Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

winfix + more malware, HiJackThis log here

Started by marclacasse , Jul 11 2007 09:51 AM

  • Please log in to reply

#1
marclacasse
Posted 11 July 2007 - 09:51 AM

marclacasse

    New Member

  • Member
  • Pip
  • 2 posts
*edit*
so i got the hijackthis log finally
after reading other posts i also ran vundo and activescan, here are the log files

HiJackThis

Logfile of HijackThis v1.99.1
Scan saved at 2:31:00 PM, on 7/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ipMonitor8\ipmrptsrv8.exe
C:\Program Files\ipMonitor8\ipmservice8.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\MyMail\Desktop Assistant\vdac.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ipMonitor8\ipm8watchdog.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\MyMail\Desktop Assistant\vdac.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINNT\system32\uuxnrvhg.dll",forkonce
O4 - Startup: MyMail Desktop Assistant.lnk = C:\Program Files\MyMail\Desktop Assistant\vdac.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...MetaStream3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1149267936859
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www-307.ibm....ntent/AcpIR.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = entertainmentone.ca
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = entertainmentone.ca
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = entertainmentone.ca
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ipMonitorRpt - ipMonitor Corporation - C:\Program Files\ipMonitor8\ipmrptsrv8.exe
O23 - Service: ipMonitorSrv - ipMonitor Corporation - C:\Program Files\ipMonitor8\ipmservice8.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: MyMail Desktop Assistant (VDACSvc) - Visto Corporation, Inc. - C:\Program Files\MyMail\Desktop Assistant\vdac.exe


Activescan
Incident Status Location

Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@888[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@adrevolver[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@apmebf[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@atdmt[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@atdmt[3].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@cassava[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@clickbank[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@com[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@doubleclick[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@drivecleaner[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@drivecleaner[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@drivecleaner[4].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@errorsafe[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@findwhat[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@qksrv[2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@statcounter[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][4].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@systemdoctor[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@systemdoctor[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@systemdoctor[3].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@target[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@tucows[2].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@weborama[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@winantispyware[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@winantivirus[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@winantivirus[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][2].txt
Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc lacasse@xiti[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Local Settings\Temp\Cookies\marc [email protected][1].txt
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Local Settings\Temporary Internet Files\Content.IE5\5W0F9P81\installdrivecleanerstart[1].exe
Virus:Trj/Downloader.PCQ Disinfected C:\Documents and Settings\Marc LaCasse.EONE\Local Settings\Temporary Internet Files\Content.IE5\EBTSH8BK\adfcook[1]
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Local Settings\Temporary Internet Files\Content.IE5\KNJRM499\ErrorSafeFreeInstallW[1].cab[UERS_9999_N91S1502NetInstaller.exe]
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Local Settings\Temporary Internet Files\Content.IE5\OLSI2KNC\WinAntiVirusPro2007FreeInstall[1].cab[UWA7P_0001_N91M0809NetInstaller.exe]
Adware:Adware/WinAntivirus2006 Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Local Settings\Temporary Internet Files\Content.IE5\OLSI2KNC\WinAntiVirusPro2007FreeInstall[1].cab[UWA7P_0001_N91M0809NetInstaller.inf]
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Local Settings\Temporary Internet Files\Content.IE5\PNFF5P0U\ErrorSafeFreeInstallW[1].exe
Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Marc LaCasse.EONE\Local Settings\Temporary Internet Files\Content.IE5\WDGBGJSV\kcehc_eicooc20070702[1]
Virus:Trj/Downloader.PJT Disinfected C:\WINNT\system32\axsxddjn.exe
Virus:Trj/Downloader.PJT Disinfected C:\WINNT\system32\epxmhqly.exe
Virus:Trj/Downloader.PJT Disinfected C:\WINNT\system32\jgyblmuo.exe
Virus:Trj/Downloader.PJT Disinfected C:\WINNT\system32\mbjeoiqs.exe
Virus:Trj/Downloader.PCQ Disinfected C:\WINNT\system32\opxxfbrn.exe
Virus:Trj/Downloader.OZB Disinfected C:\WINNT\system32\qwerty12.exe
Virus:Trj/Downloader.PJT Disinfected C:\WINNT\system32\sfadleuj.exe
Virus:Trj/Downloader.PJT Disinfected C:\WINNT\system32\swswaknn.exe
Virus:Trj/Downloader.PCQ Disinfected C:\WINNT\system32\tkjxmcno.exe
Virus:Trj/Downloader.PJT Disinfected C:\WINNT\system32\tysubirx.exe
Vundo
system32\gebyw.dll
system32\ghvrnxuu.ini
system32\uuxnrvhg.dll
system32\wybeg.bak.1
system32\wybeg.ini

Edited by marclacasse, 11 July 2007 - 01:53 PM.

  • 0

Advertisements

#2
marclacasse
Posted 11 July 2007 - 10:28 AM

marclacasse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
so i removed the 1.9 ver and d/l it again an dit still gives me a windows error, any idea why it won't work on my system?
thanks
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP