Thread: Malware Possibly...Need Help.
View Single Post
Old 06-24-2007, 06:36 PM   #1 (permalink)
Sillybear
Registered User
 
Join Date: Jun 2007
Posts: 6
OS: XP


Malware Possibly...Need Help.
I've been having constant pop ups from IE that will show up frequently every 5 minutes after I end my IEXPLORER.exe process. SpybotSD has shown two constant results that won't disappear, and others have followed these two: Command Center, and Smitfraud. I've attempted using the Smitfraud fix and it apparently isn't doing any good. Can anyone help me out by taking a look at this log and possibly telling me what's causing these disruptions?


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:56:25 PM, on 6/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\ppqpkkqc.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe
C:\Program Files\Mozilla Firefox\firefox.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F65A514-189D-099F-7E64-0753C0249F1F} - C:\WINDOWS\System32\hcaxgwb.dll
O2 - BHO: (no name) - {3A4260B3-4F1F-C099-60CE-04DE2E75A91A} - C:\WINDOWS\System32\akxsurc.dll
O2 - BHO: (no name) - {504CB3E8-0548-3DD7-FBCC-094E5FE15F87} - C:\WINDOWS\System32\vihzrei.dll
O2 - BHO: (no name) - {51F5B6DA-F1BF-89C4-05F2-08C3E2C17B29} - C:\WINDOWS\System32\mvyjgd.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\System32\ljhxsyje.dll
O2 - BHO: (no name) - {5C2154CF-76DE-EFFE-1918-094D7E5C6999} - C:\WINDOWS\System32\dnuetgf.dll
O2 - BHO: (no name) - {5D1E3438-27D5-40B1-97D6-4F3B6001B3E4} - C:\WINDOWS\system32\mljkigd.dll
O2 - BHO: (no name) - {5D87F288-16B3-E4A5-B4C7-03F7F3783E05} - C:\WINDOWS\System32\kjrrfig.dll
O2 - BHO: (no name) - {6E30F392-DC09-3A7C-3331-02EEEC294CB0} - C:\WINDOWS\System32\rrextmj.dll
O2 - BHO: (no name) - {6F43F6CA-4098-CA81-804E-0A9889D05A25} - C:\WINDOWS\System32\zthocvj.dll
O2 - BHO: (no name) - {70752D09-9239-8050-BB7B-00B06EF19CA5} - C:\WINDOWS\System32\mikjgzl.dll
O2 - BHO: RdTask Class - {73E0DDC2-A93A-4D64-97B5-646627F61DD2} - C:\WINDOWS\System32\ccc3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - C:\WINDOWS\System32\xwrpunkh.dll
O2 - BHO: (no name) - {BF6B3C0F-CB01-41B2-A75A-17AA8BC0E731} - (no file)
O2 - BHO: (no name) - {DED6B0CB-E110-4C24-8314-FE4D3EC0DA83} - (no file)
O2 - BHO: (no name) - {E55AA2E4-DA77-465E-9F2D-82FDBEB2D5D0} - (no file)
O2 - BHO: (no name) - {E91828D9-074E-4FCA-961C-56CACDFCF363} - C:\WINDOWS\System32\vtstu.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\mrevjhfe.dll",setvm
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft] iusr.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft] iusr.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: mljkigd - C:\WINDOWS\SYSTEM32\mljkigd.dll
O20 - Winlogon Notify: mlljh - C:\WINDOWS\System32\mlljh.dll (file missing)
O20 - Winlogon Notify: vtstu - C:\WINDOWS\System32\vtstu.dll
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\SYSTEM32\winrge32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DisplayController - Unknown owner - C:\WINDOWS\System32\inetsrv\daemon\services.exe (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\ppqpkkqc.exe
O23 - Service: EthernetController - Unknown owner - C:\WINDOWS\System32\inetsrv\daemon\services.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Packets - Unknown owner - C:\windows\system32\dllcache\services.exe (file missing)
O23 - Service: updates - Unknown owner - C:\windows\system32\dllcache\services.exe (file missing)
O23 - Service: vwsrv - Unknown owner - C:\WINDOWS\System32\vwsrv.exe (file missing)

--
End of file - 8193 bytes


Any help would be greatly appreciated. Thanks.
Sillybear is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here