Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan horse downloader.Generic6.WBC and js/downloader.Agent . [RESOLV


  • This topic is locked This topic is locked

#1
sahyd2don

sahyd2don

    Member

  • Member
  • PipPip
  • 58 posts
Hi my pc is very slow during startup.i have AVG 8.1 free edition installed on my pc.it detects 4 infections and also cleaning it but they are coming back again from the internet..The file which are infected which it shows are real10[1].gif avg shows it as virus found exploit.The other three file names are 614[1].gif,rm[1].exe and g0ld.com .please help me clean this trogen horse downloaders and agents which the avg is detecting and cleaning but they are coming back.The threats which avg detected are trogen horse downloader.Generic6.WBC and js/downloader.Agent .Internet speed is ok.below is the hijack this log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:49 PM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
D:\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://hyderabadlive...a705710ff7dc88f
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - d:\Program Files\GetRight\xx2gr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: BHOManager Class - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\system32\BHOManager.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O8 - Extra context menu item: &Block this popup - d:\Program Files\PC Protection\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - d:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - d:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - d:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - d:\Program Files\PC Protection\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - d:\Program Files\PC Protection\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{35AD5331-7A67-4C83-946C-DA8FD79D1EF3}: NameServer = 202.144.105.4,202.144.10.50
O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll (file missing)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NBService - Nero AG - D:\Program Files\nero7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 5633 bytes

Edited by sahyd2don, 26 May 2008 - 09:30 AM.

  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello sahyd2don, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following..

Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



NEXT


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator



Please post the following logs in your next reply..

1. MalwareBytes' Anti-Malware
2. Deckard System Scanner (both main.txt and extra.txt)

Please post each log on separate post


Regards
fenzodahl512
  • 0

#3
sahyd2don

sahyd2don

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Thanks for responding.Here is the Malware bytes log file
____________________________________________

Malwarebytes' Anti-Malware 1.12
Database version: 790

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 114140
Time elapsed: 1 hour(s), 37 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6ae02e1c-8859-4f57-9097-5a55a56a4caf} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
E:\WINDOWS\system32\dbghelp.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\dllcache\dbghelp.dll (Rogue.Multiple) -> Quarantined and deleted successfully.

_______________________________________________

below is extra.txt log

_____________________________

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.70GHz
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 127.49 MiB / 29.4 MiB
Pagefile Memory (total/avail): 499.29 MiB / 167.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1940.61 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 7.81 GiB total, 1.12 GiB free.
D: is Fixed (NTFS) - 9.77 GiB total, 4.45 GiB free.
E: is Fixed (NTFS) - 9.77 GiB total, 3.96 GiB free.
F: is Fixed (NTFS) - 9.91 GiB total, 9.27 GiB free.
G: is CDROM (CDFS)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST340810A - 37.27 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 7.81 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 29.45 GiB - D: - E: - F:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 6.2"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 6.2"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\darwin\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MEEBO-DF1253305
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\darwin
LOGONSERVER=\\MEEBO-DF1253305
LSERVRC=C:\Program Files\Common Files\Mercury Interactive\License Manager\lservrc
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\darwin\LOCALS~1\Temp
TMP=C:\DOCUME~1\darwin\LOCALS~1\Temp
USERDOMAIN=MEEBO-DF1253305
USERNAME=darwin
USERPROFILE=C:\Documents and Settings\darwin
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

darwin (admin)
sid
aman
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Help"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"News Service"
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> D:\Program Files\nero7\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3A21486-326E-42C2-BC36-E7E55CEA7FE3}\setup.exe" -l0x9 -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
GetRight --> "d:\Program Files\GetRight\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "d:\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Lexmark 2300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcgUNST.EXE -NOLICENSE
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe
Logitech QuickCam --> MsiExec.exe /I{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}
Malwarebytes' Anti-Malware --> "d:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.12) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 6.2 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600137}
Nero 7 Essentials --> MsiExec.exe /X{9B4E6CB9-E54D-47F7-A414-E2D5740E1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Sify Broadband 3.22 --> "C:\Program Files\Sify Broadband\unins000.exe"
Unified Report --> "C:\WINDOWS\miuninst6.exe" /s /boot "C:\Program Files\Mercury Interactive\WinRunner\UnifiedReport\dat\miuninst.ini"
VideoLAN VLC media player 0.8.6e --> d:\Program Files\VideoLAN\VLC\uninstall.exe
WinRunner --> C:\WINDOWS\miuninst.exe "C:\Program Files\Mercury Interactive\WinRunner\dat\miuninst.ini"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type4512 / Error
Event Submitted/Written: 05/27/2008 08:34:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msnmsgr.exe, version 6.2.0.137, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4511 / Error
Event Submitted/Written: 05/27/2008 08:34:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msnmsgr.exe, version 6.2.0.137, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4492 / Error
Event Submitted/Written: 05/27/2008 09:59:00 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msnmsgr.exe, version 6.2.0.137, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4491 / Error
Event Submitted/Written: 05/27/2008 09:59:00 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msnmsgr.exe, version 6.2.0.137, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4458 / Error
Event Submitted/Written: 05/25/2008 05:34:07 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msnmsgr.exe, version 6.2.0.137, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type11141 / Error
Event Submitted/Written: 05/27/2008 02:06:58 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Event Record #/Type11140 / Error
Event Submitted/Written: 05/27/2008 02:06:57 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Event Record #/Type11001 / Warning
Event Submitted/Written: 05/24/2008 03:15:24 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type11000 / Warning
Event Submitted/Written: 05/24/2008 02:03:52 PM / 05/24/2008 02:03:53 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type10923 / Warning
Event Submitted/Written: 05/22/2008 11:24:01 PM
Event ID/Source: 1073 / USER32
Event Description:
The attempt to power off MEEBO-DF1253305 failed



-- End of Deckard's System Scanner: finished at 2008-05-27 22:55:23 ------------

_______________________________________________

below is main.txt log
_______________________________________________


Deckard's System Scanner v20071014.68
Run by darwin on 2008-05-27 22:49:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
21: 2008-05-27 17:20:20 UTC - RP74 - Deckard's System Scanner Restore Point
20: 2008-05-24 10:43:47 UTC - RP73 - System Checkpoint
19: 2008-05-22 18:12:06 UTC - RP72 - Installed AVG Free 8.0
18: 2008-05-22 18:04:49 UTC - RP71 - Installed AVG 7.5
17: 2008-05-22 18:03:13 UTC - RP70 - Removed AVG 7.5


-- First Restore Point --
1: 2008-04-30 15:09:16 UTC - RP54 - Uniblue RegistryBooster


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 128 MiB (512 MiB recommended).
System Drive C: has 1.12 GiB (less than 15%) free.


-- HijackThis (run as darwin.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:53 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Internet Explorer\iexplore.exe
d:\Program Files\GetRight\GetRight.exe
C:\Downloads\dss.exe
D:\TRENDM~1\HIJACK~1\darwin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sify.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - d:\Program Files\GetRight\xx2gr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: BHOManager Class - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\system32\BHOManager.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-484763869-507921405-842925246-1008\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe (User 'aman')
O4 - HKUS\S-1-5-21-484763869-507921405-842925246-1008\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'aman')
O4 - HKUS\S-1-5-21-484763869-507921405-842925246-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'aman')
O4 - HKUS\S-1-5-21-484763869-507921405-842925246-1008\..\Run: [Uniblue RegistryBooster 2] D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User 'aman')
O8 - Extra context menu item: &Block this popup - d:\Program Files\PC Protection\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Download with GetRight - d:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - d:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - d:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - d:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - d:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - d:\Program Files\PC Protection\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - d:\Program Files\PC Protection\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{35AD5331-7A67-4C83-946C-DA8FD79D1EF3}: NameServer = 202.144.105.4,202.144.10.50
O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll (file missing)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NBService - Nero AG - D:\Program Files\nero7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7010 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 slnt (Realtek Rtl-8139d PCI Fast Ethernet Adapter) - c:\windows\system32\drivers\slnt.sys <Not Verified; Silan Micro-Electronics Inc.; Silan Micro-Electronics Inc.>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S3 NBService - d:\program files\nero7\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-02 17:15:00 378 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-04-27 and 2008-05-27 -----------------------------

