I did a google search and found this topic which related to what i'm struggling with
http://www.geekstogo...showtopic=88126
I found it helpful although i couldn't resolve my problem which includes different popups, mostly to do with spyware cleaners like winantivirus pro qwiksearch, adultfriendfinder etc.
I've done the following to no awailt
Run Spybot S&D, Ad Aware, Ewido, Vendofix, Smitfraudfix, Pandi ActiveScan, McCaffee Stinger
My Hijack This log is:
Logfile of HijackThis v1.99.1
Scan saved at 23:03:15, on 30/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Fahad and Athena\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by evesham.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "c:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [artyzib.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\artyzib.dll,zxledad
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [BullGuard 5.0] "C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard, Ltd. - C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe
O23 - Service: BullGuard Main (BGMainSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing)
O23 - Service: BullGuard File Monitoring (BsFileSpy) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing)
O23 - Service: BullGuard Firewall (BsFirewall) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing)
O23 - Service: BullGuard Email Monitoring (BsMailProxy) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
After Running VundoFix
I ran ActiveScan which gave me the following Log
Incident Status Location
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Fahad and Athena\Application Data\Mozilla\Firefox\Profiles\eouugws6.default\cookies.txt[.2o7.net/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Fahad and Athena\Application Data\Mozilla\Firefox\Profiles\eouugws6.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Fahad and Athena\Application Data\Mozilla\Firefox\Profiles\eouugws6.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Fahad and Athena\Application Data\Mozilla\Firefox\Profiles\eouugws6.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Fahad and Athena\Application Data\Mozilla\Firefox\Profiles\eouugws6.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and athena@888[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and [email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and [email protected][2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and athena@adtech[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and [email protected][1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and athena@apmebf[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and athena@atwola[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and [email protected][1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and [email protected][2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and athena@cassava[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and athena@ccbill[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and athena@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and athena@cgi-bin[3].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and athena@cgi-bin[7].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and athena@drivecleaner[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and athena@gostats[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and athena@go[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and [email protected][2].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and athena@linksynergy[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and athena@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and athena@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and athena@realmedia[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and [email protected][2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and athena@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and athena@statcounter[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and [email protected][2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and [email protected][2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and athena@toplist[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and athena@tribalfusion[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and [email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and [email protected][2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and [email protected][1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Fahad and Athena\Cookies\fahad and athena@xmts[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Fahad and Athena\Local Settings\Temp\Temporary Directory 1 for SmitfraudFix[1].zip\SmitfraudFix\Process.exe
Dialer:Dialer.Gen Not disinfected C:\Documents and Settings\Fahad and Athena\Local Settings\Temporary Internet Files\Content.IE5\APY70BAD\srvinx[1].exe
Dialer:Dialer.Gen Not disinfected C:\Documents and Settings\Fahad and Athena\Local Settings\Temporary Internet Files\Content.IE5\G1WL274D\srvrnc[1].exe
Dialer:Dialer.HVO Not disinfected C:\Documents and Settings\Fahad and Athena\Local Settings\Temporary Internet Files\Content.IE5\KPOHYJ0D\srvisg[1].exe
Dialer:Dialer.Gen Not disinfected C:\Documents and Settings\Fahad and Athena\Local Settings\Temporary Internet Files\Content.IE5\Q1G3A1Q5\srvpwm[1].exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Fahad and Athena\Local Settings\Temporary Internet Files\Content.IE5\Q1G3A1Q5\wlzip32[1].exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Fahad and Athena\Local Settings\Temporary Internet Files\Content.IE5\SDCPAXCP\SmitfraudFix[1].zip[SmitfraudFix/Process.exe]
Dialer:Dialer.Gen Not disinfected C:\Documents and Settings\Fahad and Athena\Local Settings\Temporary Internet Files\Content.IE5\XAB9HQK2\srvyla[1].exe
Potentially unwanted tool:Application/Processor Not disinfected C:\SmitfraudFix\Process.exe
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\services.dll.bad
Adware:Adware/SpywareQuake Not disinfected C:\WINDOWS\system32\ishost.exe_tobedeleted
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Any Idea what i should do?
Thanks
Fads