(sorry if this is long but im trying to provide as much information as i can)
Lately, folders have been randomly created on my computer. It freezes all the time and closes down a lot of the programs i use. Sometimes i cant open simple programs because this virus is messing with my dlls. Its frustrating and taking up lots of ram.
These problems are being caused by trojans like:
downloader.small.cwv
downloader.delf.amb
trojan.pakes
trojan.dailer.pz
and a bunch of other randomly appearing ones. i keep getting processes like win4d.tmp.exe, win6AF.tmp.exe, h91746.exe, 9994ce1f.exe, g1962906.dll, or anything that begins with win and ends with .tmp.exe.
I'll terminate them, but theyd always open right back up 5 or 10 minutes later.
The program regsvr32.exe seems to play a role in this too, because its always in the processes now around the times everything starts getting messed up, and im pretty sure that it never use to be there before.
Ive used various programs like ewido, ad-aware, spybotSD, spywareblaster, and vundofix. Ive also read and tried various other things based on other peoples similar problems.
I do a full system scan and delete (or quarantine) anything found.
Then ill reboot, and everything will be ok at first. but then it starts again. everything ive deleted appears again. Like just now, i recieved another alert from ewido about the various malware.
So then ill go to the location of the malware (usually the temp or windows folder) and delete everything that was created the day the malware was downloaded. Again, minutes later they reappear, but this time, when i go into the folders to delete them, or scan for them, i wont see them there. but they ARE there. i tried to see if they were hidden but they werent. Im totally confused as to why ewido keeps saying theyre there.
Im guessing theres a couple of hidden programs in the systems folder that keeps executing once one of the components are deleted, and reinstalling everything all over again. I just cant find it.
I GIVE UP!
OK ok so heres what the hijackthislog has come up with.
Logfile of HijackThis v1.99.1
Scan saved at 11:05:55 AM, on 7/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\T3mp0r4ry Biy00tch\My Documents\pitchforkmedia\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - C:\WINDOWS\system32\compstuic.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsek.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8952B01F-0BBC-41C7-9D20-ECA180A231B9} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.35mb.c...et/applet_l.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.6.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O20 - AppInit_DLLs: notepad.dll C:\WINDOWS\system32\notepad.dll
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g12870062.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ssqrq - C:\WINDOWS\system32\ssqrq.dll (file missing)
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: winhab32 - C:\WINDOWS\SYSTEM32\winhab32.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Im hoping you guys will be able to help me.
thanks in advance!
-Paola
Sign In
Create Account
