Please Help! Suspected Vundo!!!

[FV2007]

I keep getting new IE windows appear from various websites, Celldorado, leading4.com.

I have tried VundoFix, Virtumondobegone, Avast, SS&D, Ad-Aware.

Nothing has worked!

Here is my latest Hijackthis log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\StormII\stormliv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Documents and Settings\Josh\Desktop\HiJackThis_v2.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - ???????????? - C:\Program Files\StormII\stormliv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 2672 bytes

[punky]

This looks suspicious, do you recognise it?

C:\Program Files\StormII\stormliv.exe

there's a major network of computers with viruses called Storm as well.

[FV2007]

I don't recognise it, what should I do? Delete the file? I am extremely grateful for any help about this. Thank You

[punky]

Boot into safe mode and rename the file.. see if it reappears

[FV2007]

File has gone. Pop ups remain.

[nffc]

www.superantispyware.com

Download, update and run a full scan.

[punky]

Can you do another hijack this log, it might have a slightly different name

[alferret]

http://www.prevx.com/filenames/X7290...RMLIV.EXE.html

[Nanook]

Upload any suspect file at this site to be scanned by several AV progs

http://www.virustotal.com/

[Aragorn]

Quote:

Originally Posted by Gavin

Can you do another hijack this log, it might have a slightly different name

And this time post the entire log - looks like you've only included running processes and services above.
Note - there is an online anlayser here.

[nffc]

Ewwwwww online analysers. Seriously, they can cause a lot of problems with false +ves and ignoring entries which are bad.

Best off posting the log here or on a specialist forum.