| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 116433 | 2011-03-03 20:18:00 | Help, Big Security problem | Vince (406) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1183320 | 2011-03-03 20:18:00 | I have being having a great deal of trouble with anything to do with passwords :horrified One site renewed my password 7 times in 18/20 hours. facebook is impossible. Phishing is apparently behind it. Here is a hijack this log for you good people Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:37:45 a.m., on 4/03/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe F:\Program Files\Comodo\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe F:\Program Files\Tools\Avast Antivirus\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe F:\PROGRA~1\Tools\Cacheman\CACHEM~1\CachemanXP.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe F:\Program Files\Java\bin\jqs.exe F:\Program Files\DiskPrograms\CD Burner XP\NMSAccessU.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE F:\PROGRA~1\SYSTEM~1\WScheduler.exe F:\Program Files\Tools\Ava Find\AvaFind.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE F:\Program Files\Tools\Avast Antivirus\avastUI.exe C:\WINDOWS\System32\svchost.exe F:\Program Files\Comodo\COMODO\COMODO Internet Security\cfp.exe F:\Program Files\IObit SmartDefrag\IObit SmartDefrag.exe F:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe F:\Program Files\Tools\TaskBar Shuffle\Taskbar Shuffle\taskbarshuffle.exe F:\Program Files\Mouse Driver\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe F:\Program Files\AZZ CARDFILE\azzCardfile\azzCardfile.exe F:\Program Files\Chameleon Clock\ChamClock.exe F:\Program Files\Mozilla Thunderbird\thunderbird.exe F:\Program Files\Click-n-Type\Click-N-Type.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\SYSTEM32\SOL.EXE C:\WINDOWS\SYSTEM32\FREECELL.EXE C:\WINDOWS\SYSTEM32\spider.exe C:\Program Files\Microsoft Works\WksDB.exe C:\Program Files\Microsoft Works\MSWorks.exe F:\Program Files\Firefox\firefox.exe F:\Program Files\Firefox\plugin-container.exe F:\Program Files\Password Safe\pwsafe.exe C:\WINDOWS\system32\NOTEPAD.EXE F:\Program Files\MUSICMATCH\mmjb.exe F:\Program Files\MUSICMATCH\MMDiag.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE F:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.xtramsn.co.nz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\Tools\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - F:\Program Files\Canon Printer\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - F:\Program Files\Canon Printer\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [WScheduler] F:\PROGRA~1\SYSTEM~1\WScheduler.exe /LOGON O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AvaFind] F:\Program Files\Tools\Ava Find\AvaFind.exe /minimized O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43" O4 - HKLM\..\Run: [avast5] "F:\Program Files\Tools\Avast Antivirus\avastUI.exe" /nogui O4 - HKLM\..\Run: [COMODO Internet Security] "F:\Program Files\Comodo\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [SmartDefrag] "F:\Program Files\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C43 Series" /M "Stylus C43" O4 - HKCU\..\Run: [Taskbar Shuffle] F:\Program Files\Tools\TaskBar Shuffle\Taskbar Shuffle\taskbarshuffle.exe O4 - S-1-5-18 Startup: azzCardfile.lnk = F:\Program Files\AZZ CARDFILE\azzCardfile\azzCardfile.exe (User 'SYSTEM') O4 - .DEFAULT Startup: azzCardfile.lnk = F:\Program Files\AZZ CARDFILE\azzCardfile\azzCardfile.exe (User 'Default user') O4 - Startup: azzCardfile.lnk = F:\Program Files\AZZ CARDFILE\azzCardfile\azzCardfile.exe O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Mouse Driver\SetPoint\SetPoint.exe O4 - Global Startup: Mozilla Firefox.lnk = F:\Program Files\Firefox\firefox.exe O4 - Global Startup: Mozilla Thunderbird.lnk = F:\Program Files\Mozilla Thunderbird\thunderbird.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://F:\Program Files\Canon Printer\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://F:\Program Files\Canon Printer\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://F:\Program Files\Canon Printer\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://F:\Program Files\Canon Printer\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\Tools\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\Tools\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.paradise.net.nz/ O16 - DPF: ppctlcab - O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} - O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} - O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - O17 - HKLM\System\CCS\Services\Tcpip\..\{90BCC2C4-DC62-44C0-A260-92D849F14D8C}: NameServer = 203.96.152.4,203.96.152.12 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\Tools\Super Spyware Remover\SASWINLO.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - F:\Program Files\Tools\Avast Antivirus\AvastSvc.exe O23 - Service: AVEPCOYVYOKME - Unknown owner - C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\AVEPCOYVYOKME.e xe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CachemanXP (CachemanXPService) - Outertech - F:\PROGRA~1\Tools\Cacheman\CACHEM~1\CachemanXP.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - F:\Program Files\Comodo\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NMSAccessU - Unknown owner - F:\Program Files\DiskPrograms\CD Burner XP\NMSAccessU.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 11782 bytes |
Vince (406) | ||
| 1183321 | 2011-03-03 22:30:00 | IE6 is waaay out of date, thats probably why there's been phishing, so many loopholes in IE6 get IE8 from here www.microsoft.com more info about IE6 en.wikipedia.org |
GameJunkie (72) | ||
| 1183322 | 2011-03-04 00:53:00 | Perhaps you have or had a keylogger or other trojan on that PC ? Have you checked the AV logs & spyware scanner logs ?? This looks really suspicious: anyone have more info ?? O23 - Service: AVEPCOYVYOKME - Unknown owner - C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\AVEPCOYVYOKME.e xe (file missing) |
1101 (13337) | ||
| 1183323 | 2011-03-04 01:01:00 | What's on drive F? I noticed a lot of processes running from drive F. |
bot (15449) | ||
| 1183324 | 2011-03-04 04:09:00 | IE6 is waaay out of date, thats probably why there's been phishing, so many loopholes in IE6 get IE8 from here www.microsoft.com more info about IE6 en.wikipedia.org I use firefox. |
Vince (406) | ||
| 1183325 | 2011-03-04 04:18:00 | I have being having a great deal of trouble with anything to do with passwords :horrified One site renewed my password 7 times in 18/20 hours . facebook is impossible . What trouble specifically . Just passwords not working or what? What specifically with Facebook? |
pctek (84) | ||
| 1183326 | 2011-03-04 04:38:00 | What's on drive F? I noticed a lot of processes running from drive F. F is for programs. It is on a different physical disc, to spread the load. |
Vince (406) | ||
| 1183327 | 2011-03-04 05:44:00 | You can tick these then tick fix checked Close browsers O4 - HKLM\..\Run: [SmartDefrag] "F:\Program Files\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - Global Startup: Mozilla Firefox.lnk = F:\Program Files\Firefox\firefox.exe O4 - Global Startup: Mozilla Thunderbird.lnk = F:\Program Files\Mozilla Thunderbird\thunderbird.exe O16 - DPF: ppctlcab - O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} - O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} - O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - O23 - Service: AVEPCOYVYOKME - Unknown owner - C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\AVEPCOYVYOKME.e xe (file missing) |
Speedy Gonzales (78) | ||
| 1183328 | 2011-03-04 05:59:00 | I use firefox. that may be so but you should keep it up to date nontheless |
GameJunkie (72) | ||
| 1183329 | 2011-03-07 15:41:00 | that may be so but you should keep it up to date nontheless What makes you think I don't keep my software up to date!:annoyed: I seem to have sorted the problem, don't really know how though. Thanks |
Vince (406) | ||
| 1 2 | |||||