Could u take a look at my Hijack This log?

Discussion in 'adware, spyware & hijack cleaning' started by B-2-0, Nov 24, 2003.

Thread Status:
Not open for further replies.
  1. B-2-0

    B-2-0 Registered Member

    Joined:
    Nov 24, 2003
    Posts:
    10
    Hi, i'm kinda new to the forums and Detox recomended u guys so here i am :)

    I just installed and ran Hijack This. Could any of you guys take a looksee at my log and root out anything that shouldn't be there please?

    Here is my log...

    http://files.gotf.net/images/screenies/log.jpg

    Whoops :D

    here is my log (attached)....

    Also i have just installed Sygate firewall and there are a few apps in the console there that i am not sure what they are....

    NT kernel & system
    Generic host process for win32 services
    Common client CC app
    NDIS user mode I/O driver (this wants access to the network every minute or so)
    LSA shell (export version)
    Application layer gateway service (i have to allow this thru to connect on my FTP proggy SmartFTP)

    Thanx for any help :cool:
     

    Attached Files:

  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi B-2-0,

    Welcome at Wilders. :)

    You got one nasty in your list:
    http://www.symantec.com/avcenter/venc/data/backdoor.sdbot.f.html

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    O4 - HKLM\..\Run: [RDLL] RunDll16.exe

    Then reboot and see if this file is still present:
    RunDll16.exe
    If so delete it. I don't think it will be there if your NAV is up-to-date and functioning properly.

    The apps you listed are all parts of Windows except "Common client CC app" which is a part of Norton.
    That does not necessarily mean they all need access and server rights. I hope one of our specialists will jump in on that matter.
    You should definitely check out this site if you are new to Sygate:
    http://bellsouthpwp.net/i/k/ikpe/

    Regards,

    Pieter
     
  3. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Thnx for helpin' bravo there Pieter ;-) I know you would help anyone but he's a gaming buddy of mine. Not as good as me, of course... :rolleyes:

    But a nice guy anyway :D
     
  4. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    btw feel free to make fun of his log picture :rolleyes:
     
  5. B-2-0

    B-2-0 Registered Member

    Joined:
    Nov 24, 2003
    Posts:
    10
    Thanx Pieter :cool:

    I did what u said and the file is no longer there ;)

    Still kinda curious about these apps trying to get access to the network....The NDIS user mode I/O driver thing keeps popping up every minute or so.

    Thanx again :cool:

    (btw, Detox seems to think he is a bad-ass gamer but he aint all that. All talk 'n' no walk ;) )
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi B-2-0,

    The technical story: http://msdn.microsoft.com/library/en-us/wceddk40/html/cxrefndisuser-modeiodriver.asp

    I know it needs to have permission for a lot of applications to work, like ICS, Remote Desktop etc.

    But it might be advisable to start a new thread in the other firewalls fourm, so the experts can help you out.
    I'm about as good with firewalls, as you think Detox is with gaming. ;)

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.