Unknown Malware

Logfile of HijackThis v1.99.1
Scan saved at 1:53:11 AM, on 11/28/2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
D:\WINDOWS2\SysWOW64\rundll32.exe
D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files (x86)\AIM\aim.exe
D:\WINDOWS2\SysWOW64\ctfmon.exe
D:\Program Files (x86)\Java\jre1.5.0_09\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files (x86)\Winamp\winampa.exe
D:\Program Files (x86)\QuickTime\qttask.exe
D:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashSimpl.exe
D:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
D:\Program Files (x86)\Internet Explorer\iexplore.exe
D:\Documents and Settings\Administrator.KAVI-NUN3QRAGTF\My Documents\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files (x86)\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Vidalia] "D:\Program Files (x86)\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AIM] D:\Program Files (x86)\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS2\system32\ctfmon.exe
O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://D:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://D:\Program Files (x86)\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://D:\Program Files (x86)\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files (x86)\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files (x86)\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files (x86)\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows2\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows2\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows2\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows2\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows2\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows2\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O20 - AppInit_DLLs: D:\PROGRA~2\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: dimsntfy - D:\WINDOWS2\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: EFS - D:\WINDOWS2\SYSTEM32\sclgntfy.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - D:\WINDOWS2\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - D:\WINDOWS2\system32\services.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - D:\WINDOWS2\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - D:\WINDOWS2\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - D:\WINDOWS2\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - D:\WINDOWS2\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - D:\WINDOWS2\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - D:\WINDOWS2\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - D:\WINDOWS2\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - D:\WINDOWS2\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - D:\WINDOWS2\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - (no file)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - D:\WINDOWS2\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - D:\WINDOWS2\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - D:\WINDOWS2\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - D:\WINDOWS2\system32\wbem\wmiapsrv.exe (file missing)

#1
dhamal

Posted 28 November 2006 - 01:54 AM

Advertisements

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us