Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • This topic is locked This topic is locked
3 replies to this topic

#1 mayur.g

mayur.g

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 AM

Posted 24 July 2008 - 12:07 AM

Please help me on this Hijackthis Log........




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:19 AM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ULi5287\ULi5287.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: QXK Olive - {579A8B15-5756-4BE4-9E71-5ABC538C7919} - C:\WINDOWS\nfavxwdbfwn.dll
O3 - Toolbar: fdkowvbp - {43D1D84F-EF2E-40C7-9773-01C6D85FF5C3} - C:\WINDOWS\fdkowvbp.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C79E3B9E-8329-422E-B4E4-7103660D39AD}: NameServer = 202.144.115.4,202.144.66.6
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: eqvwamkl - {ED33F05B-3EDD-4B43-A965-337A5A8D3AB8} - C:\WINDOWS\eqvwamkl.dll
O21 - SSODL: wnslvxtf - {717AA107-F7DF-40FC-9F00-44E67DB101C9} - C:\WINDOWS\wnslvxtf.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 4090 bytes

BC AdBot (Login to Remove)

 


#2 mayur.g

mayur.g
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 AM

Posted 24 July 2008 - 12:11 AM

Any body there to help me on this topic.......??????

#3 mayur.g

mayur.g
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 AM

Posted 24 July 2008 - 12:25 AM

I also done the DSS scan........
and this is my DSS Log.....







main.txt...


Deckard's System Scanner v20071014.68
Run by Mayur on 2008-07-24 10:46:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
22: 2008-07-24 05:16:10 UTC - RP22 - Deckard's System Scanner Restore Point
21: 2008-07-23 14:42:46 UTC - RP21 - Last known good configuration
20: 2008-07-23 14:42:43 UTC - RP20 - System Checkpoint
19: 2008-07-23 14:42:43 UTC - RP19 - System Checkpoint
18: 2008-07-23 14:42:43 UTC - RP18 - Avg8 Update


-- First Restore Point --
1: 2008-07-23 14:42:41 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Mayur.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:54 AM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ULi5287\ULi5287.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Documents and Settings\Mayur\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Mayur.exe

O2 - BHO: QXK Olive - {579A8B15-5756-4BE4-9E71-5ABC538C7919} - C:\WINDOWS\nfavxwdbfwn.dll
O3 - Toolbar: fdkowvbp - {43D1D84F-EF2E-40C7-9773-01C6D85FF5C3} - C:\WINDOWS\fdkowvbp.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C79E3B9E-8329-422E-B4E4-7103660D39AD}: NameServer = 202.144.115.4,202.144.66.6
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: eqvwamkl - {ED33F05B-3EDD-4B43-A965-337A5A8D3AB8} - C:\WINDOWS\eqvwamkl.dll
O21 - SSODL: wnslvxtf - {717AA107-F7DF-40FC-9F00-44E67DB101C9} - C:\WINDOWS\wnslvxtf.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 4078 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 hardlock - c:\windows\system32\drivers\hardlock.sys <Not Verified; Aladdin Knowledge Systems; Hardlock Device Driver for Windows NT>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 trysftnt - c:\windows\system32\drivers\trysftnt.sys <Not Verified; Vireo Software; Driver::Works>
R2 wntpport - c:\windows\system32\drivers\wntpport.sys <Not Verified; Vireo Software; Driver::Works>
R3 SydexFDD (Sydex Diskette Driver) - c:\windows\system32\drivers\sydexfdd.sys <Not Verified; Windows ® 2000 DDK provider; Sydex Floppy Driver for Windows 2000>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 1736)
2008-07-23 17:38:50 180224 --a------ C:\WINDOWS\eqvwamkl.dll
2008-07-23 17:38:52 229376 --a------ C:\WINDOWS\wnslvxtf.dll


