Please help, I'm getting mad

Since a month I am trying to get rid of this malware. Following some of the instructions i found around here and elsewhere, I thought many time I was out, but after some days the beast reappeared. It shuts down my pc with a services.exe error 128. It probably patched bot AVG and EWIDO.

here my last hijack log

Logfile of HijackThis v1.99.1
Scan saved at 10:51:58, on 10/14/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\WINNT\system32\DRIVERS\CDANTSRV.EXE
D:\WINNT\system32\hidserv.exe
D:\Program Files\HP Web JetAdmin\hpwebjetd.exe
D:\PROGRA~1\Iomega\System32\AppServices.exe
D:\WINNT\system32\PGPsdkServ.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\mspmspsv.exe
D:\Program Files\Network Associates\PGP for Windows 2000\PGPservice.exe
D:\WINNT\system32\inetsrv\inetinfo.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Iomega HotBurn\Autolaunch.exe
D:\Program Files\Microsoft Hardware\Keyboard\type32.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
D:\WINNT\system32\internat.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\PROGRA~1\MI3AA1~1\wcescomm.exe
D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe
D:\Program Files\Network Associates\PGP for Windows 2000\PGPtray.exe
D:\Program Files\Fastweb\PrintAndFax\FaxMonitor.exe
D:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://venicexplorer.net/indexfast.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [MNCN USB] D:\WINNT\system32\ShellExt\mncntray.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "D:\Program Files\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [IntelliType] "D:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe D:\WINNT\system32\crazytalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SsAAD.exe] D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Background Monitor.lnk = D:\Program Files\EPSON\StMon\STMS.exe
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = D:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PGPtray.lnk = D:\Program Files\Network Associates\PGP for Windows 2000\PGPtray.exe
O4 - Global Startup: PrintAndFax.lnk = D:\Program Files\Fastweb\PrintAndFax\FaxMonitor.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reall...m/CrazyTalk.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125585823500
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelg...in/cortvrml.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://ww3.atlanteit...plugins/ncs.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O18 - Filter: text/html - {BFE59280-CFF6-473B-AD9C-1D2211BF8643} - D:\Documents and Settings\Umberto Sartory\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat
O20 - Winlogon Notify: ActiveSync - D:\WINNT\SYSTEM32\WcesWlgn.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - D:\WINNT\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: HP Web JetAdmin (HPWebJetAdmin) - Hewlett-Packard - D:\Program Files\HP Web JetAdmin\hpwebjetd.exe
O23 - Service: Iomega App Services - Iomega Corporation - D:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PGPsdkService (PGPsdkServ) - Network Associates Technology, Inc. - D:\WINNT\system32\PGPsdkServ.exe
O23 - Service: PGPService - Networks Associates Technology, Inc. - D:\Program Files\Network Associates\PGP for Windows 2000\PGPservice.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

#1
Umb

Posted 14 October 2006 - 02:56 AM

Advertisements

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us