Hi, please run HJT again, and check the following items.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Windows Installer] C:\WINDOWS\system32\ntdll.exe
O4 - HKLM\..\Run: [Windows Spooler] C:\WINDOWS\system32\spoolsv32.exe
O4 - HKLM\..\Run: [Windows DLL Host] C:\WINDOWS\system32\dllhost32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [2Tray.exe] C:\PROGRA~1\IMAGEC~1\2tray.exe
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe
Click Fix Checked
------------------------------------------------------------
Download pocket killbox from http://www.thespykiller.co.uk/files/killbox.exe & put it on the desktop where you can find it easily
Now Start killbox Copy the list of files below to the clipboard by selecting all of them with your mouse (Left click the start of the list and drag the mouse to the bottom of the list) and when they are all selected ( highlighted in blue) right click on any part of the blue area and say copy
In the Killbox, Go to the toolbar press file and select Paste from clipboard. The first file name will appear in the window and if the file exists it will appear in blue under that window then select standard file kill, press the red X button, say yes to the prompt and once the file deleted message comes up then press the red X again and continue to press untill the last file on the list appears in the window & it says deleted.
[i]If it fails to delete one, check Delete on reboot, then reboot and continue.[/b]
File List:
C:\WINDOWS\about.htm
C:\WINDOWS\system32\ntdll.exe
C:\WINDOWS\system32\spoolsv32.exe
C:\WINDOWS\system32\dllhost32.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\PROGRA~1\IMAGEC~1\2tray.exe
C:\WINDOWS\etb\pokapoka79.exe
-----------------------------------------------------
Then please download ewido - www.ewido.net - Install. Update. Scan. Remove anything it finds (save log).
Post a new HJT log, and the ewido log.
tayspen
<Insert title here>
1,622 posts since Jul 2005
Reputation Points: 84
Solved Threads: 99
Ok, we now know that you're infected with the Troj/Podrop-C trojan, which has a possiblity for rootkits.
Due to this, we're gonna try killing it with Adaware, seeing that Ewido hasnt already take it out:
Please do the following: Download, install, update, configure, and run Ad-Aware SE Personal 1.06.Download Ad-Aware SE Personal 1.06:Download Ad-Aware SE Personal .
Save aawsepersonal.exe to a convenient location (eg. the Desktop).
Install Ad-Aware SE PersonalDouble-click on aawsepersonal.exe to install the program.
Follow the default settings for installation.
After the program has finished installing, uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
Update Ad-Aware SE PersonalDouble-click the Ad-Aware SE Personal icon on your Desktop.
Click "Check for updates now" then click "Connect".
It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
Configure Ad-Aware SE PersonalClick on the Gear button at the top of the window.
Click "General" on the left hand side to display the General Settings box.Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:"Automatically save logfile"
"Automatically quarantine objects prior to removal"
"Safe Mode (always request confirmation)"
"Prompt to update outdated definitions" - change to 7 days from the default 14.
Click "Scanning" on the left hand side to display the Scan Settings box.Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:"Scan within archives"
"Select drives & folders to scan" - select your hard drive(s).
"Scan active processes"
"Scan registry"
"Deep-scan registry"
"Scan my IE favorites for banned URLs"
"Scan my Hosts file"
Click "Advanced" on the left hand side to display the Advanced Settings box.Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:"Move deleted files to Recycle Bin"
"Include additional object information"
"Include negligible objects information"
"Include environment information"
Click "Defaults" on the left hand side to display the Default Settings box.Make sure the following items have your preferred settings in them.:"Default homepage"
"Default searchpage"
Click "Tweak" on the left hand side to display the Tweak Settings box.Click the + (plus) sign next to the Log Files section. This will expand the section.
Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:"Include basic Ad-Aware settings in log file"
"Include additional Ad-Aware settings in log file"
"Include reference summary in log file"
"Include alternate data stream details in log file"
Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:"Unload recognized processes & modules during scan"
"Scan registry for all users instead of current user only"
"Obtain command line of scanned processes"
Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:"Always try to unload modules before deletion"
"During removal, unload Explorer and IE if necessary"
"Let Windows remove files in use at next reboot"
"Delete quarantined objects after restoring"
Once you are done with these settings, click "Proceed" to save them.
This will take you back to the main screen.
Run Ad-Aware SE PersonalClick the "Start" button.
Uncheck the "Search for negligible risk entries" entry.
Choose the "Use custom scanning options" scan mode.
Click the "Next" button.
Ad-Aware will begin to scan for malware residing on your computer.
Allow the scan to finish.
Right-click on any entry in the list and click "Select All" to select the whole list.
Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.
After doing this, reboot your computer.
After restarting, post back here with a new log.
Thanks.
'Stein
Lapsed Skeptic
1,941 posts since Jan 2006
Reputation Points: 222
Solved Threads: 106
Arg, that's annoying.
Try running it again in safe mode, and if that doesn't work, we'll do it all manually.
Thanks.
'Stein
Lapsed Skeptic
1,941 posts since Jan 2006
Reputation Points: 222
Solved Threads: 106
Awsome, log's clean.
Are ya still having problems?
'Stein
Lapsed Skeptic
1,941 posts since Jan 2006
Reputation Points: 222
Solved Threads: 106
1 last thing.
Could ya mark the thread as solved?
Thanks again :)
'Stein
Lapsed Skeptic
1,941 posts since Jan 2006
Reputation Points: 222
Solved Threads: 106