-- Files created between 2008-06-24 and 2008-07-24 -----------------------------

2008-07-23 21:39:47 0 d-------- C:\VundoFix Backups
2008-07-23 20:46:54 0 d-------- C:\Documents and Settings\Mayur\Application Data\Malwarebytes
2008-07-23 20:46:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-23 20:46:43 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-23 20:34:16 0 d-------- C:\Program Files\Trend Micro
2008-07-23 20:15:53 116864 -----n--- C:\WINDOWS\system32\fgbfxf.dll
2008-07-23 20:13:19 94848 -----n--- C:\WINDOWS\system32\idlcxclr.dll
2008-07-23 19:53:45 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-23 19:19:42 0 d-------- C:\Documents and Settings\Mayur\Application Data\TmpRecentIcons
2008-07-23 19:19:32 86016 --a------ C:\WINDOWS\grswptdl.exe
2008-07-23 19:19:31 372736 --a------ C:\WINDOWS\nfavxwdbfwn.dll
2008-07-23 19:19:31 204800 --a------ C:\WINDOWS\fdkowvbp.dll
2008-07-23 19:19:31 180224 --a------ C:\WINDOWS\eqvwamkl.dll
2008-07-23 19:19:30 229376 --a------ C:\WINDOWS\wnslvxtf.dll
2008-07-22 20:58:31 0 d-------- C:\Program Files\LimeWire
2008-07-21 20:07:15 0 d---s---- C:\Documents and Settings\Mayur\UserData
2008-07-14 16:52:27 0 d-------- C:\POD
2008-07-14 16:52:23 247648 --a------ C:\WINDOWS\UNINST16.EXE <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-07-14 16:52:23 26768 --a------ C:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2008-07-14 11:51:19 9 --a------ C:\LANGUAGE
2008-07-14 11:23:19 665600 --a------ C:\WINDOWS\system32\drivers\hardlock.sys <Not Verified; Aladdin Knowledge Systems; Hardlock Device Driver for Windows NT>
2008-07-14 11:23:18 6656 --a------ C:\WINDOWS\system32\haspvdd.dll <Not Verified; Aladdin Knowledge Systems.; Windows NT HASP Virtual Device Driver>
2008-07-14 11:23:18 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-07-14 11:23:18 47616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
2008-07-14 11:23:13 187392 --a------ C:\WINDOWS\system32\lpng.DLL
2008-07-14 11:22:06 28416 --a------ C:\WINDOWS\system32\drivers\WNTPPORT.SYS <Not Verified; Vireo Software; Driver::Works>
2008-07-14 11:22:06 39136 --a------ C:\WINDOWS\system32\drivers\TRYSFTNT.SYS <Not Verified; Vireo Software; Driver::Works>
2008-07-14 11:22:06 13359 --a------ C:\WINDOWS\system32\drivers\SYDEXFDD.SYS <Not Verified; Windows ® 2000 DDK provider; Sydex Floppy Driver for Windows 2000>
2008-07-14 11:22:06 0 d-------- C:\Design
2008-07-14 11:22:03 24336 --a------ C:\WINDOWS\system32\MSJTER35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-07-14 11:22:02 0 d-------- C:\ESWin
2008-07-14 11:20:47 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-07-14 11:20:41 0 d-------- C:\Documents and Settings\Mayur\WINDOWS
2008-07-08 23:22:09 0 d-------- C:\Documents and Settings\Mayur\Application Data\U3
2008-07-03 16:42:59 4096 --a------ C:\WINDOWS\d3dx.dat
2008-07-01 13:20:30 16 --a------ C:\WINDOWS\popcinfo.dat
2008-06-26 23:13:54 0 d-------- C:\Program Files\uTorrent
2008-06-26 23:02:40 0 d-------- C:\Program Files\Online_TV


-- Find3M Report ---------------------------------------------------------------

2008-07-24 10:13:42 0 d-------- C:\Documents and Settings\Mayur\Application Data\Broadband
2008-07-23 19:45:20 0 d-------- C:\Documents and Settings\Mayur\Application Data\uTorrent
2008-07-14 16:33:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-14 16:33:15 0 d-------- C:\Program Files\CyberLink DVD Solution
2008-07-09 23:08:27 0 d-------- C:\Documents and Settings\Mayur\Application Data\CyberLink
2008-06-26 23:04:16 0 d-------- C:\Program Files\myBabylon
2008-06-26 23:04:16 0 d-------- C:\Program Files\Conduit
2008-06-25 11:41:49 0 d-------- C:\Program Files\Sify Broadband
2008-06-16 23:00:27 27 --a------ C:\WINDOWS\SW_Win2146X32.DLL
2008-06-16 22:57:46 0 d-------- C:\Documents and Settings\Mayur\Application Data\Help
2008-06-16 22:03:30 0 d-------- C:\Documents and Settings\Mayur\Application Data\Nokia Multimedia Player
2008-06-16 22:02:10 0 d-------- C:\Documents and Settings\Mayur\Application Data\Nokia
2008-06-16 21:53:31 0 d-------- C:\Documents and Settings\Mayur\Application Data\Datalayer
2008-06-16 21:50:53 0 d-------- C:\Program Files\Nokia
2008-06-16 21:50:26 0 d-------- C:\Program Files\Common Files\PCSuite
2008-06-16 21:50:25 0 d-------- C:\Program Files\Common Files\Nokia
2008-06-16 21:50:22 0 d-------- C:\Program Files\Common Files
2008-06-14 13:48:59 0 d-------- C:\Documents and Settings\Mayur\Application Data\PC Suite
2008-06-14 13:44:45 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-11 23:04:08 0 d-------- C:\Program Files\Ahead
2008-06-11 23:03:44 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-11 23:02:03 0 d-------- C:\Program Files\CyberLink
2008-06-10 22:22:23 0 d-------- C:\Program Files\Babylon
2008-06-09 23:36:25 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-09 23:27:48 0 d-------- C:\Program Files\SEMD60
2008-06-09 23:18:49 0 d-------- C:\Program Files\Common Files\Novell Files
2008-06-09 23:16:23 0 d-------- C:\Documents and Settings\Mayur\Application Data\Adobe
2008-06-09 23:15:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-09 22:35:21 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-09 22:35:17 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-09 22:34:44 62 --ahs---- C:\Documents and Settings\Mayur\Application Data\desktop.ini
2008-06-09 22:17:34 0 d-------- C:\Documents and Settings\Mayur\Application Data\Macromedia
2008-06-09 22:16:48 1160 --a------ C:\WINDOWS\mozver.dat
2008-06-09 18:21:48 0 d-------- C:\Documents and Settings\Mayur\Application Data\vlc
2008-06-09 17:42:49 0 d-------- C:\Documents and Settings\Mayur\Application Data\WinRAR
2008-06-09 17:42:39 0 d-------- C:\Program Files\QuickTime Alternative
2008-06-09 17:42:23 0 d-------- C:\Program Files\Real Alternative
2008-06-09 17:42:20 0 d-------- C:\Documents and Settings\Mayur\Application Data\Real
2008-06-09 17:42:00 0 d-------- C:\Program Files\VideoLAN
2008-06-09 17:40:59 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-09 17:40:55 0 d-------- C:\Documents and Settings\Mayur\Application Data\Mozilla
2008-06-09 17:32:07 0 d-------- C:\Program Files\Analog Devices
2008-06-09 17:29:41 0 d-------- C:\Program Files\ULi5287
2008-06-09 17:28:57 0 d-------- C:\Documents and Settings\Mayur\Application Data\Media Player Classic
2008-06-09 17:28:24 0 d-------- C:\Program Files\Combined Community Codec Pack
2008-06-09 17:26:06 0 d-------- C:\Program Files\AVG
2008-06-09 17:20:42 0 d-------- C:\Documents and Settings\Mayur\Application Data\Identities
2008-06-09 17:16:08 0 d-------- C:\Program Files\microsoft frontpage
2008-06-09 17:15:44 0 -rahs---- C:\MSDOS.SYS
2008-06-09 17:15:44 0 -rahs---- C:\IO.SYS
2008-06-09 17:15:44 0 --a------ C:\CONFIG.SYS
2008-06-09 17:15:44 0 --a------ C:\AUTOEXEC.BAT
2008-06-09 17:14:33 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-09 17:14:29 0 d-------- C:\Program Files\Online Services
2008-06-09 17:13:24 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-09 17:13:11 0 d-------- C:\Program Files\Movie Maker
2008-06-09 17:12:15 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-09 17:11:49 0 d-------- C:\Program Files\Messenger
2008-06-09 17:11:43 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-09 17:11:31 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{579A8B15-5756-4BE4-9E71-5ABC538C7919}]
07/23/2008 05:38 PM 372736 --a------ C:\WINDOWS\nfavxwdbfwn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/14/2008 11:49 AM]
"ULiRaid"="C:\Program Files\ULi5287\ULi5287.exe" [08/23/2005 08:59 PM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [10/27/2004 03:21 PM C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/20/2005 06:41 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [09/07/2005 03:35 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/08/2005 10:53 AM]
"nwiz"="nwiz.exe" [12/08/2005 10:53 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/08/2005 10:53 AM]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [12/13/2005 08:49 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"="C:\Program Files\Sify Broadband\BBImpSec.exe" [04/21/2006 08:04 PM]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [11/30/2005 04:56 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 1:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"NoDispCPL"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMorePrograms"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoSetFolders"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"eqvwamkl"= {ED33F05B-3EDD-4B43-A965-337A5A8D3AB8} - C:\WINDOWS\eqvwamkl.dll [07/23/2008 05:38 PM 180224]
"wnslvxtf"= {717AA107-F7DF-40FC-9F00-44E67DB101C9} - C:\WINDOWS\wnslvxtf.dll [07/23/2008 05:38 PM 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- H:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- I:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- J:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{261a06cb-363e-11dd-82bd-001731bdd981}]
AutoRun\command- winsystem.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4710bfb9-361a-11dd-a29f-ba1d6509bce0}]
AutoRun\command- G:\winsystem.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{972c30ae-361c-11dd-82bc-001731bdd981}]
Auto\command- G:\MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe




-- End of Deckard's System Scanner: finished at 2008-07-24 10:48:18 ------------



extra.txt......



