 Pskelley, A bad one |
Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)
  |
 Dec 26 2004, 01:12 PM
Post
#1
|
|
|
Authentic Member  Group: Authentic Member Posts: 76 Joined: 28-July 04 Member No.: 11,258  |
here is my desktop log. I think it's pretty ugly. Obviously I take better care of my laptop but now it's time to take care of the good old laptop. Where do we begin? Logfile of HijackThis v1.99.0 Scan saved at 7:11:18 PM, on 12/26/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE C:\WINDOWS\SYSTEM\INTERNAT.EXE C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE C:\WINDOWS\RUNDLL32.EXE C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE C:\PROGRAM FILES\PINNACLE\SHARED FILES\PROGRAMS\PCLESCHEDULER.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\TEMP\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [internat.exe] internat.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE" O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Startup: PowerReg Scheduler.exe O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Pinnacle Scheduler.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\PCLEScheduler.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.directv.direcway.com/main/dpcsysinfo.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/...B/e-Safekey.cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.54.64.170,212.54.64.171 Roligan |
 |
 
|
|
Dec 26 2004, 05:16 PM
Post
#2
|
|
|
Authentic Member Group: Authentic Member Posts: 76 Joined: 28-July 04 Member No.: 11,258 |
Anyone else_
|
|
|
|
|
Dec 26 2004, 05:27 PM
Post
#3
|
|
|
Authentic Member Group: Authentic Member Posts: 76 Joined: 28-July 04 Member No.: 11,258 |
There is something else wrong here. When I try to scan with HouseCall it gets to scanning System Files and then it freezes up. I have scanned with CA and nothing came up. When I scan with Ad-Aware it goes extremely slow and after 10 minu´tes it has scanned 1000 files. Something is definitively wrong.
Can somebody help. I have Norton Anti Virus and nothing comes up. I have scanned with Spybot and all that comes up is DSO Exploit. I'm running out of ideas. Sometimes when I open IE it is looking up up some website 216.xxxxxx or 68.xxxxx instead of going directly to yahoo.com (home page). Please help. |
|
|
|
|
Dec 28 2004, 05:52 AM
Post
#4
|
|
 spyware hawk  Group: Classroom Teacher Posts: 8,946 Joined: 20-March 04 From: sky Member No.: 3,163 Operating System: XP & 2000  |
Is this the same computer as here.
http://forums.tomcoyote.org/index.php?showtopic=25029&hl= |
|
|
|
|
Jan 8 2005, 08:44 PM
Post
#5
|
|
|
spyware hawk Group: Classroom Teacher Posts: 8,946 Joined: 20-March 04 From: sky Member No.: 3,163 Operating System: XP & 2000 |
Due to inactivity this topic will be closed.
To help keep you clean follow the recommendations in Tony's article here: So how did I get infected in the first place? If you need this topic reopened, please request this by sending an email to us at the following link (Click for address) The subject of the email must be "Reopen". Include your post username and details about why you need it reopened, with a valid link to your post. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
2 | LDTate | 804 | 20th April 2007 - 05:37 PM Last post by: MrCharlie |
|||
|
11 | LDTate | 914 | 22nd April 2006 - 08:47 PM Last post by: tashi |
|||
|
Time is now: 8th January 2009 - 11:08 PM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
