Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Business Computer Malware Infections.... Popups!


  • This topic is locked This topic is locked
1 reply to this topic

#1 Joe4alb

Joe4alb

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 01 November 2007 - 08:38 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:40 AM, on 11/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hgfrrrsu.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\ADP Client\Desktop\HiJackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [a0ab2592] rundll32.exe "C:\WINDOWS\System32\nfwatoyp.dll",b
O4 - HKCU\..\Run: [main] C:\WINDOWS\System32\drivers\system.exe
O4 - HKCU\..\Run: [default] C:\Documents and Settings\ADP Client\winmain.exe
O4 - HKCU\..\Run: [DDC] C:\WINDOWS\System32\hgfrrrsu.exe
O4 - HKCU\..\RunOnce: [sysinit] C:\WINDOWS\System32\drivers\system.exe
O4 - HKCU\..\RunOnce: [winmz] C:\Documents and Settings\ADP Client\winmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: winsck2.dll
O10 - Unknown file in Winsock LSP: winsck2.dll
O10 - Unknown file in Winsock LSP: winsck2.dll
O10 - Unknown file in Winsock LSP: winsck2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{082AEE81-5E77-49A4-8DD3-ED79FCACF4D6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{082AEE81-5E77-49A4-8DD3-ED79FCACF4D6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\hgfrrrsu.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Xpoint PCRadmin Server (PCRadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\PE\pcradmin.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Xpoint Admin Server (XPadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
O23 - Service: Xpoint Agent Server (xpAgentServer) - Unknown owner - C:\PROGRA~1\Xpoint\agent\Xpagent.exe

--
End of file - 4049 bytes

BC AdBot (Login to Remove)

 


#2 Joe4alb

Joe4alb
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 07 November 2007 - 09:52 PM

Problem fixed.. please close thread. THanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users