I remember having Seekmo installed on my computer and I "deleted" it over a week ago. The trojan problem however, started on Friday and since then Avast! has detected well over fifty of these darn trojans. I've followed Avast!'s reccomendation but it hasn't helped one bit. I've already read these threads about the same virus but I'm thinking that each infection has a slightly different approach for the removal process. Thus I'll post the usual logs. Well Avast! just detected another while I was typing this topic up, that's two since I've turned on this computer less than 30 minutes ago! Now what do I do?
Hi MaelH Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files. You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys. The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter". The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode. A textfile will appear after the cleaning process, copy this file and paste it to here. Tha log is saved to your local diskdrive, usually C:\rapport.txt. Warning : Running option 2 in a clean computer will delete your desktop wallpaper. Send C:\rapport.txt. Scan hijack and copy the log too your reply
Alright, here we go. -edit- Okay, I also have a question about anti virus programs. I'm a big fan of AdAware and I will always have it installed on my PC. Also, I want a livescan antivirus program. Obviously, Avast!, which came with this PC isn't doing the job well enough. What programs am I better of using? I tried following other advice for removing this virus and I ended up downloading Panda Titanium 2006 (which forced me to uninstall Avast!) and ewido antispyware. What programs should I keep, and which should I delete?
Both is good choices. This Panda Panda Titanium 2006 have better firewall than windows own. Ewido works with Panda too. If you keep Avast, Please download good firewall. These are good (free) firewalls: ZoneAlarm --> http://www.zonelabs.com Kerio--> http://www.sunbelt-software.com/Kerio.cfm Outpost-> http://www.agnitum.com
Thanks guys, I really appreciate the quick help and responses! Now let's hope this doesn't happen again. lol.
you're welcome. I'd believe that Panda keeps you clean better than before. Scan periodlically by Adaware and Ewido.
Hello, I've been having this same problem, and I didn't see the point in starting a completely new thread for a previous problem. I was wondering if anyone was willing to read my rapport.txt result, as well as my hijack this report, and let me know if the infection is gone. Thanks in advance. Rapport>> SmitFraudFix v2.67 Scan done at 21:01:08.34, Tue 07/04/2006 Run from C:\SmitfraudFix\SmitfraudFix OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{7916f057-223f-4612-ac84-e882cbe043d4}"="bals" [HKEY_CLASSES_ROOT\CLSID\{7916f057-223f-4612-ac84-e882cbe043d4}\InProcServer32] @="C:\WINNT\System32\hvcycg.dll" [HKEY_CURRENT_USER\Software\Classes\CLSID\{7916f057-223f-4612-ac84-e882cbe043d4}\InProcServer32] @="C:\WINNT\System32\hvcycg.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri C:\WINNT\System32\hvcycg.dll -> Missing File »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINNT\system32\ld???.tmp Deleted C:\WINNT\system32\ot.ico Deleted C:\WINNT\system32\regperf.exe Deleted C:\WINNT\system32\simpole.tlb Deleted C:\WINNT\system32\stdole3.tlb Deleted C:\WINNT\system32\1024\ Deleted C:\DOCUME~1\ADMINI~1.COW\FAVORI~1\Antivirus Test Online.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End HJT>> Logfile of HijackThis v1.99.1 Scan saved at 9:22:40 PM, on 7/4/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINNT\Explorer.EXE C:\Program Files\Winamp\winampa.exe C:\WINNT\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe C:\WINNT\system32\41741576.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\PopupRemover\PopRController.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun O4 - HKLM\..\Run: [41741576.exe] C:\WINNT\system32\41741576.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [PopupRemoverCtrl] C:\Program Files\PopupRemover\PopRController.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKCU\..\Run: [Audr] "C:\WINNT\APPATC~1\spool32.exe" -vt yax O4 - HKCU\..\Run: [41741576.exe] C:\Documents and Settings\Administrator.COWPUNK\Local Settings\Application Data\41741576.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151990671406 O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe I thinks that's all of HijackThis' report, it gives me some error message if I use the option to create a log, please let me know if I'm clean.. thanks!
Hi CowPunk, Only one antivirus is allowed to run in same time. Shutdown or remove another. (AVG/AVAST) Download and install Ewido Anti-Spyware 4.0 -> http://www.ewido.net/en/download/ -> Open Ewido Anti-Spyware -> Click the Update icon at the top of the window -> Click the Start update button -> Wait for the update to download and install -> Quit the program, we'll use this later. Scan hijack and check: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [41741576.exe] C:\WINNT\system32\41741576.exe O4 - HKCU\..\Run: [Audr] "C:\WINNT\APPATC~1\spool32.exe" -vt yax O4 - HKCU\..\Run: [41741576.exe] C:\Documents and Settings\Administrator.COWPUNK\Local Settings\Application Data\41741576.exe Close all programs and click fix checked. Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml Delete: C:\WINNT\system32\ >>41741576.exe C:\WINNT\APPATC~1\ >>spool32.exe C:\Documents and Settings\Administrator.COWPUNK\Local Settings\Application Data\ >>41741576.exe -> Open Ewido Anti-Spyware -> Click the Scanner icon at the top of the window -> Click the Settings tab then select Recommended Options and choose Quarantine -> Click the Scan tab -> Select Complete System Scan. The scanning begins. -> When the scan has completed: -> If infections were found you'll be prompted about what to do. -> Please make sure that the Set all elements to is set to Quarantine (in downleft corner of the window) -> Then press Apply all actions and answer yes to all if it asks about something -> Click on the Save Scan Report button and save the scan to your Desktop. -> Copy and paste the scan results into your next post-> Copy and paste the scan results into your next post
Yea, i know you're not supposed to run 2 scanners at one time.. I just installed it and tried it before I posted the previous post. Let's just call it desperation. Anyway, I removed AVG, and here's the results from Ewido. --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 10:20:46 PM 7/5/2006 + Scan result: C:\Documents and Settings\Administrator.COWPUNK\Local Settings\Temporary Internet Files\Content.IE5\XPQRABC4\YazzleActiveX[1].cab/YazzleActiveX.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined). C:\Documents and Settings\Administrator.COWPUNK\Local Settings\Temporary Internet Files\Content.IE5\Z9SK345F\anti4[1].exe -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\WINNT\system32\mljkllj.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\Documents and Settings\Administrator.COWPUNK\Local Settings\Temporary Internet Files\Content.IE5\XPQRABC4\SystemDoctor2006FreeInstall[1].cab/USDR6_0001_D09M0706NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined). :mozilla.130:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.131:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.132:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.133:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.134:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.135:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.136:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.137:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.138:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.298:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Administrator.COWPUNK\Cookies\administrator@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Administrator.COWPUNK\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.393:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined). :mozilla.394:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined). :mozilla.395:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined). :mozilla.396:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined). :mozilla.397:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined). :mozilla.38:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). :mozilla.39:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). :mozilla.40:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). :mozilla.41:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). :mozilla.44:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined). :mozilla.379:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined). :mozilla.285:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined). :mozilla.144:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined). :mozilla.145:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined). :mozilla.146:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined). :mozilla.216:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined). :mozilla.184:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined). :mozilla.185:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined). :mozilla.190:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined). :mozilla.32:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). :mozilla.33:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). :mozilla.34:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). :mozilla.35:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). :mozilla.36:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). :mozilla.255:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined). :mozilla.317:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined). :mozilla.319:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined). C:\Documents and Settings\Administrator.COWPUNK\Cookies\administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined). :mozilla.31:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). :mozilla.79:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined). :mozilla.80:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined). :mozilla.81:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined). :mozilla.82:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined). :mozilla.83:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined). :mozilla.84:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined). :mozilla.357:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined). :mozilla.179:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.180:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.181:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.223:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.257:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.337:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.378:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.212:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined). :mozilla.280:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined). :mozilla.281:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined). :mozilla.282:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined). :mozilla.283:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined). :mozilla.128:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined). :mozilla.288:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined). :mozilla.289:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined). :mozilla.222:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined). :mozilla.325:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined). :mozilla.237:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined). :mozilla.238:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined). :mozilla.239:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined). :mozilla.240:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined). :mozilla.241:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined). :mozilla.235:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined). :mozilla.236:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined). C:\Documents and Settings\Administrator.COWPUNK\Cookies\administrator@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined). :mozilla.345:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.346:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.347:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.348:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.154:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined). :mozilla.155:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined). :mozilla.156:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined). :mozilla.157:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined). :mozilla.158:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined). :mozilla.159:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined). :mozilla.160:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined). :mozilla.161:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined). :mozilla.139:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined). :mozilla.140:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined). :mozilla.141:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined). :mozilla.142:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined). :mozilla.248:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined). :mozilla.205:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.206:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.186:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined). :mozilla.187:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined). :mozilla.188:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined). :mozilla.189:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined). :mozilla.191:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined). :mozilla.327:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined). :mozilla.52:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined). :mozilla.53:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined). :mozilla.54:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined). :mozilla.55:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined). :mozilla.56:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined). :mozilla.57:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined). :mozilla.58:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined). :mozilla.59:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined). :mozilla.352:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined). :mozilla.86:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined). :mozilla.87:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined). :mozilla.88:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined). :mozilla.89:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined). :mozilla.284:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined). :mozilla.211:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined). :mozilla.25:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.26:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.27:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.28:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.29:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). C:\Documents and Settings\Administrator.COWPUNK\Cookies\administrator@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.366:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined). :mozilla.367:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined). :mozilla.368:C:\Documents and Settings\Administrator.COWPUNK\Application Data\Mozilla\Firefox\Profiles\uxxfc74x.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined). ::Report end
here's my new HJT log.. I know the problem isn't solved, as I went to run htj, avast caught another virus. I don't know what's stemmin this, it opens popups in internet explorer, so I know it's not me, I don't even use IE.. I hate IE... But nonetheless.. here's HJT log. Logfile of HijackThis v1.99.1 Scan saved at 12:16:15 PM, on 7/6/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINNT\System32\svchost.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\PopupRemover\PopRController.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\AIM\aim.exe C:\WINNT\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Hijackthis\Fixer.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: PopupRemover Class - {3D2C1DA4-BCD3-4317-9548-2E08BD222FF0} - C:\PROGRA~1\POPUPR~1\POPUPS~1.DLL O2 - BHO: (no name) - {5232ACC8-8A9A-4214-99FF-B7DAE99F624C} - C:\WINNT\System32\ddcca.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [PopupRemoverCtrl] C:\Program Files\PopupRemover\PopRController.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151990671406 O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: ddcca - C:\WINNT\System32\ddcca.dll O20 - Winlogon Notify: winbue32 - C:\WINNT\SYSTEM32\winbue32.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
Yes I guess right Hidden vundo, Download VundoFix.exe to your desktop -> http://www.atribune.org/ccount/click.php?id=4 * Double-click VundoFix.exe to run it. * Put a check next to Run VundoFix as a task. * You will receive a message saying vundofix will close and re-open in a minute or less. Click OK * When VundoFix re-opens, click the Scan for Vundo button. * Once the scan is ready, rightclick list box (white box that lists the found files) and choose Add more files * Copy/Paste the following two lines to the upper field: C:\WINNT\System32\ddcca.dll C:\WINNT\System32\accdd.* Open HijackThis "Open misc tools section " > "Delete file on reboot" Navicate C:\WINNT\SYSTEM32\winbue32.dll Click ok. and let reboot happen. Scan hijack and check: O20 - Winlogon Notify: winbue32 - C:\WINNT\SYSTEM32\winbue32.dll Close all programs exept hijack and click fix checked. Boot comp Post the following logs to here: -> a fresh HijackThis log -> contents of C:\vundofix.txt
So, I downloaded this vundo program, followed your instructions up to the "Vundo will reopen shortly" or whatever screen.. and the program never re-opens.. is that normal?
