Answers to your tech questions
Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

 
 Reply to this topicStart new topic
> win2k malware ?
daz85
post Dec 4 2007, 05:11 AM
Post #1


New Member
*

Group: New Member
Posts: 1
Joined: 4-December 07
Member No.: 74,920
Operating System: win2k
Hi All,
I have SD installed and run reports no issues but occasionally I get ad pages popped up. Additionally I have occasional firefox and IE crashes ... (usually while watching vids).

Here is my Hijack This log.... if someone could take a look it would be appreciated...

-----
Logfile of HijackThis v1.99.1
Scan saved at 10:06:52 PM, on 12/4/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\LEXBCES.EXE
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\LEXPPS.EXE
D:\WINNT\system32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
D:\WINNT\system32\vmnat.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\Program Files\UltraVNC\winvnc.exe
D:\WINNT\system32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\vmnetdhcp.exe
D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINNT\System32\mdm.exe
D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINNT\system32\msiexec.exe
D:\WINNT\system32\mmc.exe
D:\WINNT\system32\wuauclt.exe
D:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smh.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.optus.com.au:8080
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
F2 - REG:system.ini: UserInit=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 0 - {59D671E6-8BC8-4676-AF8D-5C9B0E75FE85} - D:\Program Files\Internet Explorer\zymixas.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {86C19D39-F87B-4EAA-9055-335727A2EA77} - D:\Program Files\NetMeeting\vibyf.dll
O2 - BHO: IEHlprObj Class - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - D:\Program Files\BPFTP Go!Zilla v4.1\GoIEHlp.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Download with Go!Zilla - file://D:\Program Files\BPFTP Go!Zilla v4.1\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - https://gamma54.projecthosts.com/ProjectSer...ts/pjclient.cab
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - https://gamma54.projecthosts.com/ProjectSer...033/pjcintl.cab
O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - D:\PROGRA~1\QUESTS~1\TOADFO~1\RNetPin.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINNT\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe
O23 - Service: OracleOraDb10g_home1iSQL*Plus - Oracle - L:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe
O23 - Service: OracleOraDb10g_home1TNSListener - Unknown owner - L:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe
O23 - Service: OracleOraDb10g_home1TNSListeneroracl - Unknown owner - L:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe
O23 - Service: OracleServiceORCL - Oracle Corporation - l:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE
O23 - Service: OracleServiceORCL2 - Oracle Corporation - l:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINNT\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - D:\WINNT\system32\vmnat.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - D:\Program Files\UltraVNC\winvnc.exe" -service (file missing)
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - D:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe


-----
Go to the top of the page
 
+Quote Post
« Next Oldest · HijackThis™ Logs and Infections Removal · Next Newest »
 

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 9th January 2009 - 10:49 PM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
Powered By IP.Board © 2009  IPS, Inc.