Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

melaware infection


  • Please log in to reply

#1
jagadish

jagadish

    New Member

  • Member
  • Pip
  • 6 posts
log from hijac k this

Logfile of HijackThis v1.99.1
Scan saved at 12:19:38 PM, on 9/10/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
c:\winnt\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Blue Ridge Networks\Blue Ridge VPN Client\BlueRidgeSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINNT\MSDHCP.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\TrueCryptService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\taskmgr.exe
C:\dev\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.k662.com/home.htm
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O1 - Hosts: 172.20.32.7 tormerchapp
O1 - Hosts: 172.20.32.8 tormerchdb
O1 - Hosts: 172.20.32.10 p1
O1 - Hosts: 172.20.32.11 p2
O1 - Hosts: 172.20.32.20 p3
O1 - Hosts: 172.20.32.21 p4
O1 - Hosts: 172.20.32.30 d1
O1 - Hosts: 172.20.32.31 d2
O1 - Hosts: 172.20.32.50 s1
O1 - Hosts: 172.20.32.51 s2
O1 - Hosts: 172.20.32.52 s3
O2 - BHO: (no name) - {8FA05C9B-5498-4312-957B-BDD73399F94E} - C:\WINNT\system32\drmclient1.dll
O2 - BHO: (no name) - {E730189A-9973-4121-B046-AD1C161EC3AF} - C:\WINNT\system32\37211.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Pop-It Dead] C:\Program Files\Pop-It Dead\PopItDead.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Net Driver] C:\WINNT\system32\netcfgw.exe
O4 - HKLM\..\Run: [Systems32] C:\WINNT\system32\Server.exe
O4 - HKLM\..\Run: [Realplayer.exe] C:\WINNT\system32\Realplayer.exe
O4 - HKLM\..\Run: [Start] Start.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [EndTask Pro] C:\Program Files\EndTask\EndTask Pro\EndTaskPro.exe
O4 - HKCU\..\Run: [Realplayer.exe] C:\WINNT\system32\Realplayer.exe
O4 - HKCU\..\Run: [Start] Start.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {37066585-F2BD-4F2E-A6C6-F2CB64EEE826} (AEP SSL Tunnel Client ActiveX Control) - https://myvpn.harleq.../VPNInstall.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...820/mcfscan.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Blue Ridge Networks Client Services (BlueRidgeSvc) - Blue Ridge Networks, Inc. - C:\Program Files\Blue Ridge Networks\Blue Ridge VPN Client\BlueRidgeSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: DHCP Service (MSDHCP) - Unknown owner - C:\WINNT\MSDHCP.exe
O23 - Service: NWS (Net Work Services) - Unknown owner - C:\WINNT\ntkernel.exe (file missing)
O23 - Service: AEP SSL Tunnel Helper Service (NetillaVPNService) - AEP Networks, Inc. - C:\WINNT\NVPNs.exe
O23 - Service: SVCH0ST - Unknown owner - C:\WINNT\system32\SVCH0ST.exe (file missing)
O23 - Service: TrueCrypt Service (TrueCryptService) - TrueCrypt Foundation - C:\WINNT\SYSTEM32\TrueCryptService.exe
O23 - Service: Update Service For Windows (winupdate) - Unknown owner - C:\WINNT\winupdate.exe (file missing)


errors - the instruction at 0x00fe2fd referenced memory at 0x0000002c. the memory could not be read.


task manager header not showing to kill any process.
  • 0

Advertisements


#2
Guest_rushin1nd_*

Guest_rushin1nd_*
  • Guest
Do you suspect a malware (Spyware, Virus, Trojan) infection? Please Start Here.


look for that at the top of your page and click start here post a hijack in the malware forum

your seriously infected
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP