I have loads of pop ups

charm1 · Mar 24, 2006

I have scaned my computer many times and taken all the steps advised on this site however i still have loads of pop ups and my ie keeps shuting down i have done a hijackthis and here is my log file

Logfile of HijackThis v1.99.1
Scan saved at 16:53:47, on 24/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Alwil Software\Kerio\Avast4\aswUpdSc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Kerio\Avast4\aswUpdCl.exe
C:\WINDOWS\CheckS02.exe
C:\WINDOWS\sys09141339863.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.co.uk/cd_redirects/wanadoohome
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {791CF5A8-210C-2D1B-B8B7-180BBFA0AB99} - (no file)
O2 - BHO: (no name) - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - (no file)
O2 - BHO: Yvakt Class - {B91A8E01-502D-4EF6-B0C4-7139709832ED} - C:\WINDOWS\System32\icda0wpw5.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [6E6C6F7376787374] A5A3A6AAADAFAA.exe
O4 - HKLM\..\Run: [avast! Kerio Update] C:\PROGRA~1\ALWILS~1\Kerio\Avast4\aswUpdCl.exe
O4 - HKLM\..\Run: [ula0U] "C:\WINDOWS\System32\slk8x2peu.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CheckS02.exe
O4 - HKLM\..\Run: [sys09141339863] C:\WINDOWS\sys09141339863.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {D55E80B0-433D-442F-A524-060DEA41DEE0} - C:\WINDOWS\System32\icda0wpw5.dll
O23 - Service: avast! for Kerio - Unknown owner - C:\Program Files\Alwil Software\Kerio\Avast4\aswUpdSc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

hope somebody can help thank you in advance

lozie

TheReturn · Mar 24, 2006

wtf is this "O4 - HKLM\..\Run: [6E6C6F7376787374] A5A3A6AAADAFAA.exe"

here is the trojan
O4 - HKLM\..\Run: [ula0U] "C:\WINDOWS\System32\slk8x2peu.exe"
http://www.greatis.com/appdata/d/s/slk8x2peu.exe_Removal.htm

TheReturn · Mar 24, 2006

try to clean it up to see if pops up are gone.

JaPK · Mar 24, 2006

@TheReturn: There is more that needs to be cleaned than just that one trojan...

@charm1: Hi, you got some infections, follow these cleaning instructions.

Cleaning instructions:

Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download/

Download BFU.zip -> http://www.merijn.org/files/bfu.zip
Unzip it to your desktop.
Run bfu.exe ja click the web button (bluegreen button in the up-rigth corner)

Copy the following line to the Download script-window :
http://metallica.geekstogo.com/alcanshorty.bfu

Press Execute-button.

Run HijackThis and fix these entries (if found): (Do a system scan only, check entries, close all other windows, press Fix checked)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 - BHO: (no name) - {791CF5A8-210C-2D1B-B8B7-180BBFA0AB99} - (no file)
O2 - BHO: (no name) - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - (no file)
O2 - BHO: Yvakt Class - {B91A8E01-502D-4EF6-B0C4-7139709832ED} - C:\WINDOWS\System32\icda0wpw5.dll
O4 - HKLM\..\Run: [6E6C6F7376787374] A5A3A6AAADAFAA.exe
O4 - HKLM\..\Run: [ula0U] "C:\WINDOWS\System32\slk8x2peu.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CheckS02.exe
O4 - HKLM\..\Run: [sys09141339863] C:\WINDOWS\sys09141339863.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O18 - Filter: text/html - {D55E80B0-433D-442F-A524-060DEA41DEE0} - C:\WINDOWS\System32\icda0wpw5.dll

Restart your computer to the safe mode (Press F8 button when computer is starting and choose safe mode)

Make your hidden files visible:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Show hidden files and folders.

Delete these files if found:
C:\WINDOWS\System32\-->icda0wpw5.dll<--
C:\WINDOWS\System32\-->slk8x2peu.exe<--
C:\WINDOWS\-->sys09141339863.exe<--

Use the Windows "search" function (make sure that you search from hidden files and folders and from system folders too)
Search for this and delete if found: A5A3A6AAADAFAA.exe

Empty the Recycle Bin

Make your hidden files invisible again:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Do not show hidden files and folders.

Scan yor computer with Ewido and save the log file.

Restart your computer normally.

Post a fresh HijackThis log and Ewido's log to here so we can see if your computer is now clean.

charm1 · Mar 24, 2006

thank you very very much for your help and the pop ups seem to be gone here is my [bold]hijackthis log[/bold]

Logfile of HijackThis v1.99.1
Scan saved at 20:31:22, on 24/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Alwil Software\Kerio\Avast4\aswUpdSc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Kerio\Avast4\aswUpdCl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.co.uk/cd_redirects/wanadoohome
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast! Kerio Update] C:\PROGRA~1\ALWILS~1\Kerio\Avast4\aswUpdCl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! for Kerio - Unknown owner - C:\Program Files\Alwil Software\Kerio\Avast4\aswUpdSc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

and my [bold] Ewido's log [/bold]

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 20:27:58, 24/03/2006
+ Report-Checksum: 348D9E7C

+ Scan result:

HKU\S-1-5-21-842925246-287218729-1417001333-500\Software\Surfairy -> Adware.Surfairy : Cleaned with backup
C:\Documents and Settings\charmaine\Cookies\charmaine@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\charmaine\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\charmaine\Start Menu\Programs\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll -> Logger.Small.dg : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Logger.Small.dg : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.dll -> Logger.Small.dg : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll -> Logger.Small.dg : Cleaned with backup
C:\Program Files\FCAdvice\FCAdvice.dll -> Adware.CASClient : Cleaned with backup
C:\Program Files\FCAdvice\FCAdvice.exe -> Adware.CASClient : Cleaned with backup
C:\Program Files\WіnSxS\javaw.exe -> Downloader.PurityScan.by : Cleaned with backup
C:\RECYCLER\S-1-5-21-842925246-287218729-1417001333-1004\Dc3.exe -> Downloader.VB.yv : Cleaned with backup
C:\RECYCLER\S-1-5-21-842925246-287218729-1417001333-1004\Dc4.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\RECYCLER\S-1-5-21-842925246-287218729-1417001333-1004\Dc5.dll -> Hijacker.Agent.ac : Cleaned with backup
C:\RECYCLER\S-1-5-21-842925246-287218729-1417001333-1004\Dc6.exe -> Downloader.VB.ri : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP1\A0000216.EXE -> Not-A-Virus.NetTool.Win32.PsKill : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004222.exe -> Dialer.PluginAccess : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004239.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004240.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004241.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004246.exe -> Downloader.VB.yn : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004248.exe -> Hijacker.VB.li : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004250.exe -> Downloader.Adload.aa : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004255.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004256.exe -> Downloader.Small.ckj : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004258.exe -> Downloader.Adload.x : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004272.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004327.exe -> Downloader.Small.coe : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004333.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP16\A0004334.dll -> Logger.Goldun.hp : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP17\A0004363.dll -> Hijacker.Small.jf : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP17\A0004368.exe -> Not-A-Virus.Hoax.Win32.Renos.bw : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP17\A0004370.exe -> Not-A-Virus.Hoax.Win32.Renos.bw : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP17\A0004373.exe -> Logger.Small.dg : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP2\A0000292.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP2\A0000294.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP39\A0004719.dll -> Adware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP40\A0004863.dll -> Adware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP40\A0004911.dll -> Adware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP40\A0004972.exe -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP41\A0004982.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP41\A0004983.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP41\A0004989.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP41\A0004990.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP42\A0006015.dll -> Adware.BookedSpace : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP43\A0008091.exe -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP46\A0008196.dll -> Hijacker.Small.jf : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP46\A0008197.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP46\A0008198.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP46\A0008200.exe -> Hijacker.VB.lv : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP46\A0008201.exe -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP46\A0008207.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{94492F29-478F-4DA4-A1AB-F62C229FFC8D}\RP46\A0008208.exe -> Trojan.VB.aft : Cleaned with backup
C:\WINDOWS\country.exe -> Logger.Goldun.hp : Cleaned with backup
C:\WINDOWS\kl1.exe -> Logger.Small.dg : Cleaned with backup
C:\WINDOWS\ms05986314133.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\oamxkpbk.dll -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\ogyftgni.exe -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\pms111x.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\sms112x.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\system32\barseek.dll -> Proxy.Small.du : Cleaned with backup
C:\WINDOWS\system32\h0j4la1q1d.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lzcx.exe -> Trojan.Runner.h : Cleaned with backup
C:\WINDOWS\system32\NewExplorer.exe -> Trojan.VB.aft : Cleaned with backup
C:\WINDOWS\system32\oins.exe -> Downloader.PurityScan.bt : Cleaned with backup
C:\WINDOWS\system32\ooglfage.dll -> Adware.Agent : Cleaned with backup
C:\WINDOWS\system32\slk8x2peu.exe -> Adware.Suggestor : Cleaned with backup
C:\WINDOWS\system32\zopenssld.sys -> Logger.Goldun.hp : Cleaned with backup
C:\WINDOWS\toolbar.exe -> Downloader.Adload.w : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\win32068631413392006.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\win3207631413398.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\win3208314133986.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\аѕsembly\nοtepad.exe -> Adware.PurityScan : Cleaned with backup

::Report End

JaPK · Mar 24, 2006

Ok good, you seem to be clean now.

But to be sure, download Blacklight to your desktop -> http://www.europe.f-secure.com/exclude/blacklight/blbeta.exe

Run a scan with it and post its log to here (log is created to your desktop, named fsbl********.txt)
Do NOT rename anything yet.

Your windows is outdated!

Go to here and install all important updates -> http://windowsupdate.microsoft.com

You also had a keylogger on your computer so I suggest that you change all your online passwords.

TheReturn · Mar 24, 2006

Cheers

Log in or Sign up

I have loads of pop ups

charm1 Guest

TheReturn Guest

TheReturn Guest

JaPK Regular member

charm1 Guest

JaPK Regular member

TheReturn Guest

Share This Page

Log in or Sign up

I have loads of pop ups

charm1 Guest

TheReturn Guest

TheReturn Guest

JaPK Regular member

charm1 Guest

JaPK Regular member

TheReturn Guest

Share This Page

Useful Searches