Logfile of HijackThis v1.99.1
Scan saved at 3:40:22 PM, on 26/11/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\internat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [internat.exe] internat.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{00C0E5CF-F080-4749-83B1-D73E92A278C3}: NameServer = 203.194.56.150 203.194.27.57
O17 - HKLM\System\CS1\Services\Tcpip\..\{00C0E5CF-F080-4749-83B1-D73E92A278C3}: NameServer = 203.194.56.150 203.194.27.57
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
Any help given will be greatly appreciated.
Ben.
EDIT: After playing around I've been able to narrow down the source of infection down to the following two items: my Windows 2000 Professional installation disc or the SP4 upgrade (downloaded from microsoft directly). Neither of these options really make any sense to me but I've installed these on another system and the problem persists and they are the only things the two systems have in common.
Edited by billingsgate, 26 November 2005 - 11:26 PM.