Logfile of HijackThis v1.99.1
Scan saved at 2:15:37 PM, on 5/17/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\System32\nvsvc32.exe
E:\PROGRA~1\QUICKH~1\QHONSVC.EXE
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\Explorer.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\PROGRA~1\QUICKH~1\MailSvr.exe
E:\PROGRA~1\QUICKH~1\UPSCHD.EXE
E:\PROGRA~1\QUICKH~1\QHM32.EXE
E:\Program Files\AdsGone\adsgone.exe
E:\PROGRA~1\QUICKH~1\QHONLINE.EXE
E:\WINNT\system32\wuauclt.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\ewido\security suite\ewidoctrl.exe
E:\Program Files\ewido\security suite\ewidoguard.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\kartik\Desktop\software protection\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://203.122.12.11...p://172.16.0.1/ (obfuscated)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] E:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Quick Heal e-mail Protection] E:\PROGRA~1\QUICKH~1\MailSvr.exe
O4 - HKLM\..\Run: [QH Live Update Scheduler] E:\PROGRA~1\QUICKH~1\UPSCHD.EXE /CHECK
O4 - HKLM\..\Run: [QH Office 2K Check] E:\PROGRA~1\QUICKH~1\O2KCHECK.EXE /CHECK
O4 - HKLM\..\Run: [Quick Heal On-Line Protection] E:\PROGRA~1\QUICKH~1\CATEYE.EXE
O4 - HKLM\..\Run: [Quick Heal Messenger] E:\PROGRA~1\QUICKH~1\QHM32.EXE
O4 - HKLM\..\Run: [Quick Heal Startup Scan] E:\PROGRA~1\QUICKH~1\QHSTRT32.exe /loadrun
O4 - HKLM\..\Run: [Security iGuard] E:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\RunOnce: [Quick Heal Startup Scan] E:\PROGRA~1\QUICKH~1\QHSTRT32.exe /check
O4 - HKCU\..\Run: [RWipeKbdDemon] E:\Program Files\R-Wipe&Clean\RWKbdD.exe
O4 - HKCU\..\Run: [atiupdpl] E:\WINNT\system32\atiupdpl.exe
O4 - Startup: AdsGone.lnk = E:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: AdsGone 2004.lnk = E:\Program Files\AdsGone\adsgone.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1A9C9E9-A323-4D03-A946-F57E1E1A3A83}: NameServer = 172.16.1.1
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINNT\System32\nvsvc32.exe
O23 - Service: Quick Heal Online Protection - Unknown owner - E:\PROGRA~1\QUICKH~1\QHONSVC.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
thank you