Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

winfix + more malware, HiJackThis log here


  • Please log in to reply

#1
marclacasse

marclacasse

    New Member

  • Member
  • Pip
  • 2 posts
*edit*
so i got the hijackthis log finally
after reading other posts i also ran vundo and activescan, here are the log files

HiJackThis

Logfile of HijackThis v1.99.1
Scan saved at 2:31:00 PM, on 7/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ipMonitor8\ipmrptsrv8.exe
C:\Program Files\ipMonitor8\ipmservice8.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\MyMail\Desktop Assistant\vdac.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ipMonitor8\ipm8watchdog.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\MyMail\Desktop Assistant\vdac.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINNT\system32\uuxnrvhg.dll",forkonce
O4 - Startup: MyMail Desktop Assistant.lnk = C:\Program Files\MyMail\Desktop Assistant\vdac.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...MetaStream3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1149267936859
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www-307.ibm....ntent/AcpIR.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = entertainmentone.ca
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = entertainmentone.ca
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = entertainmentone.ca
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ipMonitorRpt - ipMonitor Corporation - C:\Program Files\ipMonitor8\ipmrptsrv8.exe
O23 - Service: ipMonitorSrv - ipMonitor Corporation - C:\Program Files\ipMonitor8\ipmservice8.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: MyMail Desktop Assistant (VDACSvc) - Visto Corporation, Inc. - C:\Program Files\MyMail\Desktop Assistant\vdac.exe


Activescan
Incident Status Location

Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][3].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][4].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][4].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][3].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][2].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected]are[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][2].txt
Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Cookies\marc [email protected][1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Local Settings\Temp\Cookies\marc [email protected][1].txt
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Local Settings\Temporary Internet Files\Content.IE5\5W0F9P81\installdrivecleanerstart[1].exe
Virus:Trj/Downloader.PCQ Disinfected C:\Documents and Settings\Marc LaCasse.EONE\Local Settings\Temporary Internet Files\Content.IE5\EBTSH8BK\adfcook[1]
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Local Settings\Temporary Internet Files\Content.IE5\KNJRM499\ErrorSafeFreeInstallW[1].cab[UERS_9999_N91S1502NetInstaller.exe]
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Local Settings\Temporary Internet Files\Content.IE5\OLSI2KNC\WinAntiVirusPro2007FreeInstall[1].cab[UWA7P_0001_N91M0809NetInstaller.exe]
Adware:Adware/WinAntivirus2006 Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Local Settings\Temporary Internet Files\Content.IE5\OLSI2KNC\WinAntiVirusPro2007FreeInstall[1].cab[UWA7P_0001_N91M0809NetInstaller.inf]
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\Marc LaCasse.EONE\Local Settings\Temporary Internet Files\Content.IE5\PNFF5P0U\ErrorSafeFreeInstallW[1].exe
Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Marc LaCasse.EONE\Local Settings\Temporary Internet Files\Content.IE5\WDGBGJSV\kcehc_eicooc20070702[1]
Virus:Trj/Downloader.PJT Disinfected C:\WINNT\system32\axsxddjn.exe
Virus:Trj/Downloader.PJT Disinfected C:\WINNT\system32\epxmhqly.exe
Virus:Trj/Downloader.PJT Disinfected C:\WINNT\system32\jgyblmuo.exe
Virus:Trj/Downloader.PJT Disinfected C:\WINNT\system32\mbjeoiqs.exe
Virus:Trj/Downloader.PCQ Disinfected C:\WINNT\system32\opxxfbrn.exe
Virus:Trj/Downloader.OZB Disinfected C:\WINNT\system32\qwerty12.exe
Virus:Trj/Downloader.PJT Disinfected C:\WINNT\system32\sfadleuj.exe
Virus:Trj/Downloader.PJT Disinfected C:\WINNT\system32\swswaknn.exe
Virus:Trj/Downloader.PCQ Disinfected C:\WINNT\system32\tkjxmcno.exe
Virus:Trj/Downloader.PJT Disinfected C:\WINNT\system32\tysubirx.exe
Vundo
system32\gebyw.dll
system32\ghvrnxuu.ini
system32\uuxnrvhg.dll
system32\wybeg.bak.1
system32\wybeg.ini

Edited by marclacasse, 11 July 2007 - 01:53 PM.

  • 0

Advertisements


#2
marclacasse

marclacasse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
so i removed the 1.9 ver and d/l it again an dit still gives me a windows error, any idea why it won't work on my system?
thanks
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP