We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
hijack this log
callansdad
Posts: 766 Forumite
in Techie Stuff
can someone give this the once over and tell me if there is anything here that could be causing popups and should be deleted ....... or any other probs for that matter
thanks
Logfile of HijackThis v1.99.1
Scan saved at 01:45:27, on 13/07/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.co.uk/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.co.uk/cd_redirects/st35install.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - !!8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: !!6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184286645827
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC1B3639-B13C-49FE-9271-86C12B1F6D7C}: NameServer = 195.92.195.90 195.92.195.91
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
thanks
Logfile of HijackThis v1.99.1
Scan saved at 01:45:27, on 13/07/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.co.uk/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.co.uk/cd_redirects/st35install.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - !!8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: !!6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184286645827
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC1B3639-B13C-49FE-9271-86C12B1F6D7C}: NameServer = 195.92.195.90 195.92.195.91
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
A banker is someone who lends you an umbrella when the sun is shining, and who asks for it back when it start to rain.
0
Comments
-
Nothing there that I can see, what problems are you having?0
-
Are you on Orange? If so, it's probaly them spamming you.
http://forums.asmallorange.com/index.php?showtopic=9869&mode=threaded&pid=66239
What's this? O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm0 -
That looks a bit too short for a HJT log - was it run in Safe Mode? If so, boot the computer normally and run another scan.
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000) is a bit old now. Go to www.windowsupdate.com and get all critical updates, one of which should be IE6. If not, look on the other update categories and see if IE6 or IE7 is listed.0 -
it maybe looks a bit short cos it is a re-install of windows 2000 so their aint a lot of stuff on it.
i am on orange ..... its those old favourite popups that say something like .....
55 registry errors found click here to solve this issue
any ideas?
iom also using firefox but the popups are in a box that says messengerA banker is someone who lends you an umbrella when the sun is shining, and who asks for it back when it start to rain.0 -
Disable the Windows Messenger Service.
Run the Microsoft Management Console by typing in services.msc at a command prompt, or via the run box, and pressing Enter. Double-click on the entry for Messenger, and the screen shown in Figure 1 appears. Choose Disabled as the Startup type, and click OK. Pop-ups will no longer get through. Of course, neither will any network messages from administrators delivered using the service; because of spam, though, the service is being used much less frequently than before.0 -
You don't have a Firewall.
The Windows Messenger Service uses port 135 to deliver messages, so you can kill messages without disabling the service in XP. Instead, you can disable port 135 so that no inbound Internet traffic can use that port to deliver messages. Obviously, how you do this varies according to your network setup. But if you're using a Linksys router at home, go to the router administrator screen and choose Advanced -> Filters. In the Filtered Private Port Range, choose both and for the range type, type in 135 twice. Click on Apply. The pop-ups should now be disabled.
You can use Zone Alarm to block these too.0 -
Lots of helpful advice here for you, callansdad.
You must install a good antivirus and firewall (not Windoze programs) and both those 09 "web\related" entries in your HJT log must go.
You should run through everything in the first 4 posts to this thread, so far as you can with your W2000 operating system .....
http://forums.moneysavingexpert.com/showthread.html?t=133269
It will clean your machine thoroughly (although even this won't necessarily rid you of every piece of malware lurking on your system).
PCH0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.1K Reduce Debt & Boost Income
- 455K Spending & Discounts
- 246.6K Work, Benefits & Business
- 602.9K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards