Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Trojan Invasion


  • This topic is locked This topic is locked
2 replies to this topic

#1 Fonzi

Fonzi

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 27 November 2006 - 02:01 AM

Hello,

I've been running into several issues with my PC recently and can't figure out what is wrong. I've had files moved around while other folders have been renamed. I've run anti viruses and anti spywares apps but haven't found anything. If possible, I would appreciate to have an expert look at my HijackThis log file to see what I have and what I can do.

Cheers



Logfile of HijackThis v1.99.1
Scan saved at 10:44:01 PM, on 11/26/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\drivers\dcfssvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\WINNT\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv50.exe
C:\Program Files\KODAK\KODAK EASYSHARE Software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\MightyFax\MFNTCTL.EXE
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\faxsvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lynn1\Desktop\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
O1 - Hosts: 127.0.0.1 localhost #***Inserted By STOPzilla***
O1 - Hosts: # Copyright © 1993-1999 Microsoft Corp.
O1 - Hosts: #
O1 - Hosts: # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
O1 - Hosts: #
O1 - Hosts: # This file contains the mappings of IP addresses to host names. Each
O1 - Hosts: # entry should be kept on an individual line. The IP address should
O1 - Hosts: # be placed in the first column followed by the corresponding host name.
O1 - Hosts: # The IP address and the host name should be separated by at least one
O1 - Hosts: # space.
O1 - Hosts: #
O1 - Hosts: # Additionally, comments (such as these) may be inserted on individual
O1 - Hosts: # lines or following the machine name denoted by a '#' symbol.
O1 - Hosts: #
O1 - Hosts: # For example:
O1 - Hosts: #
O1 - Hosts: # 102.54.94.97 rhino.acme.com # source server
O1 - Hosts: # 38.25.63.10 x.acme.com # x client host
O1 - Hosts: 127.0.0.1 2005-search.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 600pics.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 absolutepics.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 ad.yieldmanager.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 alex.fileburst.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 all-tgp.org # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 apps.deskwizz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 awmdabest.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 b.casalemedia.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 besthardcore.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bins.elitemediagroup.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bn.i-ru.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bundleware.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 burnsrecyclinginc.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 campaigns.interclick.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 clickfast.biz # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 code.jcash.biz # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 code.trasferimento.biz # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 command.adservs.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 content.dollarrevenue.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 content.exetraffic.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 content2.dollarrevenue.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 coolwebsearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 cumhereteens.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 cyber-search.biz # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 ddh24.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 dedmazai.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 dnv-counter.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 download.accessmedia.tv # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 download.jupitersatellites.biz # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 exeloads.info # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 faccesborrate.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 flavinha.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 forlink.biz # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 fullbizzone.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 game4all.biz # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 get-access.host.sk # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 go-pic.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 granjerascachondas.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 heretofind.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 hqthumbz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 it.online-more.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 krovalidajop.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 lust-mature.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 mikos.paraisoasiatico.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 mmm.elitemediagroup.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 more-pages.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 morteen.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 msmn.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 musah.info # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 netincap.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 newsh.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 niuqennaois.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 nude-teen-bodies.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 onlyhotlinks.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 on-search.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 picshunter.us # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 picslab.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 promo.dollarrevenue.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 redirect.msupdate.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 rogalik.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 search4www.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 searchforit.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 searchx.cc # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 sex-pics.biz # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 sexyfaceplace.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 software.topinstalls.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 sp2admin.biz # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 surubanet.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 teen-biz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 teen-fantazi.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 teenygirlshome.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 traff5all.biz # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 traffbest.biz # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 traffbucks.biz # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 traffmoney.biz # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 ukstories.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 ultra-search.biz # ***Inserted By STOPzilla***
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\ZB2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: STOPzilla securitybar - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\ZB2.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\system32\msconfig.exe /auto
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINNT\Downloaded Program Files\SbCIe02a.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\rnr20.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\winrnr.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\rsvpsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\rsvpsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msafd.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: DirectAnimation Java Classes - file://C:\WINNT\Java\classes\dajava.cab
O16 - DPF: Microsoft XML Parser for Java - file://C:\WINNT\Java\classes\xmldso.cab
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} (FileCruiser Class) - http://mlslink.mlxchange.com/Control/FileCruiser.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://rebgv.mlslink.ca/MLSTools/ScriptX.cab
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - http://mlslink.mlxchange.com/Control/Specfile.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} - http://codecs.microsoft.com/codecs/i386/wmvax.cab
O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} - http://codecs.microsoft.com/codecs/i386/wmv8ax.cab
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mlslink.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} (LiteGridCtl Class) - http://mlslink.mlxchange.com/Control/LiteGrid.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlslink.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
O16 - DPF: {9A5FA170-E20B-4BFD-88B8-9F0DEDFD697B} (Hepler Class) - http://mlslink.mlxchange.com/Control/Helper.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} (DropList Class) - http://mlslink.mlxchange.com/Control/AspCustomCtrls.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx
O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll
O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\shell32.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O21 - SSODL: Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\WINNT\system32\NETSHELL.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINNT\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - stobject.dll (file missing)
O23 - Service: Alerter - Microsoft Corporation - C:\WINNT\System32\services.exe
O23 - Service: Application Management (AppMgmt) - Microsoft Corporation - C:\WINNT\system32\services.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Computer Browser (Browser) - Microsoft Corporation - C:\WINNT\System32\services.exe
O23 - Service: Indexing Service (cisvc) - Microsoft Corporation - C:\WINNT\System32\cisvc.exe
O23 - Service: ClipBook (ClipSrv) - Microsoft Corporation - C:\WINNT\system32\clipsrv.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINNT\system32\drivers\dcfssvc.exe
O23 - Service: DHCP Client (Dhcp) - Microsoft Corporation - C:\WINNT\System32\services.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Logical Disk Manager (dmserver) - Microsoft Corporation - C:\WINNT\System32\services.exe
O23 - Service: DNS Client (Dnscache) - Microsoft Corporation - C:\WINNT\System32\services.exe
O23 - Service: Event Log (Eventlog) - Microsoft Corporation - C:\WINNT\system32\services.exe
O23 - Service: COM+ Event System (EventSystem) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Fax Service (Fax) - Microsoft Corporation - C:\WINNT\system32\faxsvc.exe
O23 - Service: Server (lanmanserver) - Microsoft Corporation - C:\WINNT\System32\services.exe
O23 - Service: Workstation (lanmanworkstation) - Microsoft Corporation - C:\WINNT\System32\services.exe
O23 - Service: TCP/IP NetBIOS Helper Service (LmHosts) - Microsoft Corporation - C:\WINNT\System32\services.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Microsoft Corporation - C:\WINNT\System32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Microsoft Corporation - C:\WINNT\System32\msdtc.exe
O23 - Service: Windows Installer (MSIServer) - Microsoft Corporation - C:\WINNT\System32\MsiExec.exe
O23 - Service: Network DDE (NetDDE) - Microsoft Corporation - C:\WINNT\system32\netdde.exe
O23 - Service: Network DDE DSDM (NetDDEdsdm) - Microsoft Corporation - C:\WINNT\system32\netdde.exe
O23 - Service: Net Logon (Netlogon) - Microsoft Corporation - C:\WINNT\System32\lsass.exe
O23 - Service: Network Connections (Netman) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Microsoft Corporation - C:\WINNT\System32\lsass.exe
O23 - Service: Removable Storage (NtmsSvc) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv50.exe
O23 - Service: Plug and Play (PlugPlay) - Microsoft Corporation - C:\WINNT\system32\services.exe
O23 - Service: IPSEC Policy Agent (PolicyAgent) - Microsoft Corporation - C:\WINNT\System32\lsass.exe
O23 - Service: Protected Storage (ProtectedStorage) - Microsoft Corporation - C:\WINNT\system32\services.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK EASYSHARE Software\bin\ptssvc.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Remote Access Connection Manager (RasMan) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Remote Registry Service (RemoteRegistry) - Microsoft Corporation - C:\WINNT\system32\regsvc.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Microsoft Corporation - C:\WINNT\System32\locator.exe
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Microsoft Corporation - C:\WINNT\system32\svchost.exe
O23 - Service: QoS RSVP (RSVP) - Microsoft Corporation - C:\WINNT\System32\rsvp.exe
O23 - Service: Security Accounts Manager (SamSs) - Microsoft Corporation - C:\WINNT\system32\lsass.exe
O23 - Service: Smart Card Helper (SCardDrv) - Microsoft Corporation - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Smart Card (SCardSvr) - Microsoft Corporation - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Task Scheduler (Schedule) - Microsoft Corporation - C:\WINNT\system32\MSTask.exe
O23 - Service: RunAs Service (seclogon) - Microsoft Corporation - C:\WINNT\system32\services.exe
O23 - Service: System Event Notification (SENS) - Microsoft Corporation - C:\WINNT\system32\svchost.exe
O23 - Service: Internet Connection Sharing (SharedAccess) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Print Spooler (Spooler) - Microsoft Corporation - C:\WINNT\system32\spoolsv.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Microsoft Corporation - C:\WINNT\system32\smlogsvc.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Telephony (TapiSrv) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Telnet (TlntSvr) - Microsoft Corporation - C:\WINNT\system32\tlntsvr.exe
O23 - Service: Distributed Link Tracking Client (TrkWks) - Microsoft Corporation - C:\WINNT\system32\services.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Microsoft Corporation - C:\WINNT\System32\ups.exe
O23 - Service: Utility Manager (UtilMan) - Microsoft Corporation - C:\WINNT\System32\UtilMan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Time (W32Time) - Microsoft Corporation - C:\WINNT\System32\services.exe
O23 - Service: Windows Management Instrumentation (WinMgmt) - Microsoft Corporation - C:\WINNT\System32\WBEM\WinMgmt.exe
O23 - Service: WMDM PMSP Service - Microsoft Corporation - C:\WINNT\system32\mspmspsv.exe
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Microsoft Corporation - C:\WINNT\system32\Services.exe
O23 - Service: Automatic Updates (wuauserv) - Microsoft Corporation - C:\WINNT\system32\svchost.exe
O23 - Service: Wireless Configuration (WZCSVC) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

BC AdBot (Login to Remove)

 


#2 Whisperer

Whisperer

  • Members
  • 405 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 10 December 2006 - 09:35 AM

Hi Fonzi and welcome to the Bleeping Computer forums. My name is Whisperer and I will be helping you with your problem but I do not have Win2000. Although I am experienced with computers, I am currently a Trainee in Malware removal and, as such, ALL of my fixes will be checked by malware experts. I apologise for the delay in contacting you but things are pretty hectic in the anti-malware world. If you still need help then read on.

You would appear to have gone overboard in the protection of your computer as you have more than one anti-virus solution running and more than one software firewall. Both of these are no-no procedures as each will interact with the other. It looks as though you have the full Panda suite (Firewall & Anti-Virus) and the Zonelabs firewall and AVG anti-virus. Please remove all but one firewall and one AntiVirus.

If you have not done so already, please do the initial cleanup steps in the following instructions and then post a new log: Preparation Guide For Use Before Posting a HijackThis Log

I would like you to produce a list of installed programs to assist me in any cleanup.
  • To do this open your HijackThis
    • Click on Open the Misc Tools section or Config… button, depending on how you are set up.
    • If you used the Config... option then click the Misc Tools tab
    • Select Open Uninstall Manager , a list of your installed programs will be displayed.
    • Select the Save List… button and save the file to your desktop.
  • Please post a copy of this list and an up-to-date HijackThis log in your reply
I will look at your log in greater detail after you have carried out the above.
GT :thumbsup:

#3 illukka

illukka

    retar.. erm retired!


  • Security Colleague
  • 2,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Pits Of Hell
  • Local time:10:49 PM

Posted 08 January 2007 - 12:19 PM

due to lack of feedback to a helper--> this topic is now closed
to get it reopened PM a staff member with the address of this thread.
this applies to the topic starter only, everyone else with similar problems start a new topic.

thank you Whisperer :thumbsup:
To Ride, Shoot Straight And Speak The Truth

a retired malware fighter/teacher/advisor




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users