Can someone tell me whats wrong?

[earl]

Hi I have an amd k6, ie 6 sp1 browser, 128mb ram, windows 2000K
just did a fresh install, ie keeps giving error messages re svhost? here is a HJT log, somethings werid, found lovesan and healed it, can believe my PCs such a pig already less than 24hrs after reformat and fresh install!! whats internat.exe? sounds funny!!
I know I have spyware that has to stay for netpumper to work,unfortunate!!

Logfile of HijackThis v1.96.1
Scan saved at 7:37:46 p.m., on 30/08/2003
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVG6\avgserv.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\Explorer.exe
E:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
E:\Program Files\NetPumper\NetPumperIEProxy.exe
E:\WINNT\System32\internat.exe
E:\Program Files\WeatherCast\Weather.exe
E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
E:\Program Files\Microsoft Office\Office\OSA.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\WINNT\system32\rundll32.exe
C:\unzipped\hijackthis196\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xtra.co.nz/home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.netguide.co.nz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by NetGuide Magazine
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] E:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG_CC] E:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [NetPumper] "E:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [WhenUSave] E:\PROGRA~1\Save\Save.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [WeatherCast] E:\Program Files\WeatherCast\Weather.exe /q
O4 - Startup: Microsoft Find Fast.lnk = E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = E:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Google Search - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with NetPumper - E:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: Si&milar Pages - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://E:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=http://www.netguide.co.nz
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0...ll/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...862.2177314815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {D32C3BAD-5213-49BD-A7D5-E6DE6C0D8249} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C37DBC9-816F-4683-B9F0-79892B8B6AD8}: NameServer = 202.89.128.16 202.89.128.17
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C37DBC9-816F-4683-B9F0-79892B8B6AD8}: NameServer = 202.89.128.16 202.89.128.17

[AnnMarie]

Hi earl - internat.exe is the language selection icon in your system tray. Does your error message say "svchost.exe has generated errors and will be closed by Windows"? If so then this is the error message generated in Win2K by attempts to infect your PC by Blaster. See here. it is imperative that you install this patch Blaster Worm: Critical Security Patch for Windows 2000. Please note that the download requires Windows 2000 Service Pack 2 or later.

[earl]

Quote:

Originally Posted by AnnMarie

Hi earl - internat.exe is the language selection icon in your system tray. Does your error message say "svchost.exe has generated errors and will be closed by Windows"? If so then this is the error message generated in Win2K by attempts to infect your PC by Blaster. See here. it is imperative that you install this patch Blaster Worm: Critical Security Patch for Windows 2000. Please note that the download requires Windows 2000 Service Pack 2 or later.

Thanks for info, I have been trying and trying to download patch, still no luck, is there a way of putting same on with out being on line for 200 ++odd minitues,(I may have read somewhere there is? love to know how!!) I have a dial up and running same overnight seems my only option, I have downloaded sp4 but installing it is taking a long time, for a precution I have downloaded and installed zonealarm, Im not sure if this will stop blaster? does any one have an opinion on whats the best firewall, again thanks for all the help from members of this forum, I have the computer addiction, and love learning about same, even if it is by getting attacked by viruses!! I read the article on the guy that released blaster, not a great thing to do, but hes showing up the weaknesses of the mighty microsofts corps software, sort of david and golith stuff!!Should the sue him or microsoft??

[AnnMarie]

Try downloading all your critical updates from Windows Update earl. If you havent already installed the patch, it will be included.