Kaspersky Online-Scanner Crashing..possible malware..
Hey,
As requested here's the log created by dss.exe....
warning!!!-extra.txt was not created.
main.txt
Deckard's System Scanner v20071014.68
Run by Nirmal Misra on 2008-06-18 13:34:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Nirmal Misra.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:35 PM, on 18/06/08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\CToolbar.exe
c:\PROGRA~1\Crawler\CMail.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Nirmal Misra\Desktop\Unused Desktop Shortcuts\dss.exe
C:\DOCUME~1\NIRMAL~1\Desktop\UNUSED~1\Nirmal Misra.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield. exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Nirmal Misra"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Nirmal Misra"
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1211622668156
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6723 bytes

-- Files created between 2008-05-18 and 2008-06-18 -----------------------------

2008-06-16 10:47:41 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-15 21:20:35 0 dr-h----- C:\Documents and Settings\Nirmal Misra\Recent
2008-06-15 20:50:23 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-06-15 11:03:10 0 d-------- C:\WINDOWS\Prefetch
2008-06-15 09:37:06 0 d-------- C:\WINDOWS\system32\scripting
2008-06-15 09:37:04 0 d-------- C:\WINDOWS\l2schemas
2008-06-15 09:37:02 0 d-------- C:\WINDOWS\system32\en
2008-06-15 09:37:01 0 d-------- C:\WINDOWS\system32\bits
2008-06-15 09:30:03 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-14 22:36:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-06-14 22:10:20 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-14 14:03:08 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Help
2008-06-08 20:25:43 0 d-------- C:\temp
2008-06-03 16:31:01 0 d-------- C:\Program Files\Microsoft.NET
2008-06-03 16:30:50 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-03 16:29:48 0 d-------- C:\WINDOWS\SHELLNEW
2008-06-02 19:20:21 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\U3
2008-05-30 23:12:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-30 23:09:00 0 d-------- C:\Program Files\Yahoo!
2008-05-29 18:11:51 0 d-------- C:\WINDOWS\Sun
2008-05-29 18:11:50 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Sun
2008-05-28 09:47:15 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-26 11:53:14 0 d-------- C:\WINDOWS\network diagnostic
2008-05-25 06:42:18 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Macromedia
2008-05-25 00:15:49 0 d-------- C:\Program Files\Crawler
2008-05-25 00:05:29 141312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-25 00:05:29 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Spyware Terminator
2008-05-25 00:05:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-05-25 00:05:20 0 d-------- C:\Program Files\Spyware Terminator
2008-05-24 22:52:41 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Comodo
2008-05-24 22:52:36 0 d-------- C:\Program Files\COMODO
2008-05-24 22:43:44 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\vlc
2008-05-24 22:34:57 5248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2008-05-24 22:34:57 160640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2008-05-24 22:34:54 0 d-------- C:\Program Files\Alcohol Soft
2008-05-24 22:33:39 2285056 --a------ C:\WINDOWS\system32\TUKernel.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-24 21:58:36 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\DivX
2008-05-24 21:53:20 0 d-------- C:\WINDOWS\pss
2008-05-24 18:19:09 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\uTorrent
2008-05-24 18:15:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-24 17:38:48 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\PC Suite
2008-05-24 17:38:47 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-24 17:36:57 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Nokia
2008-05-24 17:36:23 0 d-------- C:\Program Files\DIFX
2008-05-24 17:36:16 0 d-------- C:\Program Files\PC Connectivity Solution
2008-05-24 17:36:08 50688 --a------ C:\WINDOWS\system32\nmwcdcls.dll <Not Verified; Nokia; >
2008-05-24 17:34:31 0 d-------- C:\Program Files\DivX
2008-05-24 16:53:38 0 d-------- C:\Program Files\FileZilla Server
2008-05-24 16:38:38 0 d-------- C:\WINDOWS\Start Menu
2008-05-24 16:38:38 0 d--h----- C:\WINDOWS\PIF
2008-05-24 16:38:37 131584 --a------ C:\WINDOWS\system\wsiwin32.dll
2008-05-24 16:38:37 375296 --a------ C:\WINDOWS\system\wsihk32.dll
2008-05-24 16:38:37 135744 --a------ C:\WINDOWS\system\vtssapp.exe <Not Verified; ; SS>
2008-05-24 16:38:37 216576 --a------ C:\WINDOWS\system\bdt50exf.dll <Not Verified; Borland International; VBX Data Access Controls>
2008-05-24 16:38:37 259072 --a------ C:\WINDOWS\system\bdt50ex.dll <Not Verified; Borland International; VBX Data Access Controls>
2008-05-24 16:38:36 211488 --a------ C:\WINDOWS\system32\bwcc32.dll <Not Verified; Borland International; >
2008-05-24 16:38:36 159744 --a------ C:\WINDOWS\system32\bw32000c.dll
2008-05-24 16:38:36 159744 --a------ C:\WINDOWS\system32\bw320009.dll <Not Verified; Borland International; >
2008-05-24 16:38:36 166944 --a------ C:\WINDOWS\system32\bocof.dll
2008-05-24 16:38:36 398400 --a------ C:\WINDOWS\system\vtssdll.dll <Not Verified; ; SS>
2008-05-24 16:38:36 15904 --a------ C:\WINDOWS\system\vtssdbw.dll <Not Verified; Borland International; Borland Visual Solutions Pack, Version 1.1>
2008-05-24 16:38:36 58192 --a------ C:\WINDOWS\system\mhrun300.dll <Not Verified; MicroHelp Inc.; VBTools2 - run time dll>
2008-05-24 16:38:36 244192 --a------ C:\WINDOWS\system\mhcards.dll
2008-05-24 16:38:36 25808 --a------ C:\WINDOWS\system\ctl3dv2.dll <Not Verified; Microsoft Corporation; 3D Windows Control>
2008-05-24 16:38:36 96928 --a------ C:\WINDOWS\system\bwcc000c.dll
2008-05-24 16:38:36 96912 --a------ C:\WINDOWS\system\bwcc0009.dll <Not Verified; Borland International; >
2008-05-24 16:38:36 97072 --a------ C:\WINDOWS\system\bwcc0007.dll
2008-05-24 16:38:36 164928 --a------ C:\WINDOWS\system\bwcc.dll <Not Verified; Borland International; >
2008-05-24 16:38:36 377408 --a------ C:\WINDOWS\system\bocole.dll
2008-05-24 16:38:36 58880 --a------ C:\WINDOWS\system\bivbx30n.exe <Not Verified; Borland International; 16-bit VBX Thunk Server for Windows NT>
2008-05-24 16:38:36 16896 --a------ C:\WINDOWS\system\bivbx30c.dll
2008-05-24 16:38:36 103936 --a------ C:\WINDOWS\system\bivbx30.dll <Not Verified; Borland International; VBX Emulation Library>
2008-05-24 16:38:35 159744 --a------ C:\WINDOWS\system32\bw320007.dll
2008-05-24 16:38:35 90112 --a------ C:\WINDOWS\BC5RMV.EXE
2008-05-24 16:38:34 0 d-------- C:\IDAPI32
2008-05-24 16:38:32 0 d-------- C:\BDE32
2008-05-24 16:37:23 0 d-------- C:\BC5
2008-05-24 16:27:49 0 d-------- C:\Program Files\VideoLAN
2008-05-24 16:25:52 0 d-------- C:\Program Files\Webroot
2008-05-24 16:25:52 0 d-------- C:\Program Files\Common Files\Webroot Shared
2008-05-24 16:25:52 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Webroot
2008-05-24 16:25:41 56832 --a------ C:\WINDOWS\Unwash6.exe <Not Verified; Webroot Software, Inc.; >
2008-05-24 16:22:48 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-24 16:21:43 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-24 16:21:43 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-24 16:21:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-24 16:19:17 0 d-------- C:\Documents and Settings\Nirmal Misra\Contacts
2008-05-24 16:18:57 0 d-------- C:\Program Files\Messenger Plus! Live
2008-05-24 16:12:55 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Adobe
2008-05-24 16:11:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-05-24 16:11:47 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-24 16:08:30 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-24 16:08:22 0 d-------- C:\Program Files\Real
2008-05-24 16:08:21 0 d-------- C:\Program Files\Common Files\Real
2008-05-24 16:08:20 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Real
2008-05-24 16:05:33 47662 --a------ C:\WINDOWS\system32\drivers\FDCDNT.SYS <Not Verified; Silence of Troubles United Company Ltd.; Filter Device for WinNT/2k/XP>
2008-05-24 16:05:33 0 d--h----- C:\WINDOWS\ffpext
2008-05-24 16:05:33 0 d-------- C:\Program Files\File and Folder Protector
2008-05-24 16:01:25 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\TuneUp Software
2008-05-24 16:01:20 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-24 16:01:17 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-24 16:01:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-24 15:58:32 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\WinRAR
2008-05-24 15:57:43 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Ipswitch
2008-05-24 15:57:38 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-05-24 15:57:38 0 d-------- C:\Program Files\Ipswitch
2008-05-24 15:57:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Ipswitch
2008-05-24 15:55:22 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Ahead
2008-05-24 15:54:15 0 d-------- C:\Program Files\Nero
2008-05-24 15:54:15 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-24 15:51:54 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Opera
2008-05-24 15:51:51 0 d-------- C:\Program Files\Opera
2008-05-24 15:43:04 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-24 15:43:01 0 d-------- C:\Program Files\Windows Live
2008-05-24 15:42:55 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-24 15:41:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-05-24 15:41:38 0 d-------- C:\Program Files\SpeedFan
2008-05-24 15:38:54 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-24 15:38:52 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Mozilla
2008-05-24 15:37:22 474624 --a------ C:\WINDOWS\system32\PrintDisp.exe
2008-05-24 15:37:22 69632 --a------ C:\WINDOWS\system32\PrintCtrl.exe
2008-05-24 15:37:20 0 dr-hs---- C:\Documents and Settings\All Users\Application Data\Temp
2008-05-24 15:37:19 880640 --a------ C:\WINDOWS\system32\SaveTo.dll
2008-05-24 15:37:19 1391616 --a------ C:\WINDOWS\system32\ActPDF.dll
2008-05-24 15:37:18 712537 --a------ C:\WINDOWS\system32\unins000.exe
2008-05-24 15:37:18 10128 --a------ C:\WINDOWS\system32\unins000.dat
2008-05-24 15:37:18 2423808 --a------ C:\WINDOWS\SaveTo.exe <Not Verified; ActMask Co.,Ltd - http://www.ALL2PDF.com; SaveTo>
2008-05-24 15:37:18 0 d-------- C:\Program Files\ActMask ALL2PDF PDF Creator
2008-05-24 15:11:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-24 15:11:25 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-24 15:09:05 0 d-------- C:\Program Files\Alwil Software
2008-05-24 14:31:03 0 d--hs---- C:\WINDOWS\CSC
2008-05-24 14:27:05 0 d--hs---- C:\WINDOWS\Installer
2008-05-24 14:27:05 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-24 14:27:00 0 dr------- C:\Program Files
2008-05-24 14:27:00 0 d-------- C:\Program Files\Common Files
2008-05-24 14:27:00 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-24 14:26:23 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-05-24 14:26:23 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-05-24 14:26:23 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-05-24 14:26:23 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-05-24 14:26:23 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-05-24 14:26:23 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-05-24 14:26:23 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-05-24 14:26:23 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-05-24 14:26:23 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-05-24 14:26:23 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-05-24 14:26:23 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-05-24 14:26:23 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-05-24 14:26:23 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-05-24 14:26:23 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-05-24 14:26:23 0 dr------- C:\Documents and Settings\All Users\Documents
2008-05-24 14:26:23 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-05-24 14:26:08 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-24 14:26:08 0 d-------- C:\WINDOWS\system32\CatRoot
2008-05-24 14:26:02 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-05-24 14:26:02 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-24 14:26:02 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-05-24 14:26:02 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-24 14:25:36 0 d-------- C:\Documents and Settings
2008-05-24 14:25:35 0 d--hs---- C:\System Volume Information
2008-05-24 14:16:17 0 d-------- C:\WINDOWS
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\WinSxS
2008-05-24 14:16:17 0 dr------- C:\WINDOWS\Web
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\twain_32
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\wins
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\wbem
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\usmt
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\spool
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\ShellExt
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\Setup
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\ras
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\oobe
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\npp
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\mui
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\inetsrv
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\IME
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\icsxml
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\ias
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\export
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\drivers
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-05-24 14:16:17 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\dhcp
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\config
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\3076
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\2052
