RN
Logfile of HijackThis v1.99.1
Scan saved at 4:09:08 PM, on 9/7/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINNT\lsass.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FSGK32.EXE
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\dns.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\CCProxy\CCProxy.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Documents and Settings\Administrator.QSSISERVER\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.132.158.199:808
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [CCProxy] C:\CCProxy\CCProxy.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\Network ICE\BlackICE\blackice.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1147272138281
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {81025641-DE98-4F76-902A-44F48B3510BE} - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = data.qssi.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2421C348-5904-4DE9-B1B0-B9DD43BB70F7}: NameServer = 216.136.95.82,216.136.95.34
O17 - HKLM\System\CCS\Services\Tcpip\..\{67B1E811-344E-426F-9177-A787B60E3972}: NameServer = 216.136.95.34,216.136.95.82
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C9FACBD-B060-4A04-96C5-C9BDF8BD2B79}: NameServer = 216.136.95.34,216.136.95.82
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = data.qssi.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{2421C348-5904-4DE9-B1B0-B9DD43BB70F7}: NameServer = 216.136.95.82,216.136.95.34
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = data.qssi.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{2421C348-5904-4DE9-B1B0-B9DD43BB70F7}: NameServer = 216.136.95.82,216.136.95.34
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: IIS Admin Service (IISADMIN) - Unknown owner - C:\WINNT\System32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINNT\lsass.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\rapapp.exe
O23 - Service: Windows Remote Procedure Call Monitoring Service (rpcsvc) - Unknown owner - C:\WINNT\system32\rpcsvc.exe (file missing)
O23 - Service: World Wide Web Publishing Service (W3SVC) - Unknown owner - C:\WINNT\System32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Windows Internet Name Service (WINS) (WINS) - Unknown owner - C:\WINNT\System32\wins.exe (file missing)
O23 - Service: Windows UDP Communication (wudpcom) - Unknown owner - C:\WINNT\system32\wudpcom.exe (file missing)