anti trojan onle check checks different ip

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Shiran

Thread Starter
Joined
Oct 14, 2003
Messages
53
Though I checked through ANTI TROJAN CHECK it doest check my ip. it runs the check on some other ip which is not at all in my ip range here is my hijack report once again can anybody pease chach it once again & advice me

Logfile of HijackThis v1.97.3
Scan saved at 5:08:07 PM, on 10/14/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\msdtc.exe
D:\Program Files\NavNT\defwatch.exe
D:\WINNT\system32\Dfssvc.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\ismserv.exe
D:\WINNT\System32\llssrv.exe
c:\msdm.exe
D:\Program Files\NavNT\rtvscan.exe
D:\WINNT\system32\ntfrs.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\System32\locator.exe
D:\WINNT\system32\hypertrm.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\inetsrv\inetinfo.exe
D:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
D:\WINNT\system32\MsgSys.EXE
D:\Program Files\Microsoft ISA Server\mspadmin.exe
D:\Exchsrvr\bin\store.exe
D:\Program Files\Microsoft ISA Server\w3proxy.exe
D:\Program Files\Microsoft ISA Server\W3Prefch.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\Explorer.EXE
D:\Program Files\NavNT\vptray.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\TurboNote\tbnote.exe
D:\Program Files\Yahoo!\Messenger\ypager.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\MailWasher Pro\MailWasher.exe
D:\Program Files\Outlook Express\msimn.exe
D:\PROGRA~1\WINZIP\winzip32.exe
D:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 202.51.155.178:8080
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Acrobat\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] D:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [WinApp32] msapp.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TurboNote.lnk = D:\Program Files\TurboNote\tbnote.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: DigiChat Applet - http://host5.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://61.196.229.166/kxhcm10.ocx
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3C5BA506-6C30-4738-9CED-797ACADEA8DC} (Loader Class) - http://cyberspace.com/SQLoader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = doom.lanka.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EC2423D-F2A7-43A0-852A-83356BBA04EE}: NameServer = 202.51.128.70,202.51.131.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{23A8F508-4DA8-4D90-A0F8-E674F6DB2B92}: NameServer = 202.51.128.70,202.51.131.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{46F34E54-3A01-4B6E-AD4F-4D5E035D9D15}: NameServer = 1.0.128.70,202.51.131.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = doom.lanka.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = doom.lanka.net
 
Joined
Oct 9, 2001
Messages
9,396
Is this the ip thats coming up?202.51.155.178
your on a proxy server,but you do have a trojan.
Download the trial version of "the cleaner here:
www.moosoft.com
update it before you scan.
Post back with the results.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
which online site are you using.

many sites are unable to resolve your genuine computer IP if you access via a proxy or have cable/dsl and your ISP has an inline transparant proxy. the trojan checker checks the ISP server not your computer.

check here for a list of online scanners and find one that actually checks your computer not your ISp's server
http://www.wilders.org/free_services.htm
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top