Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie7 Title Bar Hacked To Xpc Infosystems


  • This topic is locked This topic is locked
2 replies to this topic

#1 Cool Saurabh

Cool Saurabh

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 11 June 2008 - 10:29 PM

Whenever I switch on my computer I get an error message before the desktop loads. It says:

Can not find script file "C:\WINDOWS\system32\NewVirusRemoval.vbs"

It takes alot of time to load the desktop...
Also the title bar of Internet Explorer 7 shows "XPC Infosystems" instead of "Microsoft Internet Explorer"
Earlier the home too had stuck on "http://nvr.xpc.co.in" but somehow it changed and I set it back to "about:blank"

I have attached image files showing the IE7 title bar and the one showing error message.
Included below are the log files of dss scanner.

Please help me out...

main.txt:

Deckard's System Scanner v20071014.68
Run by Bunty on 2008-06-12 08:33:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
9: 2008-06-12 03:00:30 UTC - RP52 - Deckard's System Scanner Restore Point
8: 2008-06-12 00:06:05 UTC - RP51 - Software Distribution Service 3.0
7: 2008-06-11 15:12:58 UTC - RP50 - Installed HPSU306Stub
6: 2008-06-10 17:26:34 UTC - RP49 - System Checkpoint
5: 2008-06-09 13:12:28 UTC - RP48 - Configured AVG Free 8.0


-- First Restore Point --
1: 2008-06-07 08:10:05 UTC - RP44 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).
System Drive C: has 2.46 GiB (less than 15%) free.


-- HijackThis (run as Bunty.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:35:35, on 12/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Bunty\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bunty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = XPC Infosystems
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\NewVirusRemoval.vbs
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC0BC6F6-7F88-420A-925A-E2AB89F9CEA4}: NameServer = 218.248.255.194 218.248.255.146
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 4601 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R3 slnt (Silan SC92031 PCI Fast Ethernet Adapter) - c:\windows\system32\drivers\slnt.sys <Not Verified; Silan Micro-Electronics Inc.; Silan Micro-Electronics Inc.>

S3 autorun - c:\huadio.tmp (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-11 20:57:06 302 --a------ C:\WINDOWS\Tasks\WebReg Deskjet D1300 series.job


-- Files created between 2008-05-12 and 2008-06-12 -----------------------------

2008-06-12 08:34:57 0 d-------- C:\Program Files\Trend Micro
2008-06-11 22:00:30 0 d-------- C:\Documents and Settings\Ashok\Application Data\HP
2008-06-11 22:00:05 0 d-------- C:\Documents and Settings\Ashok\Application Data\WinRAR
2008-06-11 20:49:16 0 d-------- C:\Documents and Settings\Bunty\Application Data\HP
2008-06-11 20:47:28 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-06-11 20:43:37 0 d-------- C:\Program Files\Common Files\HP
2008-06-11 20:41:48 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-11 20:37:26 0 d-------- C:\Program Files\HP
2008-06-11 20:33:59 14916 -----n--- C:\WINDOWS\hphmdl12.dat
2008-06-11 20:33:59 123978 --a------ C:\WINDOWS\HPHins12.dat
2008-06-08 21:49:06 56400 --a------ C:\Documents and Settings\Bunty\Application Data\GDIPFONTCACHEV1.DAT
2008-06-08 12:23:18 0 d--hs---- C:\FOUND.001
2008-06-08 08:14:53 0 d-------- C:\Program Files\Lavasoft
2008-06-08 08:14:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-08 08:13:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-07 18:13:24 0 d-------- C:\Documents and Settings\Bunty\Application Data\WinRAR
2008-06-07 15:50:42 0 d-------- C:\WINDOWS\network diagnostic
2008-06-07 14:01:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-06 20:47:52 0 d-------- C:\Documents and Settings\Ashok\Application Data\Real
2008-06-06 13:46:09 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-06 13:46:03 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-06 09:17:16 0 d-------- C:\Downloads


-- Find3M Report ---------------------------------------------------------------

Nothing modified in this timespan.


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [04/02/2008 19:41]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [02/04/2008 21:07]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [19/02/2006 02:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 19:26]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 04:21:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\NewVirusRemoval.vbs"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Emurayden PSX Emulator]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{005cf38c-c65b-11dc-97fd-00e020655d8a}]
AutoRun\command- wscript.exe NewVirusRemoval.vbs
open\Command- wscript.exe NewVirusRemoval.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cdd9b12-f319-11dc-9770-00e020655d8a}]
AutoRun\command- wscript.exe NewVirusRemoval.vbs
open\Command- wscript.exe NewVirusRemoval.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95e9d13e-c5b3-11dc-97fc-00e020655d8a}]
AutoRun\command- wscript.exe NewVirusRemoval.vbs
open\Command- wscript.exe NewVirusRemoval.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acc1e744-cb2f-11dc-981d-00e020655d8a}]
AutoRun\command- wscript.exe NewVirusRemoval.vbs
open\Command- wscript.exe NewVirusRemoval.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c28ea212-b782-11dc-9729-ea0e7f25c8df}]
AutoRun\command- wscript.exe NewVirusRemoval.vbs
open\Command- wscript.exe NewVirusRemoval.vbs




-- End of Deckard's System Scanner: finished at 2008-06-12 08:37:44 ------------



extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.60GHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 255.48 MiB / 81.48 MiB
Pagefile Memory (total/avail): 746.14 MiB / 494.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.91 MiB

C: is Fixed (FAT32) - 18.62 GiB total, 2.46 GiB free.
D: is Fixed (FAT32) - 18.62 GiB total, 13.23 GiB free.
E: is Fixed (FAT32) - 18.62 GiB total, 9.16 GiB free.
F: is Fixed (FAT32) - 18.63 GiB total, 8.27 GiB free.
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800BB-00JHC0 - 74.53 GiB - 4 partitions
\PARTITION0 (bootable) - Unknown - 18.63 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 55.9 GiB - D: - E: - F:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v7.0.473.000 (Check Point, LTD.)
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\SIMS\\RACER\\racer.exe"="C:\\SIMS\\RACER\\racer.exe:*:Disabled:racer"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Bunty\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BUNTY-91014D1DB
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Bunty
LOGONSERVER=\\BUNTY-91014D1DB
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Bunty\LOCALS~1\Temp
TMP=C:\DOCUME~1\Bunty\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=BUNTY-91014D1DB
USERNAME=Bunty
USERPROFILE=C:\Documents and Settings\Bunty
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Bunty (admin)
Ashok (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\ADOBE\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\ADOBE\SHOCKW~1\INSTALL.LOG
ArcSoft Panorama Maker 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Emurayden PSX Emulator v2.2 --> C:\PROGRAM FILES\Emurayden\Desinstalar.exe
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free Download Manager 2.5 --> "C:\Program Files\Free Download Manager\unins000.exe"
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0 Software --> C:\Program Files\HP\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup\hpzscr01.exe -datfile hphscr12.dat -showdisconnect -forcereboot
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
K-Lite Mega Codec Pack 3.4.5 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Microsoft Midtown Madness --> "C:\Program Files\Microsoft Games\Midtown Madness\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Need for Speed Underground 2 --> C:\Program Files\EA GAMES\Need for Speed Underground 2\EAUninstall.exe
Need for Speed™ Most Wanted --> C:\Program Files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nikon Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
PictureProject --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
PowerDVD --> "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x000409 /z-uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
sc92031 NIC driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F51F82-2FD7-49CD-A854-A3E0ED42BBBB}\setup.exe" -l0x9
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> C:\Program Files\WinZip\WINZIP32.EXE /uninstall
Yahoo! Extras --> C:\PROGRA~1\YAHOO!\COMMON\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2560 / Error
Event Submitted/Written: 06/11/2008 10:51:25 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application foxitr~1.exe, version 2.2.2007.2129, faulting module foxitr~1.exe, version 2.2.2007.2129, fault address 0x002d6ecd.
Processing media-specific event for [foxitr~1.exe!ws!]

Event Record #/Type2559 / Error
Event Submitted/Written: 06/11/2008 10:23:44 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application hpqste08.exe, version 70.0.170.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2558 / Error
Event Submitted/Written: 06/11/2008 10:23:44 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application hpqste08.exe, version 70.0.170.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2557 / Error
Event Submitted/Written: 06/11/2008 10:23:44 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application hpqste08.exe, version 70.0.170.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2556 / Error
Event Submitted/Written: 06/11/2008 10:23:44 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application hpqste08.exe, version 70.0.170.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5885 / Warning
Event Submitted/Written: 06/08/2008 08:16:40 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00E020655D8A. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type5873 / Warning
Event Submitted/Written: 06/08/2008 07:59:09 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type5864 / Warning
Event Submitted/Written: 06/08/2008 07:26:19 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type5854 / Warning
Event Submitted/Written: 06/08/2008 06:58:07 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00E020655D8A. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type5851 / Error
Event Submitted/Written: 06/08/2008 06:55:31 AM
Event ID/Source: 32003 / ipnathlp
Event Description:
The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.



-- End of Deckard's System Scanner: finished at 2008-06-12 08:37:44 ------------

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:28 PM

Posted 04 July 2008 - 10:01 PM

Hello Cool Saurabh,

Welcome to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:28 PM

Posted 20 July 2008 - 03:17 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users