Help with firewall, ports, protocols

**gamiseta** · #11 1st Jan 2008, 00:23

Trojan.Media-Codec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\explorer\run#isamonitor.exe [ C:\Program Files\Video ActiveX Object\isamonitor.exe ]

Malware.RepairRegistryPro
HKLM\Software\Repair Registry Pro
HKLM\Software\Repair Registry Pro#lastfounderrors
HKLM\Software\Repair Registry Pro#DontStoreStats
HKLM\Software\Microsoft\Windows\CurrentVersion\Run #Repair Registry Pro [ C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s ]

Trojan.Downloader-IBM/Shell
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSA SVC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSA SVC#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSA SVC\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSA SVC\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSA SVC\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSA SVC\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSA SVC\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSA SVC\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSA SVC\0000#DeviceDesc

Trojan.Rustock/LZX32
HKLM\SYSTEM\CurrentControlSet\Services\pe386
HKLM\SYSTEM\CurrentControlSet\Services\pe386#Type
HKLM\SYSTEM\CurrentControlSet\Services\pe386#Start
HKLM\SYSTEM\CurrentControlSet\Services\pe386#Error Control
HKLM\SYSTEM\CurrentControlSet\Services\pe386#Image Path
HKLM\SYSTEM\CurrentControlSet\Services\pe386#Displ ayName
HKLM\SYSTEM\CurrentControlSet\Services\pe386#Group
HKLM\SYSTEM\CurrentControlSet\Services\pe386#ExtPa ram
HKLM\SYSTEM\CurrentControlSet\Services\pe386\Secur ity
HKLM\SYSTEM\CurrentControlSet\Services\pe386\Secur ity#Security
HKLM\SYSTEM\ControlSet001\Services\pe386
HKLM\SYSTEM\ControlSet001\Services\pe386#Type
HKLM\SYSTEM\ControlSet001\Services\pe386#Start
HKLM\SYSTEM\ControlSet001\Services\pe386#ErrorCont rol
HKLM\SYSTEM\ControlSet001\Services\pe386#ImagePath
HKLM\SYSTEM\ControlSet001\Services\pe386#DisplayNa me
HKLM\SYSTEM\ControlSet001\Services\pe386#Group
HKLM\SYSTEM\ControlSet001\Services\pe386#ExtParam
HKLM\SYSTEM\ControlSet001\Services\pe386\Security
HKLM\SYSTEM\ControlSet001\Services\pe386\Security# Security
HKLM\SYSTEM\ControlSet002\Services\pe386
HKLM\SYSTEM\ControlSet002\Services\pe386#Type
HKLM\SYSTEM\ControlSet002\Services\pe386#Start
HKLM\SYSTEM\ControlSet002\Services\pe386#ErrorCont rol
HKLM\SYSTEM\ControlSet002\Services\pe386#ImagePath
HKLM\SYSTEM\ControlSet002\Services\pe386#DisplayNa me
HKLM\SYSTEM\ControlSet002\Services\pe386#Group
HKLM\SYSTEM\ControlSet002\Services\pe386#ExtParam
HKLM\SYSTEM\ControlSet002\Services\pe386\Security
HKLM\SYSTEM\ControlSet002\Services\pe386\Security# Security

Malware.VirusProtectPro
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\ccpMvqu
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\djdiOkThh
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\inngfk
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\InprocServer32
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\ivpidVMduwr
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\jklMQa
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\jQrwgluTjjgfX
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\UennltbecilU
HKCR\TypeLib\{6D7F9517-F134-45E3-BF2E-73414FF15CA1}
HKCR\TypeLib\{6D7F9517-F134-45E3-BF2E-73414FF15CA1}\1.0
HKCR\TypeLib\{6D7F9517-F134-45E3-BF2E-73414FF15CA1}\1.0\0
HKCR\TypeLib\{6D7F9517-F134-45E3-BF2E-73414FF15CA1}\1.0\0\win32
HKCR\TypeLib\{6D7F9517-F134-45E3-BF2E-73414FF15CA1}\1.0\FLAGS
HKCR\TypeLib\{6D7F9517-F134-45E3-BF2E-73414FF15CA1}\1.0\HELPDIR
HKCR\Interface\{03F65A7B-6E49-4ACE-848B-4459DDBD3981}
HKCR\Interface\{03F65A7B-6E49-4ACE-848B-4459DDBD3981}\ProxyStubClsid
HKCR\Interface\{03F65A7B-6E49-4ACE-848B-4459DDBD3981}\ProxyStubClsid32
HKCR\Interface\{03F65A7B-6E49-4ACE-848B-4459DDBD3981}\TypeLib
HKCR\Interface\{03F65A7B-6E49-4ACE-848B-4459DDBD3981}\TypeLib#Version
HKCR\Interface\{15125718-D196-47C9-8FBF-9889C0C85D67}
HKCR\Interface\{15125718-D196-47C9-8FBF-9889C0C85D67}\ProxyStubClsid
HKCR\Interface\{15125718-D196-47C9-8FBF-9889C0C85D67}\ProxyStubClsid32
HKCR\Interface\{15125718-D196-47C9-8FBF-9889C0C85D67}\TypeLib
HKCR\Interface\{15125718-D196-47C9-8FBF-9889C0C85D67}\TypeLib#Version
HKCR\Interface\{21C40A12-3079-4A70-A715-8A44CE0DE829}
HKCR\Interface\{21C40A12-3079-4A70-A715-8A44CE0DE829}\ProxyStubClsid
HKCR\Interface\{21C40A12-3079-4A70-A715-8A44CE0DE829}\ProxyStubClsid32
HKCR\Interface\{21C40A12-3079-4A70-A715-8A44CE0DE829}\TypeLib
HKCR\Interface\{21C40A12-3079-4A70-A715-8A44CE0DE829}\TypeLib#Version
HKCR\Interface\{2A3E745F-1EAE-441F-A5D5-E53C909CEEC1}
HKCR\Interface\{2A3E745F-1EAE-441F-A5D5-E53C909CEEC1}\ProxyStubClsid
HKCR\Interface\{2A3E745F-1EAE-441F-A5D5-E53C909CEEC1}\ProxyStubClsid32
HKCR\Interface\{2A3E745F-1EAE-441F-A5D5-E53C909CEEC1}\TypeLib
HKCR\Interface\{2A3E745F-1EAE-441F-A5D5-E53C909CEEC1}\TypeLib#Version
HKCR\Interface\{2F6A3DCF-D68F-4663-8C25-312BCDBE4D47}
HKCR\Interface\{2F6A3DCF-D68F-4663-8C25-312BCDBE4D47}\ProxyStubClsid
HKCR\Interface\{2F6A3DCF-D68F-4663-8C25-312BCDBE4D47}\ProxyStubClsid32
HKCR\Interface\{2F6A3DCF-D68F-4663-8C25-312BCDBE4D47}\TypeLib
HKCR\Interface\{2F6A3DCF-D68F-4663-8C25-312BCDBE4D47}\TypeLib#Version
HKCR\Interface\{48129B70-2F29-4DBA-A499-BEB1A1554E10}
HKCR\Interface\{48129B70-2F29-4DBA-A499-BEB1A1554E10}\ProxyStubClsid
HKCR\Interface\{48129B70-2F29-4DBA-A499-BEB1A1554E10}\ProxyStubClsid32
HKCR\Interface\{48129B70-2F29-4DBA-A499-BEB1A1554E10}\TypeLib
HKCR\Interface\{48129B70-2F29-4DBA-A499-BEB1A1554E10}\TypeLib#Version
HKCR\Interface\{484E9A1B-C631-47F3-9BC0-F752CDAAFB9A}
HKCR\Interface\{484E9A1B-C631-47F3-9BC0-F752CDAAFB9A}\ProxyStubClsid
HKCR\Interface\{484E9A1B-C631-47F3-9BC0-F752CDAAFB9A}\ProxyStubClsid32
HKCR\Interface\{484E9A1B-C631-47F3-9BC0-F752CDAAFB9A}\TypeLib
HKCR\Interface\{484E9A1B-C631-47F3-9BC0-F752CDAAFB9A}\TypeLib#Version
HKCR\Interface\{A1886D5E-3508-4109-A8A0-F045AA86F3A3}
HKCR\Interface\{A1886D5E-3508-4109-A8A0-F045AA86F3A3}\ProxyStubClsid
HKCR\Interface\{A1886D5E-3508-4109-A8A0-F045AA86F3A3}\ProxyStubClsid32
HKCR\Interface\{A1886D5E-3508-4109-A8A0-F045AA86F3A3}\TypeLib
HKCR\Interface\{A1886D5E-3508-4109-A8A0-F045AA86F3A3}\TypeLib#Version
HKCR\Interface\{A2817460-5C53-4B41-8D01-D3EF255DD41E}
HKCR\Interface\{A2817460-5C53-4B41-8D01-D3EF255DD41E}\ProxyStubClsid
HKCR\Interface\{A2817460-5C53-4B41-8D01-D3EF255DD41E}\ProxyStubClsid32
HKCR\Interface\{A2817460-5C53-4B41-8D01-D3EF255DD41E}\TypeLib
HKCR\Interface\{A2817460-5C53-4B41-8D01-D3EF255DD41E}\TypeLib#Version
HKCR\Interface\{AEEA2138-2168-449E-B995-B56612EEF65E}
HKCR\Interface\{AEEA2138-2168-449E-B995-B56612EEF65E}\ProxyStubClsid
HKCR\Interface\{AEEA2138-2168-449E-B995-B56612EEF65E}\ProxyStubClsid32
HKCR\Interface\{AEEA2138-2168-449E-B995-B56612EEF65E}\TypeLib
HKCR\Interface\{AEEA2138-2168-449E-B995-B56612EEF65E}\TypeLib#Version
HKCR\Interface\{AEFD40BB-03E3-4C66-ABFB-B5720ACB833E}
HKCR\Interface\{AEFD40BB-03E3-4C66-ABFB-B5720ACB833E}\ProxyStubClsid
HKCR\Interface\{AEFD40BB-03E3-4C66-ABFB-B5720ACB833E}\ProxyStubClsid32
HKCR\Interface\{AEFD40BB-03E3-4C66-ABFB-B5720ACB833E}\TypeLib
HKCR\Interface\{AEFD40BB-03E3-4C66-ABFB-B5720ACB833E}\TypeLib#Version
HKCR\Interface\{B9C7A624-88E3-4DFA-8D56-438B10BC0149}
HKCR\Interface\{B9C7A624-88E3-4DFA-8D56-438B10BC0149}\ProxyStubClsid
HKCR\Interface\{B9C7A624-88E3-4DFA-8D56-438B10BC0149}\ProxyStubClsid32
HKCR\Interface\{B9C7A624-88E3-4DFA-8D56-438B10BC0149}\TypeLib
HKCR\Interface\{B9C7A624-88E3-4DFA-8D56-438B10BC0149}\TypeLib#Version
HKCR\Interface\{D21FBDCE-EF01-417C-A1A1-C1EEDB8D5DB6}
HKCR\Interface\{D21FBDCE-EF01-417C-A1A1-C1EEDB8D5DB6}\ProxyStubClsid
HKCR\Interface\{D21FBDCE-EF01-417C-A1A1-C1EEDB8D5DB6}\ProxyStubClsid32
HKCR\Interface\{D21FBDCE-EF01-417C-A1A1-C1EEDB8D5DB6}\TypeLib
HKCR\Interface\{D21FBDCE-EF01-417C-A1A1-C1EEDB8D5DB6}\TypeLib#Version
HKCR\Interface\{EBA2671E-29BF-42D8-B17E-AB5315CC73C5}
HKCR\Interface\{EBA2671E-29BF-42D8-B17E-AB5315CC73C5}\ProxyStubClsid
HKCR\Interface\{EBA2671E-29BF-42D8-B17E-AB5315CC73C5}\ProxyStubClsid32
HKCR\Interface\{EBA2671E-29BF-42D8-B17E-AB5315CC73C5}\TypeLib
HKCR\Interface\{EBA2671E-29BF-42D8-B17E-AB5315CC73C5}\TypeLib#Version
HKCR\Interface\{F105F0C9-50E2-44FA-B3EC-92CA7BFE0C0D}
HKCR\Interface\{F105F0C9-50E2-44FA-B3EC-92CA7BFE0C0D}\ProxyStubClsid
HKCR\Interface\{F105F0C9-50E2-44FA-B3EC-92CA7BFE0C0D}\ProxyStubClsid32
HKCR\Interface\{F105F0C9-50E2-44FA-B3EC-92CA7BFE0C0D}\TypeLib
HKCR\Interface\{F105F0C9-50E2-44FA-B3EC-92CA7BFE0C0D}\TypeLib#Version
HKCR\Interface\{F664EA90-9B91-4825-9B51-5635AC38CCA6}
HKCR\Interface\{F664EA90-9B91-4825-9B51-5635AC38CCA6}\ProxyStubClsid
HKCR\Interface\{F664EA90-9B91-4825-9B51-5635AC38CCA6}\ProxyStubClsid32
HKCR\Interface\{F664EA90-9B91-4825-9B51-5635AC38CCA6}\TypeLib
HKCR\Interface\{F664EA90-9B91-4825-9B51-5635AC38CCA6}\TypeLib#Version
C:\Program Files\VirusProtectPro 3.7\VirusProtectPro 3.7.exe
C:\Program Files\VirusProtectPro 3.7\vpp.ini
C:\Program Files\VirusProtectPro 3.7

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\ANGELA & TONY\FAVORITES\ONLINE SECURITY TEST.URL

**gamiseta** · #12 1st Jan 2008, 00:27

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:00 PM, on 1/01/2008
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\WINNT\loadqm.exe
C:\WINNT\System32\internat.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [teqq32] pizda.exe
O4 - HKLM\..\Run: [TorontoMail] avpmondll.exe
O4 - HKLM\..\Run: [svchost] c:\windows\system32\drivers\svchost.exe
O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dmnhl.exe] C:\WINNT\System32\dmnhl.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [sysconf16] abrek.exe
O4 - HKCU\..\Run: [utsgmon] runload32.exe
O4 - HKCU\..\Run: [CToolBar] systemdll.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyGammonNet - {42ABEA80-798C-4236-B90C-4091EC0927BA} - C:\Program Files\PartyGaming.net\PartyGammonNet\RunPartyGammo nNet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammonNet - {42ABEA80-798C-4236-B90C-4091EC0927BA} - C:\Program Files\PartyGaming.net\PartyGammonNet\RunPartyGammo nNet.exe (file missing)
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Dream Poker - {D45D9D5F-B491-4c95-8B05-FA6B6C69CA82} - C:\Program Files\dreampokerMPP\MPPoker.exe (file missing)
O9 - Extra button: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk (file missing)
O9 - Extra 'Tools' menuitem: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe (file missing)
O9 - Extra button: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - http://online.worldpokertour.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - http://online.worldpokertour.com (file missing) (HKCU)
O20 - AppInit_DLLs: C:\WINNT\System32\__c00D3781.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: heterotroph - {de5ede53-9db0-422d-b32d-5c41c96d6f52} - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Internet - Unknown owner - C:\Program Files\Windows NT\lsass.exe (file missing)

--
End of file - 6615 bytes

**evilfantasy** · #13 1st Jan 2008, 00:47

WOW, that was alot!

The next steps will not take very long.

Open HijackThis and select Do a system scan only then place a check mark next to:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
O9 - Extra button: PartyGammonNet - {42ABEA80-798C-4236-B90C-4091EC0927BA} - C:\Program Files\PartyGaming.net\PartyGammonNet\RunPartyGammo nNet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammonNet - {42ABEA80-798C-4236-B90C-4091EC0927BA} - C:\Program Files\PartyGaming.net\PartyGammonNet\RunPartyGammo nNet.exe (file missing)
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Dream Poker - {D45D9D5F-B491-4c95-8B05-FA6B6C69CA82} - C:\Program Files\dreampokerMPP\MPPoker.exe (file missing)
O9 - Extra button: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk (file missing)
O9 - Extra 'Tools' menuitem: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe (file missing)
O9 - Extra button: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - http://online.worldpokertour.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - http://online.worldpokertour.com (file missing) (HKCU)
O22 - SharedTaskScheduler: heterotroph - {de5ede53-9db0-422d-b32d-5c41c96d6f52} - (no file)

Close all windows except for HijackThis and click Fix checked

---------------

Please download Combofix by sUBs from either here or here

Save Combofix.exe to your your Desktop.

Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter)
When finished, it will produce a log for you.
Attach that log in your next reply.

Do not mouseclick combofix's window while it's running. That may cause your computer to stall

---------------

Next post please add
Combofix log
New HijackThis log

**gamiseta** · #14 4th Feb 2009, 08:08

WOW this thread from ages ago, just to let you know that my computer totally lost connection to the internet after running HijackThis and I had no idea how to reconnect it thats why I never replied, it was the crappest computer anyway. probably a late 90's model. Someone gave it to me for free

Its cool anyway because I took a baseball bat to it and than I went and spent a lot of cash on a new computer a few days later :)) most fun I've ever had on a computer...it was good letting it all out like that, I recommend it to anyone who needs a new computer, BEAT IT UP before you send it away to the garbage tip

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
USB Ports? HELP!	AlishaUk	Drives & Removable Media	6	4th Apr 2009 15:39
Axegrinder USB 2.0 ports are now only being recognized as USB 1.1 ports	Axegrinder	General Software Chat	1	13th Oct 2007 11:22
USB 2.0 ports are now only being recognized as USB 1.1 ports	o1generallee4130	General Software Chat	8	13th Oct 2007 10:23
Need Help on Allowing Certian Ports on Agnitum Outpost Pro Firewall 4.0.1025.7828	ImI	Virus, Spyware & Security	7	20th Aug 2007 22:17