Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help Please! Centinal VXD(?) Issue... [CLOSED]


  • This topic is locked This topic is locked

#1
Ghandi Bob

Ghandi Bob

    New Member

  • Member
  • Pip
  • 2 posts
My PC is acting up, (as so often they do).

The desktop wallpaper has disappeared, only to be replaced by an advert explaining "YOUR PC IS INFECTED...blah blah...Click here and you can get a magical all fixing piece of software" (Not exact words but you get my point).

I've tried all the usual gumption, (Adaware, Spybot, etc) but to no avail. The only thing I've managed to do is get rid of the actual advert, leaving just a flashing white background on the desktop. Obviously, there is a hidden program running somewhere, so it is slowing the PC down and being generally very frustrating.

The only clue I have is that sometimes, when you reset the PC, the little box stating that a program cannot be shut down pops up, stating that there is a program called 'Centinal VXD' running. I can find no trace of this anywhere.

So, here we go, a Hijack This log to see if there is anyone that can help me. Please! :tazz:

-----------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:53:56, on 05/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IE Doctor\IEDoctor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Home\My Documents\Dan\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IE Doctor] C:\Program Files\IE Doctor\IEDoctor.exe /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {1263AB8A-6ABD-4D69-BB48-02752AAA1798} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1263AB8A-6ABD-4D69-BB48-02752AAA1798} - (no file) (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104520286215
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFA0A7C3-AACA-4F84-A9F1-31D97BF1E54E}: NameServer = 195.92.195.94 195.92.195.95
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
  • 0

Advertisements


#2
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time.

Click here

Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
Ghandi Bob

Ghandi Bob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Just out of interest, why not Service Pack 2? Is it not another quality Microsoft product? ;) :tazz:
  • 0

#4
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
You made the initial move towards doom - installed Windows XP !!!!!! Dont ask me about quality.

Dont install SP2 on an infected PC.
  • 0

#5
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP