4902/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126977353957
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126977291798
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/1...com/opistat/activex/opinstall_en_4.1.0.18.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/btwebcontrol013.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C125DAC-ECCD-48AD-9002-4204B476A28E}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: C:\WINDOWS\system32\mshta.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGVlIEhlYXRoZXIgUGFya2Vz\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

regards - rob s

 

Hi Rob,

You've got multiple infections that require special handling. I've asked TeMerc, a security MVP, to help you with it. He has to go thru this thread and review your history.

One more thing, please repsond much more quickly to posts from us. Makes it that much harder to help if there is a huge lag in reponse time on your part and, you're picking up additional infections.

Regards - Chales

 

OK, thanks for being patient with us as we get back to looking at this log.

I got sidtracked this afternoon, and wound up dropping Jr off for an overinte stay with his cousin, and wife and I just returned from dinner.

I'll post this fix, then we're off to the movies!!

OK, we need to apply a special fix for the infection you have, called Qoologic.

Please download Brute Force Uninstaller to your desktop. (rightclick on this link and choose save as, if using IE save target as)

• Right click the BFU folder on your desktop, and choose Extract All
• Click "Next "
• In the box to choose where to extract the files to,
• Click "Browse "
• Click on the + sign next to "My Computer "
• Click on "Local Disk (C: ) or whatever your primary drive is
• Click "Make New Folder "
• Type in BFU
• Click "Next ", and Uncheck the "Show Extracted Files" box and then click "Finish ".
• Download qoofix.bat (rightclick on this link and choose save as, if using IE save target as)
• Place qoofix.bat in your C:\BFU - folder. (Important!)
• Doubleclick qooFix.bat, Close all browsers and explorer folders.
• Choose option 1 (Qoolfix autofix) and follow the prompts.
• Please be patient, it will take about five minutes.
• After the PC has restarted please post another hijackthis log.

 

Problem!!!

Hi many thanks for your reply......apologies for the delay as well, i keep turning my computer on and the minute the blue sceen comes up it starts making this constant beeping noise, it will then stop after about 5 mins, then it starts doing it again and stops me from typing anything. Im gonna try again tomorrow (thursday 8th) and i'll do as you have said above and then post my hijack log

many thanks

rob.s

 

hijack log

Hi temerc, i have downloaded the files as requested and done what needed to be done, and below is my hijack log. im off on holiday tomorrow until sunday 18th so wont be able to reply until then - thanks for this - rob

Logfile of HijackThis v1.99.1
Scan saved at 00:50:08, on 09/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows\WinUpdate.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\PROGRA~1\WNSXS~1\wucrtupd.exe
C:\WINDOWS\F?nts\n?lookup.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\GreatMemo\GreatMemo.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\DOCUME~1\LEEHEA~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R3 - URLSearchHook: (no name) - {09DC097C-E4CC-9360-CFCB-E4FC58F2E5BC} - C:\WINDOWS\system32\umi.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {09DC097C-E4CC-9360-CFCB-E4FC58F2E5BC} - C:\WINDOWS\system32\umi.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [qgsile] C:\WINDOWS\system32\rpoqlg.exe reg_run
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /A "C:\WINDOWS\System32\E_S5A.tmp "
O4 - HKCU\..\Run: [Lrrc] "C:\PROGRA~1\WNSXS~1\wucrtupd.exe" -vt ndrv
O4 - HKCU\..\Run: [Wnpfkcof] C:\WINDOWS\F?nts\n?lookup.exe
O4 - HKCU\..\Run: [ndakm] C:\WINDOWS\system32\rpoqlg.exe reg_run
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: GreatMemo.lnk = C:\Program Files\GreatMemo\GreatMemo.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/31be793ab77db3cb4902/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126977353957
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126977291798
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/1...com/opistat/activex/opinstall_en_4.1.0.18.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/btwebcontrol013.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\mshta.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGVlIEhlYXRoZXIgUGFya2Vz\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

 

termac

hi termac have u managed to look at the above yet?

thanks

rob

(back from hols now)

 

Below you will find my results and recommendations. Please read ALL instructions carefully BEFORE proceeding.

OK, seeing as its been so long since you last posted and Ewido has had many many updates since, lets up the program itself, it was just updated to version4, so remove the old one via Addr\Remove control panel and then install the newest version from here

Run it, let it remove everything, post the log back to this thread please.

After running Ewido, and before posting Ewido logfile, Do the following please.
Some of the following may be removed by Ewido.

We need to delete the extra copy of HJT found here:
C:\DOCUME~1\LEEHEA~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe<<<--delete please

Please follow these instructions, exactly, for proper HJT installation. Please place HJT into ITS OWN PERMANANT FOLDER. It also needs to be removed from the desktop.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. (C:\HJT\HijackThis.exe)Move HijackThis.exe into this folder. When you run HijackThis.exe from C:\HJT folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary which is easily accessible.

In the Program Files folder is not where it should be, thanks.

