extremely slow with many pop ups

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net/en/download/updates/ to update manually.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Now open Ewido and do a scan on your system.

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with Ewido it is finding cases of false positives.
o You will need to step through the process of cleaning files one-by-one.
o If Ewido detects a file you KNOW to be legitimate, select none as the action.
o Do NOT select 'Perform action on all infections'
o If you are unsure of any entry found, select none for now as the action.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local.,
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\system32\qlink32.dll
O3 - Toolbar: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\SYSTEM32\communicator.dll
O4 - HKLM\..\Run: [System Kernal Support] system.exe
O4 - HKLM\..\Run: [Installer] C:\dial.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0614NetInstaller.exe"
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\system32\PSof1.exe
O4 - HKLM\..\Run: [ZStart] C:\windows\system32\owdxregs.exe DO0605
O4 - HKLM\..\Run: [SysStart] C:\WINDOWS\system32\qsysyu2d.exe DO0605
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\l44xls.exe reg_run
O4 - HKLM\..\Run: [6tef6011] C:\WINDOWS\system32\6tef6011.exe
O4 - HKLM\..\Run: [stb] C:\WINDOWS\system32\stb.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Pldgul] C:\Program Files\Dppsap\Rqxkjow.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [System Kernal Support] system.exe
O4 - HKCU\..\Run: [System Kernal Support] system.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\qsysyu2d.exe
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.c...c2c1002_sp2.cab
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0008.exe
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - (no file)
O20 - AppInit_DLLs: repairs.dll

Uninstall SurfSideKick 3 via the Add/Remove panel if listed. Also uninstall winupdates and SurfAccuracy if they are found.

Locate and delete the following:

C:\WINDOWS\system32\qlink32.dll
C:\WINDOWS\SYSTEM32\communicator.dll
system.exe
C:\dial.exe
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0614NetInstaller.exe
C:\WINDOWS\system32\PSof1.exe
C:\windows\system32\owdxregs.exe
C:\WINDOWS\system32\qsysyu2d.exe
C:\WINDOWS\system32\l44xls.exe
C:\WINDOWS\system32\6tef6011.exe
C:\WINDOWS\system32\stb.exe
C:\Program Files\winupdates\
C:\Program Files\SurfAccuracy\
C:\Program Files\Dppsap\
system.exe
C:\Program Files\SurfSideKick 3\
repairs.dll

Restart your computer. Post the logs for HijackThis and Ewido.

hijack this and Ewido results

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:01:55 PM, 9/19/2005
+ Report-Checksum: 2A2EF9B0

+ Scan result:

[256] C:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[304] C:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[316] C:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[472] C:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[520] C:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[580] C:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[860] C:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\1Click DVD Copy 4.1.1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\Acoustica Mixcraft 1.10.18.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\Acronis Drive Cleanser 6.0.412.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\Advanced CD Ripper Pro 2.58.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\Advanced MP3 Converter 2.43.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\All Sound Recorder XP 2.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\Amor SWF to Video Converter 1.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\Bat! 3.60.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\Cakewalk SONAR 4.0.2 Producer.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\CleanCenter 1.34.89.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\Cute FTP Pro 7.1.06.07.2005.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\DivXToDVD 2 1.99.14.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\Driver Genius Professional Edition 2005 4.0.845.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\DVD X Player Professional 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\DVD-Cloner II 2.60.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\EasyRecovery Professional 6.10.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\FairStars Audio Converter 1.51.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\Foto Balloon 2.0.5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\Genie Backup Manager Pro 6.0.27.1679.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\Hardware Sensors Monitor Pro 4.2.2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\Internet Download Accelerator 4.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\KeePass 1.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\PC Auto Shutdown 1.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\PSPWare 2.1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\Registry Cleaner 32 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\Rihanna - Music Of The Sun (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\Shareaza 2.2.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\Smart Sound Recorder 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\SmartFTP 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\SuperVideoCap 4.19.390.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\TechSmith Camtasia Studio 2.1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\Treasure Vault 3D Screensaver 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\UltraEdit-32 11.00a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\VA - Dream Dance Vol. 35.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\VCOM Fix-It Utilities Professional 6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\VideoInspector 1.7.0.88.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\WebWatchBot 3.09.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Complete\WinAmp 5.08e.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Gard Jim\Desktop\DAP + 7.4 ( Download Accelerator Plus 7.4 ) + Crack\dap74.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Gard Jim\Desktop\DAP + 7.4 ( Download Accelerator Plus 7.4 ) + Crack\dap74.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Gard Jim\Desktop\New Folder (4)\backups\backup-20050318-140921-276.dll -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Gard Jim\Desktop\stuff\DAP + 7.4 ( Download Accelerator Plus 7.4 ) + Crack.zip/dap74.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Gard Jim\Desktop\stuff\DAP + 7.4 ( Download Accelerator Plus 7.4 ) + Crack.zip/dap74.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\I386\loclspl.dll -> Adware.BetterInternet : Cleaned with backup
C:\My Shared Folder\1Click DVD Copy 4.1.1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\Acoustica Mixcraft 1.10.18.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\Acronis Drive Cleanser 6.0.412.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\Advanced CD Ripper Pro 2.58.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\Advanced MP3 Converter 2.43.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\All Sound Recorder XP 2.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\Amor SWF to Video Converter 1.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\Bat! 3.60.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\Cakewalk SONAR 4.0.2 Producer.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\CleanCenter 1.34.89.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\Cute FTP Pro 7.1.06.07.2005.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\DivXToDVD 2 1.99.14.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\Driver Genius Professional Edition 2005 4.0.845.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\DVD X Player Professional 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\DVD-Cloner II 2.60.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\EasyRecovery Professional 6.10.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\FairStars Audio Converter 1.51.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\Foto Balloon 2.0.5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\Genie Backup Manager Pro 6.0.27.1679.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\Hardware Sensors Monitor Pro 4.2.2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\ImTOO PSP Music Suite v2.1.50.705b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\Internet Download Accelerator 4.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\KeePass 1.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\PC Auto Shutdown 1.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\PSPWare 2.1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\Registry Cleaner 32 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\Rihanna - Music Of The Sun (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\Shareaza 2.2.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\Smart Sound Recorder 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\SmartFTP 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\SuperVideoCap 4.19.390.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\TechSmith Camtasia Studio 2.1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\Treasure Vault 3D Screensaver 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\UltraEdit-32 11.00a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\VA - Dream Dance Vol. 35.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\VCOM Fix-It Utilities Professional 6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\VideoInspector 1.7.0.88.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\WebWatchBot 3.09.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Shared Folder\WinAmp 5.08e.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Dppsap\Rqxkjow.exe -> Trojan.Small.cy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\B7EB4ECD-1063-485F-843A-FA7F9C.asq -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\0F5B6DC0-E197-4CAA-8C3B-9E53D5\EE5F61D3-D72C-4407-B38C-DBEF74 -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2A91A5E6-F260-451F-A56F-64B8F2\5CBEAC88-8770-46E1-8B6C-EEC7FC -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2A91A5E6-F260-451F-A56F-64B8F2\816F6854-523A-4939-9007-6EAC76 -> Spyware.DelphinMediaViewer : Cleaned with backup
C:\Program Files\Norton AntiVirus\Savrt(2)\0114NAV~.TMP -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\Program Files\Norton AntiVirus\Savrt(2)\0180NAV~.TMP -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\Program Files\SurfSideKick 3\Ssk.exe -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskBho.dll -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskCore.dll -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\winupdates\a.tmp -> Worm.VB.an : Cleaned with backup
C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\WINDOWS\invitessk.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\SYSTEM32\8med84pf.dll -> Adware.Saha : Cleaned with backup
C:\WINDOWS\SYSTEM32\adtgufs8.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\SYSTEM32\brrxbdm.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\SYSTEM32\f0m91i2s.dat -> Trojan.Smitfraud : Cleaned with backup
C:\WINDOWS\SYSTEM32\joorj.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\SYSTEM32\kik7kf99.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\SYSTEM32\kr1agga0.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\SYSTEM32\m1tu9hho.dll -> Adware.Saha : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsvsvc\nsvs.dll -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsvsvc\nsvsvc.exe -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\SYSTEM32\o7lapiad.dll -> Adware.Saha : Cleaned with backup
C:\WINDOWS\SYSTEM32\owdxregs.exe -> Trojan.Zx.12 : Cleaned with backup
C:\WINDOWS\SYSTEM32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\skkfsfs.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup


::Report End

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 6:37:30 PM, on 9/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Ulead Quick-Drop] C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator\Ulead Quick-Drop 1.0\Quick-Drop.exe WINDOWCALL
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124425863\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKLM\..\RunOnce: [GIANTAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Zstart.lnk = C:\Documents and Settings\Gard Jim\Local Settings\Temp\zxinst12.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - http://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O20 - AppInit_DLLs: repairs.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


End of KRC HijackThis Analyzer Log.
====================================================================

Hello gardjim,

Please print out or copy this page to Notepad since you will not have any of browsers open while you are fixing this. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. Again, you should not have any open browsers when you are following the procedures below.

Please disable Microsoft AntiSpyware, it may be interfering with these fixes:

Microsoft AntiSpyware
*Click on Options>Settings.
*In the left pane, click on Real-time Protection.
*Under Startup Options, Deselect Enable the Microsoft AntiSpyware Security Agents on startup.
*Under Real-time spyware threat protection, Deselect Enable real-time spyware threat protection.
*After you've done these, click on the Save button and close Microsoft AntiSpyware.
*Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

SurfSideKick 3

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zstart.lnk = C:\Documents and Settings\Gard Jim\Local Settings\Temp\zxinst12.exe
O20 - AppInit_DLLs: repairs.dll

Delete the following Files and Folders if they still exist.

C:\Program Files\SurfSideKick 3
C:\Program Files\winupdates\winupdates.exe
repairs.dll Search for this file via Start>Search and delete if found
Run CleanUp again:
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
-Empty Recycle Bins
-Temporary Internet Files
-Delete Cookies
-Delete Prefetch files
-[X]Scan local drives for temporary files (Please uncheck this option)
-Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Reboot back into Safe Mode.

Run Ewido again and post the results here along with a new HijackThis log