2008-05-27 20:58:47 0 d-------- C:\Documents and Settings\darwin\Application Data\Malwarebytes
2008-05-27 20:58:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-23 15:02:29 0 d-------- C:\Documents and Settings\aman\Application Data\AVGTOOLBAR
2008-05-23 00:12:20 0 d--h----- C:\$AVG8.VAULT$
2008-05-22 23:42:39 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-22 23:42:38 0 d-------- C:\Documents and Settings\darwin\Application Data\AVGTOOLBAR
2008-05-22 23:42:09 0 d-------- C:\Program Files\AVG
2008-05-22 23:42:07 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-21 22:59:03 0 d-------- C:\Downloads
2008-05-21 22:41:25 0 d-------- C:\Documents and Settings\aman\Application Data\GetRight
2008-05-21 22:34:53 0 d-------- C:\Documents and Settings\darwin\Application Data\GetRight
2008-05-21 19:11:52 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-04 17:43:54 0 d-------- C:\Documents and Settings\darwin\Application Data\WinRAR
2008-05-03 19:48:49 0 d-------- C:\Documents and Settings\darwin\Application Data\CyberLink
2008-05-03 19:47:44 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-03 17:54:16 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-03 14:02:42 0 d-------- C:\Documents and Settings\aman\Application Data\Uniblue
2008-05-01 21:42:28 0 d-------- C:\Documents and Settings\aman\Application Data\WinRAR
2008-05-01 19:17:02 0 d-------- C:\Documents and Settings\sid\Application Data\Macromedia
2008-05-01 19:17:01 0 d-------- C:\Documents and Settings\sid\Application Data\Adobe
2008-05-01 18:55:22 0 d-------- C:\Documents and Settings\sid\Application Data\Talkback
2008-05-01 18:54:35 0 d-------- C:\Documents and Settings\sid\Application Data\Mozilla
2008-05-01 18:54:29 0 d-------- C:\Documents and Settings\sid\Application Data\Google
2008-05-01 18:54:06 0 d-------- C:\Documents and Settings\sid\Application Data\vlc
2008-05-01 18:54:05 0 d-------- C:\Documents and Settings\sid\Application Data\Broadband
2008-05-01 18:32:05 0 d-------- C:\Documents and Settings\sid\Application Data\ispnews
2008-04-30 21:35:50 0 d-------- C:\Program Files\Common Files\Mercury Interactive
2008-04-30 21:34:56 294975 --a------ C:\WINDOWS\system32\wrvbasr.dll <Not Verified; Mercury Interactive Corp.; WinRunner>
2008-04-30 21:34:50 69632 --a------ C:\WINDOWS\system32\dzstactx.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Status ActiveX Control>
2008-04-30 21:34:50 253952 --a------ C:\WINDOWS\system32\dzactx.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 ZIP ActiveX Control>
2008-04-30 21:34:50 229376 --a------ C:\WINDOWS\system32\duzactx.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 UnZIP ActiveX Control>
2008-04-30 21:34:48 53248 --a------ C:\WINDOWS\system32\u2ftext.dll <Not Verified; Crystal Computer Services, Inc.; Crystal Reports For Visual Basic>
2008-04-30 21:34:48 49152 --a------ C:\WINDOWS\system32\u2fsepv.dll <Not Verified; Crystal Computer Services, Inc.; Crystal Reports For Visual Basic>
2008-04-30 21:34:48 49152 --a------ C:\WINDOWS\system32\u2frec.dll <Not Verified; Crystal Computer Services, Inc.; Crystal Reports For Visual Basic>
2008-04-30 21:34:48 49152 --a------ C:\WINDOWS\system32\u2fdif.dll <Not Verified; Crystal Computer Services, Inc.; Crystal Reports For Visual Basic>
2008-04-30 21:34:48 45056 --a------ C:\WINDOWS\system32\u2ddisk.dll <Not Verified; Crystal Computer Services, Inc.; Crystal Reports For Visual Basic>
2008-04-30 21:34:48 1056768 --a------ C:\WINDOWS\system32\Roboex32.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic 2000>
2008-04-30 21:34:48 123936 --a------ C:\WINDOWS\system32\p2sodbc.dll <Not Verified; Crystal Computer Services, Inc.; Crystal Reports Pro For Windows>
2008-04-30 21:34:48 54272 --a------ C:\WINDOWS\system32\p2irdao.dll <Not Verified; ; Crystal Reports for Visual Basic>
2008-04-30 21:34:48 50176 --a------ C:\WINDOWS\system32\p2ctdao.dll <Not Verified; ; Crystal Reports for Visual Basic>
2008-04-30 21:34:47 87040 --a------ C:\WINDOWS\system32\p2bdao.dll <Not Verified; Seagate Software Information Management Group, Inc.; Crystal Reports for Visual Basic>
2008-04-30 21:34:47 36352 --a------ C:\WINDOWS\system32\p2bbnd.dll <Not Verified; ; Crystal Reports for Visual Basic>
2008-04-30 21:34:47 640512 --a------ C:\WINDOWS\system32\OC30.DLL <Not Verified; Microsoft Corporation; Microsoft® OLE Controls Development Kit>
2008-04-30 21:34:45 34816 --a------ C:\WINDOWS\system32\mhrun32.dll <Not Verified; MicroHelp Inc.; OLETools 5.0>
2008-04-30 21:34:44 679936 --a------ C:\WINDOWS\system32\Lead50n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-04-30 21:34:44 18944 --a------ C:\WINDOWS\system32\implode.dll <Not Verified; ; Implode Application>
2008-04-30 21:34:44 69632 --a------ C:\WINDOWS\system32\gswdll32.dll <Not Verified; Bits Per Second Ltd; Graphics Server>
2008-04-30 21:34:44 279040 --a------ C:\WINDOWS\system32\gswag32.dll <Not Verified; Bits Per Second Ltd; AutoGraph>
2008-04-30 21:34:44 290816 --a------ C:\WINDOWS\system32\gsw32.exe <Not Verified; Bits Per Second Ltd; Graphics Server>
2008-04-30 21:34:43 136704 --a------ C:\WINDOWS\system32\grdkrn32.dll <Not Verified; Apex Software Corporation; APEXGRID>
2008-04-30 21:34:43 32768 --a------ C:\WINDOWS\system32\dzprog32.exe <Not Verified; Inner Media, Inc.; DZPROG32 (Multi-Threading)>
2008-04-30 21:34:43 131072 --a------ C:\WINDOWS\system32\dzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading ZIP DLL>
2008-04-30 21:34:43 49152 --a------ C:\WINDOWS\system32\dz_ez32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 DZ-Easy (Multi-Threaded)>
2008-04-30 21:34:43 110592 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-04-30 21:34:42 36384 --a------ C:\WINDOWS\system32\crxlat32.dll <Not Verified; Crystal Computer Services, Inc.; Crystal Reports for Visual Basic>
2008-04-30 21:34:42 1846784 --a------ C:\WINDOWS\system32\crpe32.dll <Not Verified; Seagate Software Information Management Group, Inc.; Crystal Reports for Visual Basic>
2008-04-30 21:34:42 606208 --a------ C:\WINDOWS\system32\cr2c40jp.dll <Not Verified; Seagate Software Information Management Group, Inc.; Crystal Reports for Visual Basic>
2008-04-30 21:34:42 748160 --a------ C:\WINDOWS\system32\co2c40en.dll <Not Verified; ; Crystal Reports for Visual Basic>
2008-04-30 21:34:42 21504 --a------ C:\WINDOWS\system32\cc245jp.dll <Not Verified; Seagate Software Information Management Group, Inc.; Crystal Reports Professional>
2008-04-30 21:31:58 0 d-------- C:\Program Files\Mercury Interactive
2008-04-30 20:03:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 19:58:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-28 22:04:09 0 d-------- C:\Documents and Settings\aman\Application Data\TuneUp Software
2008-04-28 20:45:40 0 d-------- C:\Documents and Settings\darwin\Application Data\TuneUp Software
2008-04-28 20:45:18 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-27 21:08:20 0 d-------- C:\Program Files\CyberLink
2008-04-27 19:33:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-04-27 19:29:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-27 19:27:32 0 d-------- C:\WINDOWS\RegisteredPackages
2008-04-27 19:20:45 0 d-------- C:\Program Files\Nero
2008-04-27 19:20:45 0 d-------- C:\Program Files\Common Files\Ahead(2)
2008-04-27 18:33:24 0 d-------- C:\Documents and Settings\darwin\Application Data\Uniblue
2008-04-27 17:21:48 3407872 --a------ C:\Documents and Settings\aman\NTUSER.DAT


