A couple of days ago, my little brother told me that he thought he'd got a Virus from MSN Messenger, and could I check and see if I could get rid of it?

I checked, ahnd found that for some reason the AVG hadn't been running when it was meant to. I've fixed that, and found that I had gogo.exe. I also ran SpyBot, and that fould a plethora of things, including Smitfraud.C-Toolbar888.

After several attempts to get rid of it, I came here to ask for help. Now, I've run the AVG Anti-Spyware program which uncovered 532 threats, including Hupigon and a couple of othgers that were serious threats. While I followed your advice, it seemed to be determined to delete them and also told me, in the report, that it had found absolutely nothing. I've included the report.

I've also run the Super Anti-Spyware, and that prodiced a log that I have saved, and also run HiJackThis.

The problems I've noticed are that an Internet Explorer window will open at random, often to a casino site or other advertising, including one for a site called Amaena (I think). The compuyter has also been slowing RIGHT down, which is standard for an infection. AVG has been popping up and warning me of threats every so often.

Anyway, I'm giving you the logs, and hopefully, you'll be able to help me get rid of whatever nasties that have been crawling about in my machine.

Thanks for your help.

Attached Files

	Report-Scan-20070625-001733.txt (500 Bytes, 2 views)
	SASWLog1.txt (3.6 KB, 2 views)
	HJTLog1.txt (11.8 KB, 1 views)

hello nightfall.....let's get you fixed up.

1. Download the HostsXpert 3.8 - Hosts File Manager.

• Unzip HostsXpert 3.8 - Hosts File Manager to a convenient folder such as C:\HostsXpert
• Click HostsXpert.exe to Run HostsXpert 3.8 - Hosts File Manager from its new home
• Click "Make Hosts Writable?" in the upper right corner (If available).
• Click Restore Microsoft's Hosts file and then click OK.
• Click the X to exit the program.

Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


2. Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

3. Post a new hjt log.

Thanks,

v

OK then,

I've run the three programs. I haven't seen any IE windows jumping up yet (fingers crossed) and here are the requested logs.

I hope that this helps.

Attached Files

	ComboFix-quarantined-files.txt (1.5 KB, 1 views)
	HJTLog2.txt (9.7 KB, 1 views)

looks loads better. Run hjt again, close all windows (including internet), click 'perform system scan only', place a tick next to the following, click 'fix checked', reboot and post a new log:

O2 - BHO: (no name) - {0E14C0B2-B0B8-4D03-A4BB-7C98F90FBAA5} - (no file)
O2 - BHO: (no name) - {674DDFA6-BB3D-427B-961F-E9EEEF293004} - C:\WINDOWS\system32\ddcawuu.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

thanks,
v

OK... done that.

Here you go.

Attached Files

HJTLog3.txt (9.4 KB, 1 views)

looks clean. How's it running?

It's running great; fast and smooth. Now I only have to sort out a couple of little niggles on this machine... fix the firewall (which I discovered yesterday just isn't working) and solve the Mystery of the BlueTooth That Isn't There And Won't Uninstall.