Check out some similar questions!

Keef a leef · Apr 26, 2008, 04:51 AM

I've been trying to ameliorate the following infections from my system to no avail;
I've used uniblue's powersuite, spy sweeper, spybot S&D, AVG, and none have been able to cull the culprits; here's my hijack this log if anyone's willing to take a stab at this;
thanks...

Logfile of HijackThis v1.99.0
Scan saved at 7:40:46 AM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Keith Hernandez\Desktop\Anti-Spyware resistance\HijackThis Oldg.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FB7636A-A072-4FCC-9642-6CF63FB0DEB2} - C:\WINDOWS\system32\opnmjiff.dll
O2 - BHO: (no name) - {E7F55994-D58F-4DF5-ACF6-E9DA0EDCB4D2} - C:\WINDOWS\system32\CSRSR.dll
O4 - HKLM\.. \Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\.. \Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\.. \Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\.. \Run: [BMa3458d12] Rundll32.exe "C:\WINDOWS\system32\hddchcxd.dll",s
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/sof...iveXPlugin.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Webroot Spy Sweeper Engine - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

progunr · Apr 26, 2008, 10:41 AM

I use Avira AntiVir.

It is FREE, scans much faster than AVG or McAfee, and has never allowed anything to get in my computer.

I am however, running Vista so I can't give any comparison for XP.

Good Luck!

invisibleman_productions · May 14, 2008, 12:21 AM

WHAT DO YOU DO IF EVERYTHING FAILS TO REMOVE THE SPYWARE or You are not sure your computer is spyware and virus free? If everything fails to get the nasty spyware removed let the experts take a look at what's happening on your computer.Visit the HijackThis Logs and Analysis forum. BleepingComputer.com -> HijackThis Logs and Malware Removal or SWI Forums -> Malware Removal or
Alliance of Security Analysis Professionals
Alliance of Security Analysis Professionals™

JimGunther · Jul 9, 2008, 10:37 PM

This aways works for me in removing files of that type: Reboot to DOS. Go to the directory where the dll file is located. Type in DEL /P. This will go down the list of files in the directory and will ask you if you want to delete each one (Y/N). Type N for the good ones and Y for the bad one.