-- Find3M Report ---------------------------------------------------------------

2008-05-27 20:50:16 0 d-------- C:\Documents and Settings\darwin\Application Data\Broadband
2008-05-14 21:09:16 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-14 17:34:28 0 d-------- C:\Documents and Settings\darwin\Application Data\Ahead
2008-05-10 08:25:23 0 d-------- C:\Program Files\Lx_cats
2008-05-03 17:54:16 0 d-------- C:\Program Files\Common Files
2008-05-03 17:38:24 0 d-------- C:\Program Files\Ahead
2008-05-02 21:13:17 73 --a------ C:\WINDOWS\system32\ssprs.dll
2008-05-02 21:13:16 340 --a------ C:\WINDOWS\system32\lsprst7.dll
2008-04-30 18:25:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-25 18:17:03 0 d-------- C:\Documents and Settings\darwin\Application Data\FaxCtr
2008-04-25 18:07:43 0 d-------- C:\Program Files\Lexmark Fax Solutions
2008-04-24 20:29:28 0 d-------- C:\Documents and Settings\darwin\Application Data\Help
2008-04-24 20:25:42 3072 --a------ C:\WINDOWS\system32\sysprs7.dll
2008-04-24 20:25:42 1025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-04-24 20:25:42 1025 --a------ C:\WINDOWS\system32\clauth1.dll
2008-04-20 19:55:04 0 d-------- C:\Documents and Settings\darwin\Application Data\ispnews
2008-04-20 19:50:36 1187840 --a------ C:\WINDOWS\system32\winsflt.dll
2008-04-20 18:44:22 0 d-------- C:\Documents and Settings\darwin\Application Data\Sereniti
2008-04-16 22:02:57 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-16 22:02:22 0 d-------- C:\Program Files\Windows Media Components
2008-04-16 22:01:07 0 d-------- C:\Program Files\Logitech
2008-04-15 18:46:48 0 d-------- C:\Documents and Settings\darwin\Application Data\Google
2008-04-05 14:22:25 0 d-------- C:\Documents and Settings\darwin\Application Data\vlc


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/22/2008 11:42 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/22/2008 11:42 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [07/20/2005 11:18 PM]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [09/24/2001 09:39 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 03:10 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/22/2008 11:42 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"="C:\Program Files\Sify Broadband\BBImpSec.exe" [04/21/2006 08:04 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"Uniblue RegistryBooster 2"="D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [05/28/2004 03:22 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"D:\programfiles\adobe reader\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"C:\Program Files\Lexmark 2300 Series\ezprint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
"d:\Program Files\PC Protection\Common\FSM32.EXE" /splash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]
"d:\Program Files\PC Protection\FSGUI\FSSW.EXE" /reboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
"d:\Program Files\PC Protection\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
"C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
"d:\Program Files\PC Protection\FSGUI\ispnews.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SifyBB]
C:\Program Files\Sify Broadband\BBImpSec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet




-- End of Deckard's System Scanner: finished at 2008-05-27 22:55:23 ------------
  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. A quick question.. May I know where's the location of these files that AVG8.1 tells you?

real10[1].gif
614[1].gif
rm[1].exe
g0ld.com



And about your slow startup I strongly believe it may be caused by the small amount of RAM installed in your computer (128mb RAM)


Please do the following..

Please go to Start >> Run and type or copy/paste the following in the run box: "%userprofile%\desktop\dss.exe" /daft . Then press Enter
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.



NEXT


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Regards
fenzodahl512
  • 0

#5
sahyd2don

sahyd2don

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
AVG has detected g0ld.com in temp folder and the other three files were detected in Temporary Internet files folder of user aman.Before detecting these files it was not this slow during startup.

i have scanned my pc using this command "%userprofile%\desktop\dss.exe" /daft in run it detected two file extentions which i selected and clicked on fix. Now its showing all associations are ok .

I have tried downloading karspersky from the link you provided.i clicked on Accept button several times but its not starting the download.its not accepting my click on the accept button.it was not accepting in firefox now i am doing scanning with internet explorer i will be back after scan...............

i am doing online scan avg is detecting new threats after downloading ActiveX.There are 5 new threats detected.old threats are gone.i have checked forced deletion of files which were detected in system32 folder.....they are ukrth.dll and hjmh.dll avg is detecting them as Trojan Horse PSW.onlinegames.ARCX, Trojan Horse Dropper.Generic.RHU , Trojan Horse PSW.onlinegames.ARCZ ,Trojan Horse Downloader.Generic7.ORH .

kaspersky antivirus database update is 72% complete.

Edited by sahyd2don, 28 May 2008 - 11:29 AM.

  • 0

#6
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
ok.. I'll wait for you :)
  • 0

#7
sahyd2don

sahyd2don

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
hi i was trying for online scan but after installing ActiveX avg was detecting lot of threats.....it was not letting me perform any action.it was not even letting be complete the online scan so i had to format the disk.....thanks to god that i didnt had important data on it........Thanks for trying to help me.
  • 0

#8
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP