1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

WinAntiVIrus Pro 2006

Discussion in 'Windows XP' started by FlipBoi, Jul 26, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. FlipBoi

    FlipBoi Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    66
    hey guys, im new to the forums and i have used search and tried to see if the replies from other ppl with the same problem i had would fix my problem but it didnt. it seems to me that my virus just keeps coming back and these are the steps ive tried. i ran ewido, avg, adaware se, spybot search and destroy and online panda virus check thing. i tried to run VundoKill as a task but it couldnt detect anything. i also ran ccleaner. well here is my hjt logfile and ill also provide ewido log, thanks in advanced guys!

    Logfile of HijackThis v1.99.1

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\atiptaxx.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Anthony Espiritu\Desktop\HijackThis.exe

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146440821384
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146440921348
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    -------------------------------------------------------------------------------------------------------

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 10:35:22 AM, 7/25/2006
    + Report-Checksum: 232CFABD

    + Scan result:

    :mozilla.6:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.7:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
    :mozilla.14:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.38:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.54:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.75:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.76:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.88:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    :mozilla.89:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
    :mozilla.90:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
    :mozilla.95:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
    :mozilla.99:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.101:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.102:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.103:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.105:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.109:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.110:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.111:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
    :mozilla.112:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.113:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.114:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.119:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
    :mozilla.122:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.124:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
    :mozilla.125:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
    :mozilla.131:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.147:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.148:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.149:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.163:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.164:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.165:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.166:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.167:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.168:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.169:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.170:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.171:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.172:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.173:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.174:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.177:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Anthony Espiritu\Cookies\anthony [email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Anthony Espiritu\Cookies\anthony [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Anthony Espiritu\Cookies\anthony [email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Anthony Espiritu\Cookies\anthony [email protected][1].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Anthony Espiritu\Cookies\anthony [email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Anthony Espiritu\Cookies\anthony [email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\Anthony Espiritu\Cookies\anthony [email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\Documents and Settings\Anthony Espiritu\Local Settings\Temp\ICD1.tmp\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup
    C:\Documents and Settings\Anthony Espiritu\Local Settings\Temporary Internet Files\Content.IE5\ODQF456V\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup
    C:\Documents and Settings\Anthony Espiritu\Local Settings\Temporary Internet Files\Content.IE5\SH6JWLYN\WinAntiVirusPro2006ScannerInstall[1].cab/UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
    C:\WINNT\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
    C:\WINNT\system32\wvwur.dll -> Adware.Virtumonde : Cleaned with backup


    ::Report End
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!


    Restart in Safe Mode.
    Click here to see how.


    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders" Click "Apply" then "OK".


    Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Next navigate to the C:\Documents and Settings\Administrator (Repeat for all user names)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files".

    Put a check by "Delete Offline Content" and click OK.


    Empty your recycle bin.

    Reboot and post another log.
     
  3. FlipBoi

    FlipBoi Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    66
    hi, thanks for the reply! This virus is very tricky, it wouldnt show my desktop icons or even the taskbar, it would show for a sec then disappear. so wat i did was i did ctrl+alt+del and went to browse and deleted the contents of the temp folder from there. with this in mind i couldnt go to the control panel to delete temporory internet files or cookies so i went in my cookies folder and deleted them all 1 by 1, lol :eek: well here is my fresh hjt logfile. thanks again in advanced! :D

    Logfile of HijackThis v1.99.1

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\atiptaxx.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Anthony Espiritu\Desktop\HijackThis.exe

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146440821384
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146440921348
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    I think these were the problem:
    C:\Documents and Settings\Anthony Espiritu\Local Settings\Temp\ICD1.tmp\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup
    C:\Documents and Settings\Anthony Espiritu\Local Settings\Temporary Internet Files\Content.IE5\ODQF456V\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup
    C:\Documents and Settings\Anthony Espiritu\Local Settings\Temporary Internet Files\Content.IE5\SH6JWLYN\WinAntiVirusPro2006ScannerInstall[1].cab/UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
    C:\WINNT\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
    C:\WINNT\system32\wvwur.dll -> Adware.Virtumonde : Cleaned with backup


    Let's run the VundoFix to make sure that is gone as it will sometimes hide.
    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will shutdown your computer, click OK.
    • Turn your computer back on.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
     
  5. FlipBoi

    FlipBoi Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    66
    heres the vundofix log and the hjt log, im currently doing an ewido scan and ill post it here when its done, thanks again.

