Malware Nightmare

Could someone please help me. I have malware on my pc and all i've been doing for a week is deleteing malware files which return. I've done your Required steps before posting your log. I hope you can help thanks nalby

Logfile of HijackThis v1.99.1
Scan saved at 5:26:52 PM, on 4/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lryfteks\advjsklv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\dorvuq\occjgrjf.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\picsvr\picsvr.exe
C:\WINDOWS\system32\tmrwb\shunxati.exe
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
C:\WINDOWS\system32\dlsx\fviba.exe
C:\WINDOWS\system32\janbk\ovrhfq.exe
C:\WINDOWS\system32\xjqsp\ljgfei.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\tcvvo\eehj.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\bhay.exe
C:\WINDOWS\system\xlxgfjo.exe
C:\Program Files\Naviscope\naviscope.exe
C:\Program Files\Outlook Express\msimn.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\hgdtlvi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jim\Desktop\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:81
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: FlashEnhancer Extender - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - blank (file missing)
O2 - BHO: (no name) - {3AFC7AC1-BE39-2E77-967C-23D13A39D0F3} - C:\WINDOWS\system32\nbfbfgqf\taegdjql.dll
O2 - BHO: (no name) - {51753D79-D432-BED8-DC53-4B509CABD22B} - C:\WINDOWS\system32\gxaqxvaq\ruhsrnth.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D4E79D32-A2D1-A6CA-F283-13F7BA8E3445} - C:\WINDOWS\system32\xgsgispj\hjrychbu.dll
O2 - BHO: (no name) - {D4EB5E74-D782-BD1A-C70B-8D2636C0D93C} - C:\WINDOWS\system32\qviwfpsl\tcnehwyx.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [pncse] C:\WINDOWS\system32\knlx\pncse.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [lbdpmf] C:\WINDOWS\system32\bmif\lbdpmf.exe
O4 - HKLM\..\Run: [shunxati] C:\WINDOWS\system32\tmrwb\shunxati.exe
O4 - HKLM\..\Run: [fviba] C:\WINDOWS\system32\dlsx\fviba.exe
O4 - HKLM\..\Run: [ljgfei] C:\WINDOWS\system32\xjqsp\ljgfei.exe
O4 - HKLM\..\Run: [occjgrjf] C:\WINDOWS\system32\dorvuq\occjgrjf.exe
O4 - HKLM\..\Run: [ovrhfq] C:\WINDOWS\system32\janbk\ovrhfq.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitetcd32.exe
O4 - HKLM\..\Run: [advjsklv] C:\WINDOWS\system32\lryfteks\advjsklv.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [srrt] C:\WINDOWS\system32\ejylt\srrt.exe
O4 - HKLM\..\Run: [eehj] C:\WINDOWS\system32\tcvvo\eehj.exe
O4 - HKLM\..\Run: [diptid] C:\WINDOWS\system32\ggvffld\diptid.exe
O4 - HKLM\..\Run: [AtxBrw] C:\WINDOWS\IEXPLOR.exe
O4 - HKLM\..\Run: [skyhn] C:\DOCUME~1\Jim\LOCALS~1\Temp\bhay.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\oact.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [b0ttRRa2j] ieporee.exe
O4 - HKCU\..\RunOnce: [Web Offer] C:\DOCUME~1\Jim\LOCALS~1\Temp\qfwluwi.exe
O4 - Startup: naviscope.lnk = C:\Program Files\Naviscope\naviscope.exe
O4 - Startup: Registration Brothers In Arms.LNK = G:\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1103489123795
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia...ll/pcs_0002.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: agwmyoblwmwi - Unknown owner - C:\WINDOWS\system32\wmwi\agwmyobl.exe (file missing)
O23 - Service: allaaaftrqqat - Unknown owner - C:\WINDOWS\system32\aftrqqat\allaa.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: cgpvikrobhbald - Unknown owner - C:\WINDOWS\system32\bhbald\cgpvikro.exe
O23 - Service: diptidggvffld - Unknown owner - C:\WINDOWS\system32\ggvffld\diptid.exe
O23 - Service: erunrxdvghrcjmi - Unknown owner - C:\WINDOWS\system32\vghrcjmi\erunrxd.exe
O23 - Service: hpnitujr - Unknown owner - C:\WINDOWS\system32\tujr\hpni.exe
O23 - Service: iawodohumixkx - Unknown owner - C:\WINDOWS\system32\umixkx\iawodoh.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: occjgrjfdorvuq - Unknown owner - C:\WINDOWS\system32\dorvuq\occjgrjf.exe
O23 - Service: ovqvofmfyvydvd - Unknown owner - C:\WINDOWS\system32\yvydvd\ovqvofmf.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: qwgagqlpdk - Unknown owner - C:\WINDOWS\system32\lpdk\qwgagq.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: srrtejylt - Unknown owner - C:\WINDOWS\system32\ejylt\srrt.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: wsfqvupuxtcq - Unknown owner - C:\WINDOWS\system32\upuxtcq\wsfqv.exe

#1
nalby

Posted 01 April 2005 - 04:45 PM

Advertisements

#2
nalby

Posted 02 April 2005 - 07:19 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us