republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » HJT Log - Winfixer 2005 will not stay away
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Home Office Computers »
« EULAs  
AuthorAll Replies


djcfp

join:2001-02-04
Atascadero, CA

reply to TheJoker
Re: HJT Log - Winfixer 2005 will not stay away

Okay, I followed the steps in your last reply and here are the results of the scans:

Activescan:

Incident Status Location
Spyware:Spyware/Virtumonde No disinfected C:\HJT\backups\backup-20050922-134457-263.dll
Virus:Eicar.Mod No disinfected C:\Program Files\PestPatrol\Help.chm[HowCanITestDetection.html]
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\system32\ddcax.dll

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 3:03:41 PM, on 9/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe
C:\SCANJET\PrecisionScanPro\HPLamp.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EX

E
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\KEYBOA~1\keyexp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

O2 - BHO: MSEvents Object -

{52B1DFC7-AAFC-4362-B103-868B0683C697} -

C:\WINDOWS\system32\ddcax.dll
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan -

{BA52B914-B692-46c4-B683-905236F6F655} -

c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS

Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SideWinderTrayV4]

C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [HP Lamp]

C:\SCANJET\PrecisionScanPro\HPLamp.exe
O4 - HKLM\..\Run: [EM_EXEC]

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EX

E
O4 - HKLM\..\Run: [PinnacleDriverCheck]

C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program

Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MCUpdateExe]

C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe]

c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask]

"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program

Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program

Files\McAfee.com\VSO\oasclnt.exe
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Keyboard Express 3.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite -

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program

Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) -

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program

Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program

Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7}

(Microsoft ProgressBar Control, version 5.0 (SP2)) -

»bin.mcafee.com/molbin/Shared/Com···,22/ComC

tl32.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB}

(BrowseFolderPopup Class) -

»download.mcafee.com/molbin/Share···wFld.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

»a1540.g.akamai.net/7/1540/52/200···nfo.appl

e.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}

(McAfee.com Operating System Class) -

»download.mcafee.com/molbin/share···0,0,99/m

cinsctl.cab
O16 - DPF: {53F63B36-5DB3-4C19-A8AB-2CB9AE7D57F7}

(CFM_AXFTP_MOD.UserControl1) -

»www.racelm.com/rlm/cfmaxftp/cfmprojmod.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

»update.microsoft.com/windowsupda···ls/en/x8

6/client/wuweb_site.cab?1120431258104
O16 - DPF: {6EA0A4DB-0B94-40E1-9165-54F5694C19EC}

(CFM2004noruna.UserControl1) -

»www.racelm.com/rlm/cfm2004/cfm2004noruna.CAB
O16 - DPF: {73989DDC-D9DE-47F7-B262-6FE39DC70BC2}

(CFM2004Turbo.UserControl1) -

»www.racelm.com/rlm/cfmturbo/cfm2004turbo.CAB
O16 - DPF: {797FA1DD-30E7-4093-A892-E8C2A556A583}

(CFM2005TurboDMCrs.UserControl1) -

»www.racelm.com/rlm/cfmturbo/cfm2···MCrs.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

(ActiveScan Installer Class) -

»www.pandasoftware.com/activescan···inst.cab
O16 - DPF: {A49DFBB5-A3BB-45FE-BA2F-34890123C47F}

(CFM2005TurboDMC.UserControl1) -

»www.racelm.com/rlm/cfmturbo/cfm2···oDMC.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}

(DwnldGroupMgr Class) -

»download.mcafee.com/molbin/share···0,0,26/m

cgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

(Java Runtime Environment 1.4.0) -
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

(Java Runtime Environment 1.4.1) -
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E}

(PhotosCtrl Class) -

»photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DB1C1859-F90A-47DE-8934-FB8CECE8E6F3}

(CFM_AXFTP_MOD.UserControl1) -

»www.racelm.com/rlm/cfmaxftp/cfmp···orun.CAB
O16 - DPF: {DDC38B48-52B8-4FD6-BBB3-2FC2C136FD0D}

(CFM2004a.UserControl1) -

»www.racelm.com/rlm/cfm2004/cfm2004a.CAB
O16 - DPF: {F461205D-ABDC-42FE-B2E2-AFD4600B905E}

(MASHControl Class) -

»www.amiuptodate.com/vsc/mvt/bin/···mash.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{6A551B11-F6EE-4A28-8

E26-0BAB4D056B63}: NameServer =

64.166.172.8,206.13.29.12
O20 - Winlogon Notify: ddcax -

C:\WINDOWS\system32\ddcax.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program

Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision -

C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. -

C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GEARSecurity_BackUp - Unknown owner -

C:\WINDOWS\SYSTEM32\GEARSEC.EXE (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc.

- C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner

- C:\Program Files\Common Files\Macromedia

Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) -

McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -

c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) -

McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager

(mcupdmgr.exe) - McAfee, Inc -

C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) -

Webroot Software, Inc. - C:\Program Files\Webroot\Spy

Sweeper\WRSSSDK.exe

Vundofix:

Could not delete file.
Files Deleted sucessfully.
to forum · permalink · · 2005-09-22 18:08:35 · Reply to this
Forums » Up and Running » Security » SecurityHome Office Computers »
« EULAs  

Thursday, 03-Dec 16:33:49 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [162] Comcast Releasing Promised Usage Meter
· [130] Avast Antivirus Has Gone Mad
· [103] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [85] Comcast Makes NBC Universal Acquisition Official
· [81] Latest Consumer Reports Survey Not Kind To AT&T
· [70] Baltimore To Ban Lazy Cable Installs
· [64] Broadband Killed The Game Console
· [57] Sprint Defuses GPS Privacy Media Bomb
· [55] Rogers Unveils The ISP Dream Model
· [47] ACTA: Global Three Strikes
Most people now reading
· False positive in Avast! or is it real? [Security]
· [TWC] Audio/Video outage in Brooklyn [Time Warner Cable TV/Voice]
· Linux is terrorist - according to MS... [All Things Unix]
· Warrior tank seem underpowered these days [World of Warcraft]
· Usenet Services- Clarification [TekSavvy]
· [Rant] Disrespect of PTO [Rants, Raves, and Praise]
· Water pressure, my new nemesis. [Home Repair & Improvement]
· Windows 7 boot manager editing questions [Microsoft Help]
· [CATV] Charter SD channels look like crap on my TVs [Charter HSI/CATV]
· [Config] cisco asa 5505 with multiple outside IP addresses [Cisco]