MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Ezula and SurfSidekick3
November 19, 2019, 09:11:41 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 19, 2019, 09:11:41 PM

Login with username, password and session length
 Featured Sites:
News
New  Check out our improved Download section for tons of software....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Ezula and SurfSidekick3  (Read 999 times)
sorgje
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 4


Bookmark and Share

View Profile
« on: October 07, 2005, 08:22:32 PM »

My computer (running Windows XP) will inadvertantly restart for no reason, and I have lots of pop-ups. I have noticed files such as "ezula" and "surfsidekick3." Any help would be greatly appreciated.

Here are logs from Ewido, HijackThis, and WinPFind:
+ Created on:         3:41:34 PM, 10/7/2005
 + Report-Checksum:      BB028521

 + Scan result:

   HKLM\SOFTWARE\Classes\CLSID\\ -> Spyware.AproposMedia : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{AF8B3C81-CD19-45FB-B6BE-160D27711DE8}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost.1 -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost.1\CLSID\\ -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\eZulaAgent.IEObject.1 -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\eZulaAgent.IEObject.1\CLSID\\ -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt.1 -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt.1\CLSID\\ -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl.1 -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl.1\CLSID\\ -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaCode.1 -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaCode.1\CLSID\\ -> Spyware.TopText : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaHash.1 -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaHash.1\CLSID\\ -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch.1 -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch.1\CLSID\\ -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay.1 -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay.1\CLSID\\ -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaFSearchEng.ResultHelper.1 -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaFSearchEng.ResultHelper.1\CLSID\\ -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaFSearchEng.SearchHelper.1 -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaFSearchEng.SearchHelper.1\CLSID\\ -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe.1 -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe.1\CLSID\\ -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaMain.TrayIConM.1 -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\EZulaMain.TrayIConM.1\CLSID\\ -> Spyware.eZula : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{6F59D850-A155-4930-98AE-689A2BC7B8E8}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
   HKLM\SOFTWARE\Classes\VCCPGDATAACCESS.PgDataAccessCtrl.1 -> Spyware.Delfin : Cleaned with backup
   HKLM\SOFTWARE\Classes\VCCPGDATAACCESS.PgDataAccessCtrl.1\CLSID\\ -> Spyware.Delfin : Cleaned with backup
   HKLM\SOFTWARE\Classes\YSBactivex.Installer.1 -> Spyware.YourSiteBar : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}\\CLSID -> Spyware.VX2 : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdToolsX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdToolsX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Spyware.InternetOptimizer : Cleaned with backup
   HKU\S-1-5-21-2052111302-1060284298-1604941331-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{339BB23F-A864-48C0-A59F-29EA915965EC} -> Spyware.HuntBar : Cleaned with backup
   HKU\S-1-5-21-2052111302-1060284298-1604941331-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\\ -> Spyware.AproposMedia : Cleaned with backup
   HKU\S-1-5-21-2052111302-1060284298-1604941331-1004\Software\Classes\CLSID\\ -> Spyware.AproposMedia : Cleaned with backup
   HKU\S-1-5-21-2052111302-1060284298-1604941331-1004_Classes\CLSID\\ -> Spyware.AproposMedia : Error during cleaning
   C:\Documents and Settings\All Users\Start Menu\Programs\Startup\npkt.exe -> Trojan.Pakes : Cleaned with backup
   C:\Program Files\Common Files\services.exe -> Spyware.Maxifiles : Cleaned with backup
   C:\Program Files\Common Files\system32.dll/gui.exe -> TrojanDownloader.Agent.rv : Error during cleaning
   C:\Program Files\Common Files\Windows\services32.exe -> Spyware.Maxifiles : Cleaned with backup
   C:\WINDOWS\etb\nt_hide73.dll -> Trojan.EliteBar.d : Cleaned with backup
   C:\WINDOWS\system32\adcomplusanalytic.exe -> TrojanDropper.Agent.hl : Cleaned with backup
   C:\WINDOWS\system32\aklbpi\njpgf.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
   C:\WINDOWS\system32\app2bundle.exe -> TrojanDropper.Agent.hl : Cleaned with backup
   C:\WINDOWS\system32\arpudg.exe -> Trojan.Pakes : Cleaned with backup
   C:\WINDOWS\system32\brnodxm.exe -> Trojan.Pakes : Cleaned with backup
   C:\WINDOWS\system32\itrolxo.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
   C:\WINDOWS\system32\qool3.exe -> TrojanDropper.Agent.hl : Cleaned with backup
   C:\WINDOWS\system32\sav2.exe -> TrojanDownloader.Agent.vp : Cleaned with backup
   C:\WINDOWS\system32\ungoitn\moyhs.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
   C:\WINDOWS\system32\vgactl.cpl -> TrojanDownloader.Qoologic.ad : Cleaned with backup
   C:\WINDOWS\system32\wuauclt.dll -> TrojanDownloader.Small : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 3:06:14 PM, on 10/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>;localhost
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: (no name) - {5F04AE8F-6895-EB7A-F4CC-26CF50B9BA4D} - C:\WINDOWS\System32\xojfacic\ukhhynjo.dll
O2 - BHO: AdCom - {D7950AB4-67F5-458e-A37D-9F2DE7F250AC} - C:\WINDOWS\System32\AdCom.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [adcomplusanalytic.exe] C:\WINDOWS\System32\adcomplusanalytic.exe
O4 - HKLM\..\Run: [mc-58-12-] C:\WINDOWS\System32\mc-58-12-
O4 - HKLM\..\Run: [moyhs] C:\WINDOWS\System32\ungoitn\moyhs.exe
O4 - HKLM\..\Run: [ftivpwkr] C:\WINDOWS\System32\eekat\ftivpwkr.exe
O4 - HKLM\..\Run: [xmwnxp] C:\WINDOWS\System32\uqnvy\xmwnxp.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\arpudg.exe reg_run
O4 - HKLM\..\Run: [ktxdui] C:\WINDOWS\System32\bysxroy\ktxdui.exe
O4 - HKLM\..\Run: [rbwrtpko] C:\WINDOWS\System32\rflgrgi\rbwrtpko.exe
O4 - HKLM\..\Run: [cmjvdagh] C:\WINDOWS\System32\fudoro\cmjvdagh.exe
O4 - HKLM\..\Run: [cwoyrtl] C:\WINDOWS\System32\ruxh\cwoyrtl.exe
O4 - HKLM\..\Run: [njpgf] C:\WINDOWS\System32\aklbpi\njpgf.exe
O4 - HKLM\..\Run: [qgksqvdr] C:\WINDOWS\System32\hbfbm\qgksqvdr.exe
O4 - HKLM\..\Run: [jafxovd] C:\WINDOWS\System32\mvnvdxiu\jafxovd.exe
O4 - HKLM\..\Run: [pmaklmcp] C:\WINDOWS\System32\tccei\pmaklmcp.exe
O4 - HKLM\..\Run: [ovwfcdu] C:\WINDOWS\System32\tewxyvp\ovwfcdu.exe
O4 - HKLM\..\Run: [twto] C:\WINDOWS\System32\worw\twto.exe
O4 - HKLM\..\Run: [oieh] C:\WINDOWS\System32\ngjvjxvr\oieh.exe
O4 - HKLM\..\Run: [shnin] C:\DOCUME~1\LAURAD~1\LOCALS~1\Temp\lemelmk.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: npkt.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.corddigitalhighway.com/upload/FujifilmUploadClient.cab
O20 - AppInit_DLLs: repairs302972946.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9uYXRoYW4gU29yZwAA\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ftivpwkreekat - Unknown owner - C:\WINDOWS\System32\eekat\ftivpwkr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: oiehngjvjxvr - Unknown owner - C:\WINDOWS\System32\ngjvjxvr\oieh.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Logged

 
sUBs
Global Moderator
Hero Member
*****

Karma: +0/-0
Offline Offline

Posts: 278


Bookmark and Share

View Profile
« Reply #1 on: October 07, 2005, 10:59:34 PM »

http://www.mytechsupport.ca/index.php?option=com_smf&Itemid=42&topic=9727
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page August 08, 2017, 01:54:22 PM