Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Net1.exe problem - hijack this log


  • Please log in to reply

#1
Dubber Dan

Dubber Dan

    Member

  • Member
  • PipPip
  • 41 posts
I keep getting an error come up on screen referring to net1.exe being unable to locate a dll. The server also keeps building up cpu usage then crashing. I think it's either a virus or spyware of some sort but the AV software hasn't picked it up. Here's my Hijack this log:

Logfile of HijackThis v1.98.1
Scan saved at 09:51:12, on 28/04/2005
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\Program Files\Common Files\Network Associates\Alert Manager\amgrsrvc.exe
C:\PCTI\MYSQL\bin\mysqld-nt.exe
C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe
C:\WINNT\System32\LOCATOR.EXE
C:\WINNT\system32\RpcSs.exe
C:\WINNT\system32\r_server.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Pwrchute\ups.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\exchsrvr\bin\mad.exe
C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
c:\winnt\system32\pstores.exe
C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
C:\Program Files\McAfee\GroupShield Exchange\i386\AVExch32.exe
C:\PROGRA~1\COMMON~1\MCAFEE\LOGAND~1\BIN\I386\LOG_QT~1.EXE
C:\Program Files\McAfee\GroupShield Exchange\i386\updsvc.exe
C:\PROGRA~1\COMMON~1\MCAFEE\LOGAND~1\BIN\I386\LOG_QT~1.EXE
C:\exchsrvr\bin\events.exe
C:\EXCHSRVR\connect\msexcimc\bin\msexcimc.exe
C:\Program Files\McAfee\GroupShield Exchange\i386\odcmd.exe
C:\Program Files\McAfee\GroupShield Exchange\i386\AVBdyScn.exe
C:\PROGRA~1\COMMON~1\MCAFEE\LOGAND~1\BIN\I386\LOG_QT~1.EXE
C:\Program Files\McAfee\GroupShield Exchange\i386\AVMon32.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\loadwc.exe
E:\Applications\PCTI\DOCMAN7\Programs\DME7_Admin.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\VERITAS\Backup Exec\NT\bkupexec.exe
C:\WINNT\system32\EVENTVWR.EXE
C:\PROGRA~1\COMMON~1\MCAFEE\LOGAND~1\BIN\I386\DAO_LOG.EXE
C:\PROGRA~1\COMMON~1\MCAFEE\LOGAND~1\BIN\I386\DAO_LOG.EXE
C:\WINNT\Profiles\Administrator\Desktop\HijackThis.exe
C:\PROGRA~1\COMMON~1\MCAFEE\LOGAND~1\BIN\I386\DAO_LOG.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - Global Startup: Docman Auto Backup.lnk = PCTI\DOCMAN7\Programs\DME7_Admin.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - WWW. Prefix: http://
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gp-j83040.nhs.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gp-j83040.nhs.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 194.72.7.137 194.72.7.142
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gp-j83040.nhs.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 194.72.7.137 194.72.7.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 194.72.7.137 194.72.7.142
  • 0

Advertisements


#2
Dubber Dan

Dubber Dan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
This has slipped several pages back so I thought a little boing was in order :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP