Winfixer prob..

Ok...I did the Read and Run me first.

I ran bitdefender and found this...

:\WINDOWS\SYSTEM32\nnnoo.dll
Infected with: Trojan.Downloader.Small.BPK

C:\WINDOWS\SYSTEM32\nnnoo.dll
Disinfection failed

C:\WINDOWS\SYSTEM32\nnnoo.dll
Deleted


Trend Micro found nothing.
I keep getting the winfixer popups.

I have allready downloaded Vundo fix and extracted the file on to my decktop.
I have not run it yet, I just need to make sure I am doing the right thing

Here is my HJT...

 

Download this trial version of Ewido Security Suite

• Install ewido security suite
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will have a window come up. One of the buttons on the left is to Update. Click the Update button.and then Start the Update. The update will start and a progress bar will show the updates being installed.
• After it completes the update, click the Scanner button

Now exit Ewido. Now print the below instructions or save them locally because I want you do have no browsers opened and also have no connection to the internet (unplug your cable) while doing the below.

Okay, reboot into safe mode and follow the steps below. (If you have any problems at all trying to get into safe mode to complete these steps, just run them in normal boot mode and make sure you tell me when you come back.)

Open up Ewido and do the following:

• Click on Scanner
• Then click Settings
• Under What to Scan? Select Scan every file
• Then click OK
• Click on Complete System Scan and the scan will start.
• Let the program scan the machine

While the scan is in progress you will be prompted to clean files that are infected. Leave the defaults selections (to Remove and backup) and click OK. To save yourself some time, you can select Perform action with all infections and then click OK. With the option to scan every file, a lot of cookies will be removed.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save report
• Save the report to your desktop or anyplace you will be able to find it to upload here.

Reboot into normal mode and reconnect to the internet.

Come back here and post the Ewido Scan Report along with a fresh HJT log.

 

Here is the Ewido scan report done in safe mode and the new HJT log
Thanks

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Microsoft AntiSpyware

Ewido

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\ddcay.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O20 - Winlogon Notify: ddcay - C:\WINDOWS\system32\ddcay.dll

O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Matt\Desktop\CWShredder.exe (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.


Now, please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled

Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

Here is the new HJT log you requested.
Thank you,

 

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.


Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to extract the files
• This will create a VundoFix folder on your desktop.
• After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
• Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
• You will first be presented with a warning.
  It should look like this

• At this point press enter one time.
  
• Next you will see:

• At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\ddcay.dll​

• Press Enter to continue with the fix.
• Next you will see:

• At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\yacdd.*​

• Press Enter to continue with the fix.
• The fix will run then HijackThis will open, if it does not open automatically please open it manually.
• In HiJackThis, please place a check next to the following items and click FIX CHECKED:

O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\ddcay.dll
O20 - Winlogon Notify: ddcay - C:\WINDOWS\system32\ddcay.dll​

• After you have fixed these items, close Hijackthis.
• Press enter to exit the program then manually reboot your computer.

Once your machine reboots please attach a fresh HJT log from normal mode.

 

Here is my new HJT after fixing with VundoFix.

 

Looks like the HJT,attachment never came through I will try again..

 

Another try

 

Ok hope it comes through now

 

Scan with HijackThis and Check the Boxes for the following:

O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\ddcay.dll (file missing)
O20 - Winlogon Notify: ddcay - C:\WINDOWS\system32\ddcay.dll (file missing)

Make sure All Browser Windows are Closed when you Click FIX.

After you complete the above, reboot and attach one last HJT log from normal mode!

 

Here is the lataest HJT Log.
Thanks for all your help....It seems the popups have quit.
Again thank you.

 

Your HJT log is now clean, are you having any further problems?