Then please go to 'Task Manager' by hitting Ctrl+Alt+Delete and 'End Task' on the following process(es):
C:\Program Files\Windows\WinUpdate.exe
C:\WINDOWS\F?nts\n?lookup.exe
C:\Program Files\TClock\TClock.exe


Run Hijackthis and look over the following entries I have listed, check the boxes next to them and press the "Fix Checked" button with HijackThis. When you are doing this, make sure you have No IE windows, or other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R3 - URLSearchHook: (no name) - {09DC097C-E4CC-9360-CFCB-E4FC58F2E5BC} - C:\WINDOWS\system32\umi.dll

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {09DC097C-E4CC-9360-CFCB-E4FC58F2E5BC} - C:\WINDOWS\system32\umi.dll


O4 - HKLM\..\Run: [qgsile] C:\WINDOWS\system32\rpoqlg.exe reg_run

O4 - HKCU\..\Run: [Wnpfkcof] C:\WINDOWS\F?nts\n?lookup.exe

O4 - HKCU\..\Run: [ndakm] C:\WINDOWS\system32\rpoqlg.exe reg_run

O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe

O4 - Startup: GreatMemo.lnk = C:\Program Files\GreatMemo\GreatMemo.exe


O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe


O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com


O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/31be793ab77db3c...p/RdxIE601.cab

O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab

O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/14...n_4.1.0.18.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab

O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/temp...control013.cab


O20 - AppInit_DLLs: C:\WINDOWS\system32\mshta.dll


O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGVlIEhlYXRoZXIgUGFya2Vz\command.exe (file missing)

Reboot, into safe mode, this way:
Turn on the computer
Immediately begin tapping the <F8> key.
Use the arrow keys to highlight Safe Mode and press the <Enter> key.

Also, enable the 'Show Hidden Folders' option, like this:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

And search for, then delete, if found, (some may not be present after previous steps) the following files/folders:
C:\Program Files\Windows<<<<---folder**Note file path, do not try to delete C:\Windosw folder!!!**
C:\WINDOWS\F?nts<<<<---folder
C:\Program Files\TClock<<<<---folder
C:\WINDOWS\system32\umi.dll<<<--file
C:\WINDOWS\system32\rpoqlg.exe <<<--file
C:\Program Files\GreatMemo<<<<---folder
C:\WINDOWS\TGVlIEhlYXRoZXIgUGFya2Vz<<<<---folder

To exit Safe Mode, click the Start button, click Turn Off Computer, click Restart.

Post a new HJT log back into this thread please along with the Ewdio log.

 

ewido scan

hi, i have removed my previous version of edido, and reinstalled the upto date version, below is the log:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 02:00:34 24/06/2006

+ Scan result:



C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0133039.exe -> Adware.AdURL : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136150.exe -> Adware.AdURL : No action taken.
C:\Program Files\QuickTime\__delete_on_reboot__w_Q_T_I_n_f_o_._e_x_e_ -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129779.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129853.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129891.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0130889.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0130954.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP172\A0130999.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP172\A0131660.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP172\A0131671.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0131715.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0132754.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0132819.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0132865.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0132911.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134908.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134944.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134982.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135007.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135050.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135068.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135111.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135123.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136124.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136157.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136164.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136175.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0137181.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0138184.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0138228.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0138239.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0138279.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP179\A0138937.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP180\A0140738.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP180\A0141738.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP180\A0142736.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP180\A0142769.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP180\A0142804.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP180\A0142834.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP181\A0142889.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP181\A0143889.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP181\A0144892.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP182\A0144939.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP182\A0144980.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP182\A0145980.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP182\A0147980.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP182\A0148023.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP182\A0148068.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP182\A0149065.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP182\A0149103.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP182\A0149138.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP183\A0149259.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP183\A0149295.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP184\A0149340.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP185\A0150383.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136162.dll -> Adware.CommAd : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136166.exe -> Adware.CommAd : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136143.dll -> Adware.Ezula : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129886.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP172\A0130992.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP172\A0131665.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP172\A0131691.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP172\A0131705.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0131733.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0131748.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0132771.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0132794.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0132812.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0132835.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0132848.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0132858.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP173\A0132880.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0132904.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0133033.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134923.Dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134939.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134960.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134975.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135002.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135025.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135045.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135056.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135063.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135072.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135106.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135118.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135141.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136128.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136129.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136130.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136131.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136132.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136133.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136134.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136135.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136136.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136138.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136139.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136140.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136145.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136165.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136167.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136177.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136179.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0137198.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\d20mlcd11f0.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\k6jslg1716.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\l4p20e7oeh.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\wenrnr.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134979.ocx -> Adware.MediaMotor : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136121.ocx -> Adware.MediaMotor : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136141.dll -> Adware.Mirar : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136142.dll -> Adware.Mirar : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136144.dll -> Adware.Mirar : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136152.exe -> Adware.Mirar : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134930.exe -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP180\A0142854.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP182\A0144961.exe -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP182\A0149085.DLL -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP182\A0149122.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP183\A0149315.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP185\A0150434.DLL -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP185\A0150435.dll -> Adware.PurityScan : No action taken.
C:\WINDOWS\system32\dkfw.dll -> Adware.PurityScan : No action taken.
C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : No action taken.
[1052] C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : No action taken.
[2108] C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : No action taken.
[2172] C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : No action taken.
[2224] C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : No action taken.
[3000] C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : No action taken.
[3068] C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : No action taken.
[3276] C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : No action taken.
[3524] C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : No action taken.
[416] C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : No action taken.
[428] C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : No action taken.
[472] C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : No action taken.
[488] C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : No action taken.
[552] C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : No action taken.
[556] C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : No action taken.
[624] C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : No action taken.
[796] C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : No action taken.
[964] C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : No action taken.
[968] C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134974.dll -> Adware.SideFind : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135040.dll -> Adware.Surfside : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135041.exe -> Adware.SurfSide : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0135044.dll -> Adware.Surfside : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP176\A0138472.dll -> Adware.Surfside : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP176\A0138473.dll -> Adware.SurfSide : No action taken.