    VundoFix V5.1.5

    Checking Java version...

    Sun Java not detected
    Scan started at 10:12:34 AM 7/26/2006

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...
    --------------------------------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\atiptaxx.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ewido anti-malware\oldewido.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Documents and Settings\Anthony Espiritu\Desktop\HijackThis.exe

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146440821384
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146440921348
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
     
  6. FlipBoi

    FlipBoi Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    66
    here is my ewido, seems like theres still a virus.

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 10:43:28 AM, 7/26/2006
    + Report-Checksum: E660B298

    + Scan result:

    :mozilla.6:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    C:\WINNT\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup
    C:\WINNT\system32\wvwur.dll -> Adware.Virtumonde : Cleaned with backup


    ::Report End
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):



    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log
     
  8. FlipBoi

    FlipBoi Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    66
    i get this error:
    //////////////////////////////////////////
    Avenger Pre-Processor log
    //////////////////////////////////////////

    Error: selected file does not appear to be a valid script.
    Error code: 1813

    --------------------------------------------------------------------------------------------------------

    Here is my hjt log file

    Logfile of HijackThis v1.99.1

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\atiptaxx.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Anthony Espiritu\Desktop\HijackThis.exe

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146440821384
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146440921348
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    OK, they were removed by Ewido.

    Are you having problems now?
     
  10. FlipBoi

    FlipBoi Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    66
    im still having internet lag that i didnt used to have. i guess thats it.
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Disable Ewido and see if that is the cause.

    Open ewido. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. Right-click on ewido in the system tray and uncheck "Start with Windows".
    • Go to Start > Run and type: services.msc
    • Press "OK".
    • In Services, click the "Extended tab" and scroll down the list to find ewido anti-spyware 4.0 guard.
    • When you find the guard service, double-click on it.
    • In the Properties Window > General Tab that opens, click the "Stop" button.
    • From the drop-down menu next to "Startup Type", click on "Manual".
    • Now click "Apply", then "OK" and close the Services window.
     
  12. FlipBoi

    FlipBoi Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    66
    im sorry to say but it still lags. its ok dont worry about it. thanks for the help anyways!
     
  13. FlipBoi

    FlipBoi Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    66
    hey, i ran ewido 1 more time and i got this.

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 8:45:07 PM, 7/26/2006
    + Report-Checksum: 9BECD9B7

    + Scan result:

    :mozilla.6:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\Anthony Espiritu\Application Data\Mozilla\Firefox\Profiles\4ca76rji.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\WINNT\system32\wvwur.dll -> Adware.Virtumonde : Cleaned with backup


    ::Report End
     
  14. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    • Double-click VundoFix.exe to run it.
    • Put a check next to "Run VundoFix as a task."
    • You will receive a message saying vundofix will close and re-open in a minute or less. Click "OK".
    • When VundoFix re-opens, click the "Scan for Vundo" button.
    • Once it's done scanning, click the "Remove Vundo" button.
    • If it says "No infected files were found", right-click the blank listbox (white box) in the main VundoFix window.
    • Select "Add More Files?" from the menu that comes up. This will open a new VundoFix window that says "Paste files into the box below:"
    • In the top/first field, copy and paste: wvwur.dll
    • Click the "Add Files" button.
    • Click the "Close Window" button.
    • Click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click "YES".
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will shutdown your computer, click "OK".
    • Turn your computer back on.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
     
  15. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Open IE, go to Tools, Internet Options, Privacy, Advanced, click in the box "Override automatic cookie handling", First-party Cookies select Prompt, Third-party cookies select Block. When those cookies try to install click block.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/486491

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice