| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 90717 | 2008-06-14 00:22:00 | Another hijack reading please | Arnie (6624) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 678248 | 2008-06-14 00:22:00 | Logfile of HijackThis v1.99.1 Scan saved at 11:28:47 a.m., on 14/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\DSLAGENT.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Comodo\CBOClean\BOC426.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Comodo\CBOClean\BOCORE.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.pcworld.co.nz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = go.microsoft.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE PCI O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [070756f0] rundll32.exe "C:\WINDOWS\system32\lndmvard.dll",b O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - www.musicnotes.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - ax.phobos.apple.com.edgesuite.net O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: xkefqtgs - {6B3DAF9C-C48E-486A-9781-A75F610C42E0} - C:\WINDOWS\xkefqtgs.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe I want to install XP3 on this computer is this clean enough , they have had problems with virus etc |
Arnie (6624) | ||
| 678249 | 2008-06-14 01:37:00 | This could probably go but wait for Speedy as I can't see anything O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program |
gary67 (56) | ||
| 678250 | 2008-06-14 02:09:00 | If you do a google search this is reported as a nasty O21 - SSODL: xkefqtgs - {6B3DAF9C-C48E-486A-9781-A75F610C42E0} - C:\WINDOWS\xkefqtgs.dll This is very suspect - O4 - HKLM\..\Run: [070756f0] rundll32.exe "C:\WINDOWS\system32\lndmvard.dll",b rest of the system looks clean, This can be disabled at boot time, no need to run. They will still work when required. O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe As a precaution, download the cleaners from my sig, update, run them to make sure. When installing XP SP3 it pays to disable your antivirus software and any other security software, then turn it back on when finished - had a few problems with customers PC's with security software running. |
wainuitech (129) | ||
| 678251 | 2008-06-14 02:56:00 | Thanks Guys Will have a look when I go back to them later this afternoon:thanks |
Arnie (6624) | ||
| 678252 | 2008-06-14 05:16:00 | You have a Vundo infection in the registry. | Pancake (6359) | ||
| 678253 | 2008-06-14 06:14:00 | Will the programe "VundoFix" assist here??? | Arnie (6624) | ||
| 678254 | 2008-06-14 07:26:00 | These new Vundo infection get right into you file system . This will help me get it out for you . Ok . Lets download ComboFix . exe . This will give me a better view to the files running and also hidden on your computer and also those in the registry . . Please visit this webpage for download links, and instructions for running the tool: . bleepingcomputer . com/combofix/how-to-use-combofix" target="_blank">www . bleepingcomputer . com Please ensure you read this guide carefully and install the Recovery Console first . This applies to XP Pro and XP Home users only . If you have SP3 installed you will need to use SP2 The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode . This allows us to more easily help you should your computer have a problem after an attempted removal of malware . It is a simple procedure that will only take a few moments of your time . Once installed, you should get a prompt that says: The Recovery Console was successfully installed . Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix . (2) Click Yes to allow ComboFix to continue scanning for malware . When the tool is finished, it will produce a report for you . Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix . txt New HijackThis log . Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix . Mal use can cause serious computer problems NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security . If this is an issue or makes it difficult for you - please let me know . |
Pancake (6359) | ||
| 1 | |||||