Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected With Some Adware


  • This topic is locked This topic is locked
2 replies to this topic

#1 saravanan

saravanan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 03 July 2006 - 06:59 AM

Logfile of HijackThis v1.99.1
Scan saved at 5:19:58 PM, on 7/3/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\U2FyYXZhbmFuLkEuVg\command.exe
c:\dfndrb_3.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\taskshed.exe
C:\Program Files\HijackThis\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Configure] msconfigures.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdb_3.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrb_3.exe
O4 - HKLM\..\RunServices: [Microsoft Configure] msconfigures.exe
O4 - HKCU\..\Run: [Microsoft Configure] msconfigures.exe
O4 - HKCU\..\RunServices: [Microsoft Configure] msconfigures.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1151666262999
O17 - HKLM\System\CCS\Services\Tcpip\..\{18AEDB43-E05E-4DD2-8B92-46889198D02F}: NameServer = 202.9.145.6,202.9.145.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{18AEDB43-E05E-4DD2-8B92-46889198D02F}: NameServer = 202.9.145.6,202.9.145.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{18AEDB43-E05E-4DD2-8B92-46889198D02F}: NameServer = 202.9.145.6,202.9.145.7
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\ir08l5du1.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2FyYXZhbmFuLkEuVg\command.exe
O23 - Service: TskScheduler - Unknown owner - C:\WINDOWS\taskshed.exe

BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:54 AM

Posted 03 July 2006 - 07:02 AM

Welcome.. :thumbsup:

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft.com/downloads/details...;DisplayLang=en

Do NOT install Service Pack 2 yet!!

Apply the update, reboot, and post back with a fresh HijackThis log.
Hi there, stranger!

#3 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:54 AM

Posted 10 July 2006 - 08:11 AM

Due to lack of feedback, this thread has been closed. If you're the original poster and need this Topic reopened, please PM a Staff member with the address of this thread.
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users