Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Net1.exe problem - hijack this log

Started by Dubber Dan , Apr 28 2005 03:03 AM

  • Please log in to reply

#1
Dubber Dan
Posted 28 April 2005 - 03:03 AM

Dubber Dan

    Member

  • Member
  • PipPip
  • 41 posts
I keep getting an error come up on screen referring to net1.exe being unable to locate a dll. The server also keeps building up cpu usage then crashing. I think it's either a virus or spyware of some sort but the AV software hasn't picked it up. Here's my Hijack this log:

Logfile of HijackThis v1.98.1
Scan saved at 09:51:12, on 28/04/2005
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\Program Files\Common Files\Network Associates\Alert Manager\amgrsrvc.exe
C:\PCTI\MYSQL\bin\mysqld-nt.exe
C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe
C:\WINNT\System32\LOCATOR.EXE
C:\WINNT\system32\RpcSs.exe
C:\WINNT\system32\r_server.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Pwrchute\ups.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\exchsrvr\bin\mad.exe
C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
c:\winnt\system32\pstores.exe
C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
C:\Program Files\McAfee\GroupShield Exchange\i386\AVExch32.exe
C:\PROGRA~1\COMMON~1\MCAFEE\LOGAND~1\BIN\I386\LOG_QT~1.EXE
C:\Program Files\McAfee\GroupShield Exchange\i386\updsvc.exe
C:\PROGRA~1\COMMON~1\MCAFEE\LOGAND~1\BIN\I386\LOG_QT~1.EXE
C:\exchsrvr\bin\events.exe
C:\EXCHSRVR\connect\msexcimc\bin\msexcimc.exe
C:\Program Files\McAfee\GroupShield Exchange\i386\odcmd.exe
C:\Program Files\McAfee\GroupShield Exchange\i386\AVBdyScn.exe
C:\PROGRA~1\COMMON~1\MCAFEE\LOGAND~1\BIN\I386\LOG_QT~1.EXE
C:\Program Files\McAfee\GroupShield Exchange\i386\AVMon32.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\loadwc.exe
E:\Applications\PCTI\DOCMAN7\Programs\DME7_Admin.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\VERITAS\Backup Exec\NT\bkupexec.exe
C:\WINNT\system32\EVENTVWR.EXE
C:\PROGRA~1\COMMON~1\MCAFEE\LOGAND~1\BIN\I386\DAO_LOG.EXE
C:\PROGRA~1\COMMON~1\MCAFEE\LOGAND~1\BIN\I386\DAO_LOG.EXE
C:\WINNT\Profiles\Administrator\Desktop\HijackThis.exe
C:\PROGRA~1\COMMON~1\MCAFEE\LOGAND~1\BIN\I386\DAO_LOG.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - Global Startup: Docman Auto Backup.lnk = PCTI\DOCMAN7\Programs\DME7_Admin.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - WWW. Prefix: http://
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gp-j83040.nhs.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gp-j83040.nhs.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 194.72.7.137 194.72.7.142
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gp-j83040.nhs.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 194.72.7.137 194.72.7.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 194.72.7.137 194.72.7.142
  • 0

Advertisements

#2
Dubber Dan
Posted 28 April 2005 - 09:24 AM

Dubber Dan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
This has slipped several pages back so I thought a little boing was in order :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP