Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

melaware infection

Started by jagadish , Sep 10 2006 10:22 AM

  • Please log in to reply

#1
jagadish
Posted 10 September 2006 - 10:22 AM

jagadish

    New Member

  • Member
  • Pip
  • 6 posts
log from hijac k this

Logfile of HijackThis v1.99.1
Scan saved at 12:19:38 PM, on 9/10/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
c:\winnt\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Blue Ridge Networks\Blue Ridge VPN Client\BlueRidgeSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINNT\MSDHCP.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\TrueCryptService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\taskmgr.exe
C:\dev\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.k662.com/home.htm
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O1 - Hosts: 172.20.32.7 tormerchapp
O1 - Hosts: 172.20.32.8 tormerchdb
O1 - Hosts: 172.20.32.10 p1
O1 - Hosts: 172.20.32.11 p2
O1 - Hosts: 172.20.32.20 p3
O1 - Hosts: 172.20.32.21 p4
O1 - Hosts: 172.20.32.30 d1
O1 - Hosts: 172.20.32.31 d2
O1 - Hosts: 172.20.32.50 s1
O1 - Hosts: 172.20.32.51 s2
O1 - Hosts: 172.20.32.52 s3
O2 - BHO: (no name) - {8FA05C9B-5498-4312-957B-BDD73399F94E} - C:\WINNT\system32\drmclient1.dll
O2 - BHO: (no name) - {E730189A-9973-4121-B046-AD1C161EC3AF} - C:\WINNT\system32\37211.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Pop-It Dead] C:\Program Files\Pop-It Dead\PopItDead.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Net Driver] C:\WINNT\system32\netcfgw.exe
O4 - HKLM\..\Run: [Systems32] C:\WINNT\system32\Server.exe
O4 - HKLM\..\Run: [Realplayer.exe] C:\WINNT\system32\Realplayer.exe
O4 - HKLM\..\Run: [Start] Start.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [EndTask Pro] C:\Program Files\EndTask\EndTask Pro\EndTaskPro.exe
O4 - HKCU\..\Run: [Realplayer.exe] C:\WINNT\system32\Realplayer.exe
O4 - HKCU\..\Run: [Start] Start.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {37066585-F2BD-4F2E-A6C6-F2CB64EEE826} (AEP SSL Tunnel Client ActiveX Control) - https://myvpn.harleq.../VPNInstall.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...820/mcfscan.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Blue Ridge Networks Client Services (BlueRidgeSvc) - Blue Ridge Networks, Inc. - C:\Program Files\Blue Ridge Networks\Blue Ridge VPN Client\BlueRidgeSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: DHCP Service (MSDHCP) - Unknown owner - C:\WINNT\MSDHCP.exe
O23 - Service: NWS (Net Work Services) - Unknown owner - C:\WINNT\ntkernel.exe (file missing)
O23 - Service: AEP SSL Tunnel Helper Service (NetillaVPNService) - AEP Networks, Inc. - C:\WINNT\NVPNs.exe
O23 - Service: SVCH0ST - Unknown owner - C:\WINNT\system32\SVCH0ST.exe (file missing)
O23 - Service: TrueCrypt Service (TrueCryptService) - TrueCrypt Foundation - C:\WINNT\SYSTEM32\TrueCryptService.exe
O23 - Service: Update Service For Windows (winupdate) - Unknown owner - C:\WINNT\winupdate.exe (file missing)


errors - the instruction at 0x00fe2fd referenced memory at 0x0000002c. the memory could not be read.


task manager header not showing to kill any process.
  • 0

Advertisements

#2
Guest_rushin1nd_*
Posted 10 September 2006 - 10:27 AM

Guest_rushin1nd_*
  • Guest
Do you suspect a malware (Spyware, Virus, Trojan) infection? Please Start Here.


look for that at the top of your page and click start here post a hijack in the malware forum

your seriously infected
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP