Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lets see what we can do with this system.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Bigmatt0211

Bigmatt0211

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 03 January 2009 - 10:09 PM

I tried running dds, but it wont work, so this is the hijackthis log. Ive been running multiple spyware removal programs such as spybot, and it gives me readings of vundo, so that has been fun... Thanks for any help you can give. If there is anything else you need, let me know.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:06 PM, on 1/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
c:program filescommon fileslogitechlvmvfmLVPrcSrv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:WINDOWSsystem32cisvc.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32inetsrvinetinfo.exe
C:Program FilesMcAfeeMBKMBackMonitor.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
C:WINDOWSSystem32snmp.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32mqsvc.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:WINDOWSsystem32mqtgsvc.exe
C:PROGRA~1AVGAVG8avgemc.exe
C:WINDOWSExplorer.EXE
c:PROGRA~1mcafee.comagentmcagent.exe
C:WINDOWSsystem32dllhost.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
c:PROGRA~1mcafeemscmcuimgr.exe
C:WINDOWSsystem32cidaemon.exe
C:WINDOWSsystem32cidaemon.exe
C:WINDOWSehomeehtray.exe
C:Program FilesJavajre1.5.0_02binjusched.exe
C:Program FilesDigital Media Readershwiconem.exe
C:Program FilesIntel Audio StudioIntelAudioStudio.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSzHotkey.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:WINDOWSeHomeehmsas.exe
C:Program FilesMcAfeeMBKMcAfeeDataBackup.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesQuickTimeQTTask.exe
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSsystem32LVCOMSX.EXE
C:Program FilesCommon FilesAOL1230692982eeAOLHostManager.exe
C:Program FilesWindows LiveMessengerMsnMsgr.Exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesAOL1230692982eeAOLServiceHost.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:Program FilesHPDigital Imagingbinhpqbam08.exe
C:Program FilesHPDigital Imagingbinhpqgpc01.exe
c:PROGRA~1mcafeeVIRUSS~1mcvsshld.exe
K:Computer Repair UtilityComputer Repair Utility KitVirus and Malware Removal ToolsHiJackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = www.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {b47b1685-2ee1-46f0-bd67-93e05621432a} - C:WINDOWSsystem32liwoduki.dll (file missing)
O2 - BHO: C:WINDOWSsystem32tyshb36rfjdf.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:WINDOWSsystem32tyshb36rfjdf.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_02binjusched.exe
O4 - HKLM..Run: [Recguard] C:WINDOWSSMINSTRECGUARD.EXE
O4 - HKLM..Run: [SunKistEM] C:Program FilesDigital Media Readershwiconem.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [IntelAudioStudio] "C:Program FilesIntel Audio StudioIntelAudioStudio.exe" TRAY
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [CHotkey] zHotkey.exe
O4 - HKLM..Run: [ShowWnd] ShowWnd.exe
O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [McAfee Backup] C:Program FilesMcAfeeMBKMcAfeeDataBackup.exe
O4 - HKLM..Run: [MBkLogOnHook] C:Program FilesMcAfeeMBKLogOnHook.exe
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [hpqSRMon] C:Program FilesHPDigital ImagingbinhpqSRMon.exe
O4 - HKLM..Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM..Run: [mcagent_exe] C:Program FilesMcAfee.comAgentmcagent.exe /runkey
O4 - HKLM..Run: [Windows xmutler] cftmon32.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [HostManager] C:Program FilesCommon FilesAOL1230692982eeAOLHostManager.exe
O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKLM..Run: [jodazeduwo] Rundll32.exe "C:WINDOWSsystem32mogeviga.dll",s
O4 - HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [ares] "C:Program FilesAresAres.exe" -h
O4 - HKCU..Run: [jsf8j34rgfght] C:DOCUME~1OwnerLOCALS~1Tempwinloggn.exe
O4 - HKUSS-1-5-19..Run: [jodazeduwo] Rundll32.exe "C:WINDOWSsystem32mogeviga.dll",s (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [jodazeduwo] Rundll32.exe "C:WINDOWSsystem32mogeviga.dll",s (User 'NETWORK SERVICE')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_02binnpjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_02binnpjpi150_02.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O20 - AppInit_DLLs: C:WINDOWSsystem32wuleluzu.dll
O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:WINDOWSsystem32tyshb36rfjdf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:program filescommon fileslogitechlvmvfmLVPrcSrv.exe
O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS

--
End of file - 9682 bytes

Ive also ran AVG and Mcafee, and adaware, but the infection stays =(

Edited by Animal, 04 January 2009 - 10:41 PM.


BC AdBot (Login to Remove)

 


#2 Bigmatt0211

Bigmatt0211
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 05 January 2009 - 08:24 PM

Hey, dont worry about this anymore, i got it fixed up. Thanks anyways

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:38 PM

Posted 15 January 2009 - 06:18 PM

Hello there,

Thanks for letting us know. :thumbsup:

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users