Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't get rid of stubborn Malware


  • Please log in to reply

#1
BrotherEstapol

BrotherEstapol

    New Member

  • Member
  • Pip
  • 1 posts
I've tried using numuros programs heaps of times, in safe mode and everything, and I still can't get rid of this damned thing.
Basically, it keeps giving me random pop-up ads in IE6...but like I said, I can't seem to get rid of it.


-----------------------------------------------------------------
HijackThis Log
-----------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:58:48 PM, on 6/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\DVICO\FusionHDTV\FusionHdtvTray.exe
C:\Program Files\DVICO\FusionRemote\FusionRc.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Opera 9\Opera.exe
C:\Documents and Settings\Tim\Desktop\HaX0r treatment\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tim\My Documents\HijackThis-1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\gebbxxv.dll (file missing)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\ofjpydhf.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [FusionTrayAgent] C:\Program Files\DVICO\FusionHDTV\FusionHdtvTray.exe
O4 - HKLM\..\Run: [FusionRemote] C:\Program Files\DVICO\FusionRemote\FusionRc.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [irkzazsv.exe] C:\Documents and Settings\All Users\Application Data\irkzazsv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: gebbxxv - gebbxxv.dll (file missing)
O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll (file missing)
O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

-----------------------------------------------------------------



-----------------------------------------------------------------
Activescan Log
-----------------------------------------------------------------

Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ofjpydhf.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\All Users\Application Data\SecTaskMan\fswduthd.dll.q_804E434_q
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\All Users\Application Data\SecTaskMan\ghfillyh.dll.q_804E434_q
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Tim\Cookies\tim@888[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Tim\Cookies\[email protected][2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Tim\Cookies\tim@ccbill[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Tim\Cookies\tim@tucows[2].txt
Spyware:Spyware/Vundo Not disinfected C:\Documents and Settings\Tim\Desktop\HaX0r treatment\backups\backup-20070531-231533-616.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Tim\Desktop\HaX0r treatment\backups\backup-20070531-231533-887.dll
Dialer:Dialer.KHJ Not disinfected C:\Documents and Settings\Tim\Local Settings\Temp\win20D.tmp.exe
Dialer:Dialer.KHJ Not disinfected C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\0LMB49I7\xc60[1].exe
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\4OY16Q5U\lo1[1]
Dialer:Dialer.KHJ Not disinfected C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\7FP6DJP9\antzom[1].exe
Dialer:Dialer.KHJ Not disinfected C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\8VM3IZAL\antzom[1].exe
Dialer:Dialer.KHJ Not disinfected C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\8VM3IZAL\antzom[2].exe
Dialer:Dialer.KHJ Not disinfected C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\8VM3IZAL\xc60[1].exe
Dialer:Dialer.KHJ Not disinfected C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\ZF0TX0G3\antzom[1].exe
Dialer:Dialer.KHJ Not disinfected C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\ZF0TX0G3\xc60[1].exe
Virus:Malware Generic Disinfected C:\Documents and Settings\Tim\My Documents\My Received Files\XP.zip[WindowsXP Product Key Viewer.exe]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\TimOld\Cookies\[email protected][1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\TimOld\Cookies\tim@ccbill[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\TimOld\Cookies\tim@cgi-bin[5].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\TimOld\Cookies\tim@drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\TimOld\Cookies\tim@errorsafe[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\TimOld\Cookies\tim@go[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\TimOld\Cookies\tim@systemdoctor[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\TimOld\Cookies\[email protected][1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\TimOld\Cookies\[email protected][1].txt
Virus:Malware Generic Disinfected C:\Documents and Settings\TimOld\My Documents\My Received Files\XP.zip[WindowsXP Product Key Viewer.exe]
Hacktool:Exploit/ByteVerify Not disinfected C:\Tim's\Migration\Tim\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-138006ad-41df744b.zip[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Tim's\Migration\Tim\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-138006ad-41df744b.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Tim's\Migration\Tim\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-138006ad-41df744b.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Tim's\Migration\Tim\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-138006ad-41df744b.zip[Beyond.class]
Spyware:Cookie/NewMedia Not disinfected C:\Tim's\Migration\Tim\Cookies\[email protected][1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Tim's\Migration\Tim\Cookies\tim@ccbill[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Tim's\Migration\Tim\Cookies\tim@cgi-bin[5].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Tim's\Migration\Tim\Cookies\tim@drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Tim's\Migration\Tim\Cookies\tim@errorsafe[2].txt
Spyware:Cookie/Go Not disinfected C:\Tim's\Migration\Tim\Cookies\tim@go[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Tim's\Migration\Tim\Cookies\tim@systemdoctor[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Tim's\Migration\Tim\Cookies\[email protected][1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Tim's\Migration\Tim\Cookies\[email protected][1].txt
Virus:Malware Generic Disinfected C:\Tim's\Migration\Tim\My Documents\My Received Files\XP.zip[WindowsXP Product Key Viewer.exe]
Hacktool:HackTool/RockXp4 Not disinfected C:\Tim's\Software\Win XP Code\RockXP\rockxp4.exe
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\byxuvtr.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ddcaxvt.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\efccbcy.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\mljjjkj.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\narrjtsr.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\pmnljki.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\sstqq.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\vktutxbw.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\xxyxxvu.dll.bad
Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\system32\aguacyjf.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\eyxaootd.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wbrindmg.dll
Virus:Trj/Agent.FOB Disinfected C:\WINDOWS\Temp\win151.tmp.exe
Adware:Adware/WUpd Not disinfected E:\BitComet\Downloads\Windows.Xp.Sp2.Keygen.With.Auto.Key.Changer.rar[Windows.Xp.Sp2.Keygen.With.Auto.Key.Changer\windows.xp.sp2.keygen.with.auto.key.changer\Windows.XP.SP2.Keygen\keygen.exe]
Spyware:Spyware/Virtumonde Not disinfected E:\Dump\backups\backup-20070530-181723-504.dll
Spyware:Spyware/Virtumonde Not disinfected E:\Dump\backups\;backup-20070530-181723-794.dll
Spyware:Spyware/Virtumonde Not disinfected E:\Dump\backups\backup-20070530-181836-616.dll
Spyware:Spyware/Virtumonde Not disinfected E:\Dump\backups\backup-20070530-183133-747.dll
Spyware:Spyware/Virtumonde Not disinfected E:\Dump\backups\backup-20070612-170612-972.dll
Spyware:Spyware/Virtumonde Not disinfected E:\Dump\backups\backup-20070612-170717-280.dll
Spyware:Spyware/Virtumonde Not disinfected E:\Dump\backups\backup-20070612-170717-311.dll
Potentially unwanted tool:Application/NirCmd.A Not disinfected E:\Dump\ComboFix.exe[ComboFixT\nircmd.exe]
Adware:Adware/Gator Not disinfected E:\Dump\DivXPro511Adware.exe[Gain_Trickler.exe]
Virus:Malware Generic Disinfected E:\Dump\GameXP.zip[GameXP.exe]
-----------------------------------------------------------------


I've tried to remove some .dll files, but they keep coming back! I can't seem to get to the source of the problem. :whistling:

Thanks in advance. :blink:

Edited by BrotherEstapol, 13 June 2007 - 05:22 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP