Basically, it keeps giving me random pop-up ads in IE6...but like I said, I can't seem to get rid of it.
-----------------------------------------------------------------
HijackThis Log
-----------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:58:48 PM, on 6/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\DVICO\FusionHDTV\FusionHdtvTray.exe
C:\Program Files\DVICO\FusionRemote\FusionRc.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Opera 9\Opera.exe
C:\Documents and Settings\Tim\Desktop\HaX0r treatment\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tim\My Documents\HijackThis-1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\gebbxxv.dll (file missing)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\ofjpydhf.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [FusionTrayAgent] C:\Program Files\DVICO\FusionHDTV\FusionHdtvTray.exe
O4 - HKLM\..\Run: [FusionRemote] C:\Program Files\DVICO\FusionRemote\FusionRc.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [irkzazsv.exe] C:\Documents and Settings\All Users\Application Data\irkzazsv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: gebbxxv - gebbxxv.dll (file missing)
O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll (file missing)
O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
-----------------------------------------------------------------
-----------------------------------------------------------------
Activescan Log
-----------------------------------------------------------------
Incident Status Location
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ofjpydhf.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\All Users\Application Data\SecTaskMan\fswduthd.dll.q_804E434_q
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\All Users\Application Data\SecTaskMan\ghfillyh.dll.q_804E434_q
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Tim\Cookies\tim@888[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Tim\Cookies\[email protected][2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Tim\Cookies\tim@ccbill[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Tim\Cookies\tim@tucows[2].txt
Spyware:Spyware/Vundo Not disinfected C:\Documents and Settings\Tim\Desktop\HaX0r treatment\backups\backup-20070531-231533-616.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Tim\Desktop\HaX0r treatment\backups\backup-20070531-231533-887.dll
Dialer:Dialer.KHJ Not disinfected C:\Documents and Settings\Tim\Local Settings\Temp\win20D.tmp.exe
Dialer:Dialer.KHJ Not disinfected C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\0LMB49I7\xc60[1].exe
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\4OY16Q5U\lo1[1]
Dialer:Dialer.KHJ Not disinfected C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\7FP6DJP9\antzom[1].exe
Dialer:Dialer.KHJ Not disinfected C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\8VM3IZAL\antzom[1].exe
Dialer:Dialer.KHJ Not disinfected C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\8VM3IZAL\antzom[2].exe
Dialer:Dialer.KHJ Not disinfected C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\8VM3IZAL\xc60[1].exe
Dialer:Dialer.KHJ Not disinfected C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\ZF0TX0G3\antzom[1].exe
Dialer:Dialer.KHJ Not disinfected C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\ZF0TX0G3\xc60[1].exe
Virus:Malware Generic Disinfected C:\Documents and Settings\Tim\My Documents\My Received Files\XP.zip[WindowsXP Product Key Viewer.exe]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\TimOld\Cookies\[email protected][1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\TimOld\Cookies\tim@ccbill[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\TimOld\Cookies\tim@cgi-bin[5].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\TimOld\Cookies\tim@drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\TimOld\Cookies\tim@errorsafe[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\TimOld\Cookies\tim@go[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\TimOld\Cookies\tim@systemdoctor[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\TimOld\Cookies\[email protected][1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\TimOld\Cookies\[email protected][1].txt
Virus:Malware Generic Disinfected C:\Documents and Settings\TimOld\My Documents\My Received Files\XP.zip[WindowsXP Product Key Viewer.exe]
Hacktool:Exploit/ByteVerify Not disinfected C:\Tim's\Migration\Tim\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-138006ad-41df744b.zip[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Tim's\Migration\Tim\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-138006ad-41df744b.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Tim's\Migration\Tim\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-138006ad-41df744b.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Tim's\Migration\Tim\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-138006ad-41df744b.zip[Beyond.class]
Spyware:Cookie/NewMedia Not disinfected C:\Tim's\Migration\Tim\Cookies\[email protected][1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Tim's\Migration\Tim\Cookies\tim@ccbill[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Tim's\Migration\Tim\Cookies\tim@cgi-bin[5].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Tim's\Migration\Tim\Cookies\tim@drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Tim's\Migration\Tim\Cookies\tim@errorsafe[2].txt
Spyware:Cookie/Go Not disinfected C:\Tim's\Migration\Tim\Cookies\tim@go[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Tim's\Migration\Tim\Cookies\tim@systemdoctor[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Tim's\Migration\Tim\Cookies\[email protected][1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Tim's\Migration\Tim\Cookies\[email protected][1].txt
Virus:Malware Generic Disinfected C:\Tim's\Migration\Tim\My Documents\My Received Files\XP.zip[WindowsXP Product Key Viewer.exe]
Hacktool:HackTool/RockXp4 Not disinfected C:\Tim's\Software\Win XP Code\RockXP\rockxp4.exe
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\byxuvtr.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ddcaxvt.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\efccbcy.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\mljjjkj.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\narrjtsr.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\pmnljki.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\sstqq.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\vktutxbw.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\xxyxxvu.dll.bad
Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\system32\aguacyjf.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\eyxaootd.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wbrindmg.dll
Virus:Trj/Agent.FOB Disinfected C:\WINDOWS\Temp\win151.tmp.exe
Adware:Adware/WUpd Not disinfected E:\BitComet\Downloads\Windows.Xp.Sp2.Keygen.With.Auto.Key.Changer.rar[Windows.Xp.Sp2.Keygen.With.Auto.Key.Changer\windows.xp.sp2.keygen.with.auto.key.changer\Windows.XP.SP2.Keygen\keygen.exe]
Spyware:Spyware/Virtumonde Not disinfected E:\Dump\backups\backup-20070530-181723-504.dll
Spyware:Spyware/Virtumonde Not disinfected E:\Dump\backups\;backup-20070530-181723-794.dll
Spyware:Spyware/Virtumonde Not disinfected E:\Dump\backups\backup-20070530-181836-616.dll
Spyware:Spyware/Virtumonde Not disinfected E:\Dump\backups\backup-20070530-183133-747.dll
Spyware:Spyware/Virtumonde Not disinfected E:\Dump\backups\backup-20070612-170612-972.dll
Spyware:Spyware/Virtumonde Not disinfected E:\Dump\backups\backup-20070612-170717-280.dll
Spyware:Spyware/Virtumonde Not disinfected E:\Dump\backups\backup-20070612-170717-311.dll
Potentially unwanted tool:Application/NirCmd.A Not disinfected E:\Dump\ComboFix.exe[ComboFixT\nircmd.exe]
Adware:Adware/Gator Not disinfected E:\Dump\DivXPro511Adware.exe[Gain_Trickler.exe]
Virus:Malware Generic Disinfected E:\Dump\GameXP.zip[GameXP.exe]
-----------------------------------------------------------------
I've tried to remove some .dll files, but they keep coming back! I can't seem to get to the source of the problem.
Thanks in advance.
Edited by BrotherEstapol, 13 June 2007 - 05:22 AM.