Free Malware Removal Forum

[stephenp23]

Can you help please. I seem to have a malware infestation that is causing slow working on Firefox, sometimes re-direction and premature closing of web pages. I have run Spybot, Adaware, A-squared, Clamwin and Malwarebytes. Malwarebytes has cleaned up most of it, but every run still finds two Trojans (almost immediately), then says it has fixed them, buut they are there on restart and next scan. My system is Windows XP SP3. I have System Restore switched off.

The ClamWin log shows:
Malwarebytes' Anti-Malware 1.39
Database version: 2523
Windows 5.1.2600 Service Pack 3

01/08/2009 13:21:33
mbam-log-2009-08-01 (13-21-33).txt

Scan type: Full Scan (C:\|)
Objects scanned: 5766
Time elapsed: 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\hjgruixhvimpdx.dll (Trojan.TDSS) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\system32\hjgruixhvimpdx.dll (Trojan.TDSS) -> Quarantined and deleted successfully.


My Hijack This log is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:58:35, on 01/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe

Thanks for all help.

[NonSuch]

In order for someone to analyze your HijackThis log, you must post the entire log, first line through last. The log you have posted is incomplete and is missing the entire bottom half, which includes important information about your computer. You will need to provide us with a complete HijackThis log before we can help you. Please follow the guideline at the link below to start a new topic and post your HijackThis log.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<