I have been getting these popping up through Avast! a full system scan finds nothing, yet they keep popping up. They are trying to download through http://d.mettere.com Here is my HJT log Logfile of HijackThis v1.99.1 Scan saved at 12:16, on 06-10-12 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\AIM\aim.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\HJT\HijackThis.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ixukajn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ixukajn.dll,zjcqpbe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [startkey] C:\WINDOWS\server2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7 O4 - Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AC3DBDA8-91CB-4899-8B17-26076A0721D4}: NameServer = 212.135.1.38 195.40.1.38 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Any help would be greatly appreciated
Hello Gothica, welcome to Afterdawn. Go here to download the trial version of AVG Anti-spyware. Install and update. Do not run a scan yet, will later in safe mode. Go here and download KillBox. Do not run KillBox yet, will later in safe mode. Open HijackThis. Run a scan only and check these(if there): [bold]O4 - HKLM\..\Run: [ixukajn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ixukajn.dll,zjcqpbe O4 - HKLM\..\Run: [startkey] C:\WINDOWS\server2.exe[/bold] Close all windows except HijackThis then click "Fix checked". [bold]Note[/bold]: print these instructions or copy to Notepad and save it, you will be in safe mode and can't access the internet. Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter). Open Killbox.exe. Check "Standard File Kill". In the "Full Path of File to Delete" box, copy and paste each of the following lines below [bold]one at a time[/bold]. Then click the red button with a white X after you enter each file. You will be prompted to confirm, click Yes. [bold]C:\WINDOWS\system32\ixukajn.dll C:\WINDOWS\server2.exe[/bold] Close KillBox. Open AVG AS and click "Scanner". Click "Complete System Scan". When it finishes scanning, set all items to "Quarantine". Click "Apply All Actions". Click "Save Report". Click "Save report as" and save it to the desktop. Restart in normal mode. Post back with the AVG report and a new HijackThis log.
I ran both AVG and Killbox here is the AVG logfile --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 16:24 06-10-13 + Scan result: HKLM\SOFTWARE\Classes\EMediaCodec.Chl -> Adware.Generic : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\EMediaCodec.Chl\CLSID -> Adware.Generic : Cleaned with backup (quarantined). C:\WINDOWS\system32\iifcyab.dll -> Adware.Virtumionde : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4B736C32-C6B2-4A7B-BFFA-2EFC7D537976}\RP297\A0044015.exe -> Hijacker.VB.ph : Cleaned with backup (quarantined). C:\WINDOWS\system32\ategwwqv.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\system32\byybafan.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\system32\evmueduq.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\system32\kkjaotkj.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\Program Files\Cheat Engine\dbk32.sys -> Rootkit.Small : Cleaned with backup (quarantined). :mozilla.207:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.208:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.209:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.210:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.211:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.212:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.159:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.160:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.161:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.221:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.116:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.117:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.118:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.119:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.120:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.188:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.189:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.190:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.191:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.20:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.21:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. C:\Documents and Settings\Chris\Cookies\chris@adtech[1].txt -> TrackingCookie.Adtech : Cleaned. :mozilla.15:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.16:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.17:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.22:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Chris\Cookies\chris@advertising[2].txt -> TrackingCookie.Advertising : Cleaned. :mozilla.80:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Chris\Cookies\chris@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.218:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.138:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.139:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.140:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.141:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.142:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.143:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.144:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.145:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.146:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.200:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.201:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.202:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.213:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned. :mozilla.84:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Chris\Cookies\chris@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.228:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.229:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.230:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.231:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.164:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.165:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.166:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.167:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.168:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. C:\Documents and Settings\Chris\Cookies\chris@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned. :mozilla.279:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned. :mozilla.154:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned. :mozilla.65:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.66:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Chris\Cookies\chris@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.64:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned. :mozilla.243:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned. :mozilla.178:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned. :mozilla.180:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned. :mozilla.273:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.274:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.275:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.276:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Chris\Cookies\chris@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.45:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.46:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.48:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.49:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.52:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.53:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.54:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.56:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.57:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.58:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. C:\Documents and Settings\Chris\Cookies\chris@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.346:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Revenue : Cleaned. :mozilla.352:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.353:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.354:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.355:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.356:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.323:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Spylog : Cleaned. C:\Documents and Settings\Chris\Cookies\chris@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.261:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.262:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.169:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.170:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Documents and Settings\Chris\Cookies\chris@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.320:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Yadro : Cleaned. :mozilla.322:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Yadro : Cleaned. :mozilla.85:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.86:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.87:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.88:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. C:\System Volume Information\_restore{4B736C32-C6B2-4A7B-BFFA-2EFC7D537976}\RP296\A0043997.exe -> Trojan.Agent.vg : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4B736C32-C6B2-4A7B-BFFA-2EFC7D537976}\RP296\A0043998.exe -> Trojan.Agent.vg : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4B736C32-C6B2-4A7B-BFFA-2EFC7D537976}\RP338\A0045102.dll -> Trojan.Agent.vg : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4B736C32-C6B2-4A7B-BFFA-2EFC7D537976}\RP337\A0045090.dll -> Trojan.BHO.g : Cleaned with backup (quarantined). C:\Program Files\Bit Lord 1.1\Downloads\RPG Maker XP.rar/SetupMenu.EXE/fun.exe -> Trojan.Pakes : Cleaned with backup (quarantined). C:\Program Files\Bit Lord 1.1\Downloads\SetupMenu.EXE/fun.exe -> Trojan.Pakes : Cleaned with backup (quarantined). ::Report end Here is the new HJT report Logfile of HijackThis v1.99.1 Scan saved at 16:31, on 06-10-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\AIM\aim.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AC3DBDA8-91CB-4899-8B17-26076A0721D4}: NameServer = 212.135.1.38 195.40.1.38 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Go here and run Kaspersky Online Scanner. Accept the terms. After downloading, click "My Computer" to scan. After scanning, click "Save report as". Rename HijackThis to any name of your choice. Rescan and post the new log along with the Kaspersky log.
