Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help, hjt log


  • Please log in to reply
1 reply to this topic

#1 gangsta69

gangsta69

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 27 September 2005 - 05:16 AM

im a newb 2 this nd yea anyways, im gettin too many popups and spyware.
thanks in advance, -luke

well here it is,

Logfile of HijackThis v1.99.1
Scan saved at 7:54:31 PM, on 27/09/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\csrss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\spoolsv.exe
E:\Vet\isafe.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\WINNT\System32\nvsvc32.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\system32\stisvc.exe
E:\Vet\VetMsg.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\Explorer.exe
E:\WINNT\anvshell.exe
E:\Vet\VetTray.exe
E:\WINNT\loadqm.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\WINNT\system32\syshost.exe
E:\WINNT\System32\winIogon.exe
E:\WINNT\System32\msupdater.exe
E:\WINNT\System32\ctfmon.exe
E:\WINNT\etb\pokapoka69.exe
E:\PROGRA~1\DAP\DAP.EXE
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Documents and Settings\Luke\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 199.227.152.217 www.halifax-online.co.uk
O1 - Hosts: 199.227.152.217 ibank.barclays.co.uk
O1 - Hosts: 199.227.152.217 online.lloydstsb.co.uk
O1 - Hosts: 199.227.152.217 online-business.lloydstsb.co.uk
O1 - Hosts: 199.227.152.217 www.ukpersonal.hsbc.co.uk
O1 - Hosts: 199.227.152.217 www.nwolb.com
O1 - Hosts: 199.227.152.217 banesnet.banesto.es
O1 - Hosts: 199.227.152.217 extranet.banesto.es
O1 - Hosts: 199.227.152.217 ebanking.bccbrescia.it
O1 - Hosts: 199.227.152.217 www.bankofs
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [NeroCheck] E:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [p2pnetwork] p2pnetwork.exe
O4 - HKLM\..\Run: [Microsoft Network Services Controller] E:\WINNT\System32\mmsvc32.exe
O4 - HKLM\..\Run: [Spools Service Controller] E:\WINNT\System32\spools.exe
O4 - HKLM\..\Run: [Application Layer Gateway Service] E:\WINNT\System32\algs.exe
O4 - HKLM\..\Run: [VetTray] E:\Vet\VetTray.exe
O4 - HKLM\..\Run: [IST Service] E:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [EeTSCDNB] E:\WINNT\roterdqj.exe
O4 - HKLM\..\Run: [Internet Optimizer] "E:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] E:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [winupdate] E:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft IIS] E:\WINNT\system32\syshost.exe
O4 - HKLM\..\Run: [ActivIcon] E:\Program Files\ActivIcons\ActivIcon.Exe
O4 - HKLM\..\Run: [DownloadAccelerator] E:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [Windows Logon Application] E:\WINNT\System32\winIogon.exe
O4 - HKLM\..\Run: [Microsoft Windows Updater] msupdater.exe
O4 - HKLM\..\Run: [System service65] E:\WINNT\etb\pokapoka69.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [System service69] E:\WINNT\etb\pokapoka70.exe
O4 - HKLM\..\RunServices: [p2pnetwork] p2pnetwork.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] msupdater.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [p2pnetwork] p2pnetwork.exe
O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINNT\System32\msjava.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - E:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc.../bridge-c18.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_cracks.cab
O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - http://advnt01.com/dialer/int_ver30.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{D84DF783-0130-48A7-9C46-04532919C1AE}: NameServer = 202.161.124.1 202.161.124.2
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - E:\Vet\isafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINNT\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - E:\Vet\VetMsg.exe

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:38 AM

Posted 30 September 2005 - 01:22 PM

Hello gangsta69 and welcome to the BC HijackThis forum. the first thing we need to do is update the operating system on this computer.

Your operating system is extremely out of date. By not keeping the OS updated the computer is vulnerable to every infection on the net and in emails today and trying to repair an unpatched system is virtually impossible. For update purposes, Microsoft has even stopped supporting a system that is this far out of date. Go to the Microsoft Windows 2000 Service Pack 4 site and install Service Pack 4.

Once that is done, go back to the Windows Update site and install all available Critical Updates. This will patch the system with the most current security fixes and plug all the known holes which are present on this system. If you are not on a broadband connection the Service Pack can be obtained from Microsoft for a nominal shipping fee.

After all of the updates have been performed post a new HijackThis log back here using the Add Reply button and I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users