------- cont --------

 

ewido scan

------cont-----

C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP176\A0138474.exe -> Adware.Surfside : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP179\A0138622.dll -> Adware.Surfside : No action taken.
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : No action taken.
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
HKU\S-1-5-21-400550780-3134616843-1333191943-1005\Software\SurfSideKick3 -> Adware.SurfSide : No action taken.
HKU\S-1-5-21-400550780-3134616843-1333191943-1005\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129804.exe -> Downloader.Adload.bi : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129803.exe -> Downloader.Adload.bj : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136154.exe -> Downloader.Adload.bm : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136137.dll -> Downloader.Agent.agw : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0130946.DLL -> Downloader.Agent.ahv : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136163.exe -> Downloader.PurityScan.bx : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134928.exe -> Downloader.PurityScan.cl : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP182\A0148006.EXE -> Downloader.PurityScan.co : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0134973.exe -> Downloader.Qoologic.at : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136178.dll -> Downloader.Qoologic.bj : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP182\A0148058.exe -> Downloader.Qoologic.bj : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP182\A0148060.EXE -> Downloader.Qoologic.bj : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP182\A0148061.EXE -> Downloader.Qoologic.bj : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP182\A0148062.EXE -> Downloader.Qoologic.bj : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP182\A0148063.DLL -> Downloader.Qoologic.bj : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136147.exe -> Downloader.Small.buy : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136153.exe -> Downloader.Swizzor.c : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129809.exe -> Downloader.VB.abj : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136148.exe -> Downloader.VB.abj : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP170\A0129747.exe -> Downloader.VB.vz : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129808.exe -> Downloader.VB.yn : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129807.exe -> Downloader.VB.ys : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136155.exe -> Dropper.Agent.mf : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136146.exe -> Dropper.Small.qn : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136159.exe -> Dropper.Small.qn : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136160.exe -> Dropper.VB.mz : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129812.exe -> Hijacker.VB.li : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP171\A0129801.exe -> Hijacker.VB.ly : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136149.exe -> Hijacker.VB.ly : No action taken.
C:\Documents and Settings\Lee Heather Parkes\Local Settings\Temporary Internet Files\Content.IE5\KJZJQC11\WinAntiVirusPro2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136158.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : No action taken.
C:\Documents and Settings\Lee Heather Parkes\Cookies\lee heather parkes@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Lee Heather Parkes\Cookies\lee heather parkes@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Lee Heather Parkes\Cookies\lee heather parkes@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Lee Heather Parkes\Cookies\lee heather parkes@install.bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : No action taken.
C:\Documents and Settings\Lee Heather Parkes\Cookies\lee heather parkes@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Lee Heather Parkes\Cookies\lee heather parkes@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Lee Heather Parkes\Cookies\lee heather parkes@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Lee Heather Parkes\Cookies\lee heather parkes@kmpads[2].txt -> TrackingCookie.Kmpads : No action taken.
C:\Documents and Settings\Lee Heather Parkes\Cookies\lee heather parkes@overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Lee Heather Parkes\Cookies\lee heather parkes@qksrv[1].txt -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\Lee Heather Parkes\Cookies\lee heather parkes@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Lee Heather Parkes\Cookies\lee heather parkes@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Lee Heather Parkes\Cookies\lee heather parkes@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Lee Heather Parkes\Cookies\lee heather parkes@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Lee Heather Parkes\Cookies\lee heather parkes@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\thiselt.exe -> Trojan.Popuper : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136151.exe -> Trojan.Qoologic : No action taken.
C:\System Volume Information\_restore{22BCCCE7-6D10-40D3-9E48-F34701ACAB8F}\RP174\A0136156.exe -> Trojan.Scapur.k : No action taken.


::Report end

i will wait until you have replied until i do ask you asked in the previoius thread

thanks

rob

 

OK, based on the Ewido results, it appears as tho you did not let it remove or clean anything.

We need to allow the tool to remove what it finds. When prompted to decide which action, please select 'Remove'.

So, run it again, be sure to check for updates (there were 4 today!), let it remove everything it finds, post back the Ewido log, once again....sorry, and also give me a new HJT log file, after fixing as instructed above, thanks.