Driveboy

Hi all:
I am looking for your help.
My computer is being overloaded with popunders, pop ups, flash adware etc. I have purchased spyware doctor but it does not stop any of the actions so far.
I am studying at College at the moment and it is really holding me back every time a pop up or something else appears on my screen, even with my pop up settings set at high.

PLEASE HELP

THANX IN ADVANCE

sidthereal

post a hijack this log
Hijackthis Logs

__________________
he who laughs last
must have a terrible sense of humor :eek:

Driveboy

Logfile of HijackThis v1.99.1
Scan saved at 19:05:20, on 18/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Plaxo\2.7.0.58\PlaxoHelper.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.7.0.58\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [wzzr] C:\PROGRA~1\COMMON~1\wzzr\wzzrm.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} (Easy Upload Tool Combo Control) - http://driveboy.myphotoalbum.com/EasyUploadTool.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\j04o0ah3ed4.dll
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\kt00l7dm1.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

sidthereal

Please download Look2Me-Destroyer.exe to your desktop.

* Close all windows before continuing.
* Double-click Look2Me-Destroyer.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
* When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
* Your computer will then shutdown.
* Turn your computer back on.
* Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.

If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new...b/MSWINSCK.OCX

After doing the above:

1. Please download ewido security suite it is a trial version of the program.
* Install ewido security suite
* When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
* Launch ewido, there should be an icon on your desktop double-click it.
* The program will prompt you to update click the OK button
* The program will now go to the main screen

2. You will need to update ewido to the latest definition files.
* On the left hand side of the main screen click update
* Click on Start

3. The update will start and a progress bar will show the updates being installed.

4. Once the updates are installed do the following:
* Click on scanner
* Click on Complete System Scan and the scan will begin.

5. Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report
* Save the report to your desktop

6. Reboot your machine and post back a new HJT log and the ewido .txt log file you saved by using Add Reply

__________________
he who laughs last
must have a terrible sense of humor :eek:

Driveboy

Hi Sid:
As requested,BTW...Thankyou



Logfile of HijackThis v1.99.1
Scan saved at 19:57:24, on 18/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Plaxo\2.7.0.58\PlaxoHelper.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.7.0.58\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [wzzr] C:\PROGRA~1\COMMON~1\wzzr\wzzrm.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} (Easy Upload Tool Combo Control) - http://driveboy.myphotoalbum.com/EasyUploadTool.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

-------------------------------------------------------------------------


Look2Me-Destroyer V1.0.11

Scanning for infected files.....
Scan started at 18/03/2006 19:48:10

Infected! C:\WINDOWS\system32\j04o0ah3ed4.dll
Infected! C:\WINDOWS\system32\knd101a.dll
Infected! C:\WINDOWS\system32\kt00l7dm1.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012658.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012659.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012660.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012661.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012662.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012663.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012664.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012665.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012666.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012667.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012668.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012669.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012670.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012671.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012696.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012736.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012741.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012750.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012754.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012764.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012771.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012780.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012785.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012799.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012804.dll
Infected! C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP28\A0012828.dll
Infected! C:\WINDOWS\system32\dwsshlex.dll
Infected! C:\WINDOWS\system32\knd101a.dll
Infected! C:\WINDOWS\system32\p6r40g9qe6.dll
Infected! C:\WINDOWS\system32\r86u0ij9e8o.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\knd101a.dll
C:\WINDOWS\system32\knd101a.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012658.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012658.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012659.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012659.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012660.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012660.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012661.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012661.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012662.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012662.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012663.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012663.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012664.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012664.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012665.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012665.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012666.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012666.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012667.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012667.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012668.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012668.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012669.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012669.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012670.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012670.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012671.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012671.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012696.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012696.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012736.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012736.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012741.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012741.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012750.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012750.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012754.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012754.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012764.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012764.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012771.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012771.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012780.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012780.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012785.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012785.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012799.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012799.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012804.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP25\A0012804.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP28\A0012828.dll
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP28\A0012828.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dwsshlex.dll
C:\WINDOWS\system32\dwsshlex.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\knd101a.dll
C:\WINDOWS\system32\knd101a.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\p6r40g9qe6.dll
C:\WINDOWS\system32\p6r40g9qe6.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\r86u0ij9e8o.dll
C:\WINDOWS\system32\r86u0ij9e8o.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Internet Settings
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnceEx
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SMDEn

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{8EA35372-73ED-4055-89E8-1F46A864C022}"
HKCR\Clsid\{8EA35372-73ED-4055-89E8-1F46A864C022}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{EE1AF2F6-0723-46EC-9C1C-EAAB6FFF277B}"
HKCR\Clsid\{EE1AF2F6-0723-46EC-9C1C-EAAB6FFF277B}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{CCC36B2F-4ED2-4DF7-9876-3D9F699B76E8}"
HKCR\Clsid\{CCC36B2F-4ED2-4DF7-9876-3D9F699B76E8}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{14E742E9-6C66-4795-A09A-ECB90B3A445B}"
HKCR\Clsid\{14E742E9-6C66-4795-A09A-ECB90B3A445B}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

sidthereal

1. Please download ewido security suite it is a trial version of the program.
* Install ewido security suite
* When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
* Launch ewido, there should be an icon on your desktop double-click it.
* The program will prompt you to update click the OK button
* The program will now go to the main screen

2. You will need to update ewido to the latest definition files.
* On the left hand side of the main screen click update
* Click on Start

3. The update will start and a progress bar will show the updates being installed.

4. Once the updates are installed do the following:
* Click on scanner
* Click on Complete System Scan and the scan will begin.

5. Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report
* Save the report to your desktop

6. Reboot your machine and post back a new HJT log and the ewido .txt log file you saved by using Add Reply

__________________
he who laughs last
must have a terrible sense of humor :eek:

sidthereal

Also, your supposed to close your Browser window and then run Hijack this.

__________________
he who laughs last
must have a terrible sense of humor :eek: