frank Posted January 29, 2006 Report Share Posted January 29, 2006 (edited) is tehre anything here i can jsut turn off that i dont need?Logfile of HijackThis v1.99.1Scan saved at 2:22:03 PM, on 1/29/2006Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\svchost.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\WINNT\system32\devldr32.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exeC:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\Icons\Seticon.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\MSI\Live Update 3\LMonitor.exeC:\WINNT\system32\ctfmon.exeC:\PROGRA~1\Cacheman\Cacheman.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Program Files\Palm\HOTSYNC.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\Administrator\Desktop\a2personalsetup.exeC:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-HT9VS.tmp\is-5U28G.tmpC:\Program Files\a2\a2upd.exeC:\Documents and Settings\Administrator\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocxO4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exeO4 - HKLM\..\Run: [setIcon] C:\Program Files\Icons\Seticon.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exeO4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exeO4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\Cacheman\Cacheman.exeO4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXEO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0241d6dc377970...ip/RdxIE601.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1130103273390O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130695614437O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exeO23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exeO23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exeO23 - Service: RemoteShutDown Service (RemShutDownSvc) - Unknown owner - C:\WINNT\System32\remsdnsv.exe Edited January 29, 2006 by frank Link to post Share on other sites
Besttechie Posted January 30, 2006 Report Share Posted January 30, 2006 Hey Frank,Please submit the following file to jotti. It seems it may be some kind of virus (SDBot varient possibly)Jotti File Submission:Please go to Jotti's malware scanCopy and paste the following file path into the "File to upload & scan"box on the top of the page:C:\WINNT\System32\remsdnsv.exe[*] Click on the submit button[*] Please post the results in your next reply.Good luck! B Link to post Share on other sites
therock247uk Posted April 5, 2006 Report Share Posted April 5, 2006 Inactive topic...If you still need help on this problem, contact me or one of the Moderators to re-open this up.Topic closed. Link to post Share on other sites
Recommended Posts