Help Help! +hijacklog

mafiaink
mafiaink
in Malware talk

this problem apperd out of no where, even rest my computer with system restore but it just came back


get this error message when i bootup windows


p-07-0100 irql: 1f sysver 0xff00024


NT_kernel error 1256


KMODE_ExEPTION_NOT HANDLED


plus two new icons appeard on my desktop; Help & Support Center + Windows Updater


when you delete them they just come back


keep getting promps to download safe storage software


also getting error messages when i open "my computer"


and my C: drive has an a red X as its icon and when u open it theres thousands of .tmp files, these files are also in My Documents


run bitdefender and it finds loads of trojans but just moves them


keep getting prompts from my firewall that 'windows" is trying to access the internet


here is the hijackthis log:


Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 2:42:49 AM, on 1/12/2008


Platform: Windows XP SP2 (WinNT 5.01.2600)


MSIE: Internet Explorer v7.00 (7.00.6000.16574)


Boot mode: Normal


Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\Explorer.EXE


C:\WINDOWS\system32\spoolsv.exe


C:\Program Files\Comodo\CBOClean\BOCORE.exe


C:\Program Files\Comodo\common\CAVASpy\cavasm.exe


C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe


C:\PROGRA~1\Comodo\CBOClean\BOC425.exe


C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe


C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe


C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe


C:\Program Files\Softwin\BitDefender10\bdagent.exe


C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe


C:\Program Files\Softwin\BitDefender10\vsserv.exe


C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe


C:\WINDOWS\system32\ctfmon.exe


C:\Program Files\Mozilla Firefox\firefox.exe


C:\Documents and Settings\Prince\Desktop\HiJackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...virginmedia.com


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


O4 - HKLM\..\Run: [bOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe


O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"


O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe


O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"


O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE


O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe


O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe


O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe


O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe


O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe


O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe


O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)


O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe


O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe


--


End of file - 4335 bytes

Comments

  • farbar
    farbar

    Hi,


    The infection maybe hiding itself fron HJT. Please do the folowing:


    • Go to the folder where hijackthis.exe resides. Rename 'hijackthis.exe' to something like 'shine.exe'. Note that renaming the shortcut doesn't do the job.
    • Make and post a fresh hijackthis log.
  • farbar
    farbar

    Adding to the post:


    To make a new HJT log double click on shine.exe

All Time Leaders

Categories

Defenders of the month