Sign In »
Register Now!
Help
I get random popups containing ads. When I run spybot SD I get 3 possible threats. I remove them but they come back. 2 of them is Common hijacker to a ip=69.20.16.183 and the last one is IgetNet, ieautosearch also to the same IP
I have a log from Hijack this. If I try to remove the 3 01-posts in the hijackscan they also come back in a few seconds. Can anyone help?
Logfile of HijackThis v1.98.2
Scan saved at 16:15:48, on 2004-11-30
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\CA\Common\Alert\ALERT.EXE
C:\Program\Cisco Systems\VPN Client\cvpnd.exe
C:\Program\Compaq\COMPAQ~1\hibserv.exe
C:\Program\CA\eTrust\InoculateIT\InoRpc.exe
C:\Program\CA\eTrust\InoculateIT\InoRT.exe
C:\Program\CA\eTrust\InoculateIT\InoTask.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nutsrv4.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Compaq\EAB\EabServr.exe
C:\Program\CA\eTrust\InoculateIT\realmon.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.se
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.msn.se
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dovlx1.dom.se/intraweb/go
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Realtime Monitor] C:\Program\CA\eTrust\InoculateIT\realmon.exe
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\Program\Rational\Rational Test\nutcroot\bin\ncoeenv.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{08DB9CFC-4B41-45A5-9A87-6B1637BF986B}: NameServer = 159.190.1.72,159.190.1.8,164.9.196.5,169.9.196.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{08DB9CFC-4B41-45A5-9A87-6B1637BF986B}: NameServer = 159.190.1.72,159.190.1.8,164.9.196.5,169.9.196.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{08DB9CFC-4B41-45A5-9A87-6B1637BF986B}: NameServer = 159.190.1.72,159.190.1.8,164.9.196.5,169.9.196.55
Recommended Software
Page 1 of 1
- You cannot start a new topic
-
This topic is locked
Get Random Popups
Back to top
MultiQuote
#2
tg1911 
- UberTechie
-
- Group: Members
- Posts: 1245
- Joined: 23-August 04
- Location:SW Louisiana
- Operating System:Windows XP Home
Posted 30 November 2004 - 11:21 AM
Put HijackThis in a Permanent folder:
Click My Computer / C: / File / New / Folder / name the folder; HijackThis
Put HijackThis.exe, in this folder.
This is a mandatory step, for the backup and restore functions, of HijackThis, to be able to work.
Read the pinned post in the Security forum, here
Then, run a log, and post it in the HJT forum, here. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Click My Computer / C: / File / New / Folder / name the folder; HijackThis
Put HijackThis.exe, in this folder.
This is a mandatory step, for the backup and restore functions, of HijackThis, to be able to work.
Read the pinned post in the Security forum, here
Then, run a log, and post it in the HJT forum, here. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
Please, be patient, these people are volunteers. They will help you out, as soon as possible.
#3
michaely
- Member
-
- Group: Members
- Posts: 2
- Joined: 30-November 04
Posted 01 December 2004 - 04:38 AM
Hi again
Started a new from a restartpoint day before yesterday
Installed and ran the new updated adaware which found several problems compared to my old version.
that seems to have made the trick
Thanks!
Michael
Started a new from a restartpoint day before yesterday
Installed and ran the new updated adaware which found several problems compared to my old version.
that seems to have made the trick
Thanks!
Michael
#4
Dragon
- The Spyware Killing Dragon
-
- Group: Trusted Helpers
- Posts: 974
- Joined: 28-September 04
- Location:Iowa USA
- Operating System:Windows Vista Home Premium & Ubuntu--Vanilla Kernel
Posted 03 December 2004 - 11:37 AM
hi Michaely,
could you please post a new hijack this log, I wan to tcompare it to your old one to make sure everything is fixed.
Thanks
could you please post a new hijack this log, I wan to tcompare it to your old one to make sure everything is fixed.
Thanks
Page 1 of 1
- You cannot start a new topic
-
This topic is locked