| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 92352 | 2008-08-07 03:55:00 | HJT | NZHawk (4093) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 695557 | 2008-08-07 03:55:00 | Could some one have a gander through this log and let me know if any nasties lurk within: Thank you! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:12: VIRUS ALERT!, on 7/08/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\lphc39cj0ephw.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Shared Files\CamTray.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Owner\Desktop\2 Cleaning Tools\Hijack This\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.ht m R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.ht m O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [lphc39cj0ephw] C:\WINDOWS\system32\lphc39cj0ephw.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: tfnslopk - {FBD2DFB2-0025-47EE-847E-2A6809DDDBAB} - C:\WINDOWS\tfnslopk.dll (file missing) O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 5124 bytes |
NZHawk (4093) | ||
| 695558 | 2008-08-07 04:07:00 | Tick these then tick fix checked Close browsers If this file is running end its process, then find and delete it C:\WINDOWS\system32\lphc39cj0ephw.exe <- delete this file O4 - HKLM\..\Run: [lphc39cj0ephw] C:\WINDOWS\system32\lphc39cj0ephw.exe Did you install videoaccesscodec?? Some kind of codec? If you did, uninstall it O21 - SSODL: tfnslopk - {FBD2DFB2-0025-47EE-847E-2A6809DDDBAB} - C:\WINDOWS\tfnslopk.dll (file missing) Get this install it update it then scan (www.malwarebytes.org) |
Speedy Gonzales (78) | ||
| 695559 | 2008-08-07 04:31:00 | something has blocked any ability to update: Malwarebytes, Spyware Terminator, SuperAntiSpyware & Spyware Terminator. Running MalwareBytes w/o update |
NZHawk (4093) | ||
| 695560 | 2008-08-07 04:33:00 | Did you terminate that file's process in task manager? If its running? Then tick the entries then reboot? |
Speedy Gonzales (78) | ||
| 695561 | 2008-08-07 04:34:00 | Yes, I didn't reboot. I'll reboot & try the update again. Still unable to update after reboot |
NZHawk (4093) | ||
| 695562 | 2008-08-07 04:39:00 | Try another server from within malwarebytes. The one youre using maybe down | Speedy Gonzales (78) | ||
| 695563 | 2008-08-07 04:42:00 | tried all 3 without any luck | NZHawk (4093) | ||
| 695564 | 2008-08-07 04:43:00 | mmm did you delete that file I posted, if its on the hdd? | Speedy Gonzales (78) | ||
| 695565 | 2008-08-07 04:47:00 | yep - deleted | NZHawk (4093) | ||
| 695566 | 2008-08-07 04:52:00 | Post another log, did malwarebytes pick anything up? Heres an update (malwarebytes.gt500.org) But not the latest |
Speedy Gonzales (78) | ||
| 1 2 | |||||