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.06GHz
CPU 1: Intel® Pentium® 4 CPU 3.06GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 511.23 MiB / 234.73 MiB
Pagefile Memory (total/avail): 1249.66 MiB / 980.17 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1894.55 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 58.59 GiB total, 54.17 GiB free.
D: is Fixed (NTFS) - 48.83 GiB total, 47.94 GiB free.
E: is Fixed (NTFS) - 41.62 GiB total, 32.35 GiB free.
F: is CDROM (No Media)
H: is Fixed (NTFS) - 19.53 GiB total, 9.36 GiB free.
I: is Fixed (NTFS) - 35.46 GiB total, 3.01 GiB free.
J: is Fixed (NTFS) - 19.53 GiB total, 2.63 GiB free.

\\.\PHYSICALDRIVE0 - SAMSUNG SP1644N - 149.05 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 58.59 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 90.45 GiB - D: - E:

\\.\PHYSICALDRIVE1 - SAMSUNG HD080HJ SCSI Disk Device - 74.53 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 19.53 GiB - H:
\PARTITION1 - Installable File System - 19.53 GiB - J:
\PARTITION2 - Extended w/Extended Int 13 - 35.46 GiB - I:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"J:\\Downloads\\Programs\\utorrent.exe"="J:\\Downloads\\Programs\\utorrent.exe:*:Enabled:µTorrent"
"J:\\Dump\\utorrent.exe"="J:\\Dump\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"J:\\Dump\\Tally\\tally72.exe"="J:\\Dump\\Tally\\tally72.exe:*:Enabled:tally72"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Mayur\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GIDWANI
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Mayur
LOGONSERVER=\\GIDWANI
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Mayur\LOCALS~1\Temp
TMP=C:\DOCUME~1\Mayur\LOCALS~1\Temp
USERDOMAIN=GIDWANI
USERNAME=Mayur
USERPROFILE=C:\Documents and Settings\Mayur
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Mayur (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Combined Community Codec Pack 2008-01-24 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
LimeWire 4.18.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nokia Connectivity Cable Driver --> MsiExec.exe /X{B7757137-0A71-4A9F-8A82-1AE4A1B73420}
Nokia PC Suite --> MsiExec.exe /I{FF059F2A-62A7-4E6A-B305-559591D2769E}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime Alternative 2.5.1 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
Real Alternative 1.7.5 --> "C:\Program Files\Real Alternative\unins000.exe"
Sify Broadband 3.22 --> "C:\Program Files\Sify Broadband\unins000.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Stedman's Electronic Medical Dictionary 6.0 --> C:\PROGRA~1\SEMD60\UNWISE32.EXE C:\PROGRA~1\SEMD60\INSTALL.LOG
ULi LAN Driver --> C:\WINDOWS\system32\UnLAN.EXE RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{143BE018-D8F8-4014-8CB6-AF63F5799D21}\Setup.exe" -uninst
ULi Sata Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FDC53DC6-137A-4541-BFA2-A9BAE4A7FE99}\Setup.exe"
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Wilcom ES --> C:\WINDOWS\uninst.exe -fC:\ESWin\DeIsL1.isu
WinFast® Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x9 -removeonly
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type814 / Error
Event Submitted/Written: 07/22/2008 09:17:27 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type663 / Error
Event Submitted/Written: 07/14/2008 04:57:44 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ES.EXE, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type463 / Warning
Event Submitted/Written: 06/26/2008 11:06:40 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Event Record #/Type462 / Warning
Event Submitted/Written: 06/26/2008 11:06:40 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Event Record #/Type449 / Error
Event Submitted/Written: 06/26/2008 08:37:06 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application BBClient.exe, version 1.6.0.3, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3962 / Warning
Event Submitted/Written: 07/23/2008 07:05:45 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type3961 / Warning
Event Submitted/Written: 07/23/2008 06:48:04 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type3864 / Warning
Event Submitted/Written: 07/22/2008 02:58:46 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type3863 / Warning
Event Submitted/Written: 07/22/2008 01:55:01 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type3844 / Warning
Event Submitted/Written: 07/22/2008 11:52:14 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-07-24 10:48:18 ------------

#4 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 27 July 2008 - 05:50 AM

Since you are already receiving help here, this topic is now closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users