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\1054
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\1042
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\1041
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\1037
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\1033
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\1031
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\1028
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\1025
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\security
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\Resources
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\repair
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\Provisioning
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\PeerNet
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\pchealth
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\NLDRV
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\mui
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\msapps
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\msagent
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\Media
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\java
2008-05-24 14:16:17 0 d--h----- C:\WINDOWS\inf
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\ime
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\Help
2008-05-24 14:16:17 0 dr--s---- C:\WINDOWS\Fonts
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\ehome
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\Driver Cache
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\Debug
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\Cursors
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\Connection Wizard
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\Config
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\AppPatch
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\addins
2008-05-24 14:10:06 0 d-------- C:\Program Files\Java
2008-05-24 14:10:05 0 d-------- C:\Program Files\Common Files\Java
2008-05-24 12:49:44 0 d--hs---- C:\Documents and Settings\Nirmal Misra\UserData
2008-05-24 12:46:09 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-24 12:44:10 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-24 12:42:25 0 d-------- C:\WINDOWS\nview
2008-05-24 12:38:53 0 d-------- C:\Program Files\NetWaiting
2008-05-24 12:37:45 0 d-------- C:\Program Files\CONEXANT
2008-05-24 12:28:17 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\DMCache
2008-05-24 12:26:14 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-24 12:22:43 0 d-------- C:\Program Files\HP
2008-05-24 12:22:42 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-24 12:22:14 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-24 12:22:09 0 d-------- C:\Program Files\Texas Instruments Inc
2008-05-24 12:21:24 0 d-------- C:\Program Files\Synaptics
2008-05-24 12:19:56 0 d-------- C:\Documents and Settings\Nirmal Misra\Bluetooth Software
2008-05-24 12:19:19 0 d-------- C:\Program Files\WIDCOMM
2008-05-24 12:09:30 0 d-------- C:\Program Files\HPQ
2008-05-24 12:09:28 987136 --a------ C:\WINDOWS\system32\BttnCmn.dll <Not Verified; Hewlett-Packard Company; Q Menu>
2008-05-24 12:09:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-24 12:09:28 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-24 12:09:17 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-24 11:57:44 0 d-------- C:\SWSetup
2008-05-24 11:54:51 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-24 11:54:49 0 d-------- C:\Program Files\Intel
2008-05-24 11:54:18 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-24 11:51:53 245376 --a------ C:\WINDOWS\system32\drivers\U2KG54.SYS <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
2008-05-24 11:51:53 3264 --a------ C:\WINDOWS\system32\drivers\BFAIFILT.SYS
2008-05-24 11:51:53 3264 --a------ C:\WINDOWS\system32\drivers\AIFILT.SYS
2008-05-24 11:41:15 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Identities
2008-05-24 11:41:06 0 d--h----- C:\Documents and Settings\Nirmal Misra\Templates
2008-05-24 11:41:06 0 dr------- C:\Documents and Settings\Nirmal Misra\Start Menu
2008-05-24 11:41:06 0 dr-h----- C:\Documents and Settings\Nirmal Misra\SendTo
2008-05-24 11:41:06 0 d--h----- C:\Documents and Settings\Nirmal Misra\PrintHood
2008-05-24 11:41:06 3932160 --ah----- C:\Documents and Settings\Nirmal Misra\NTUSER.DAT
2008-05-24 11:41:06 0 d--h----- C:\Documents and Settings\Nirmal Misra\NetHood
2008-05-24 11:41:06 0 dr------- C:\Documents and Settings\Nirmal Misra\My Documents
2008-05-24 11:41:06 0 d--h----- C:\Documents and Settings\Nirmal Misra\Local Settings
2008-05-24 11:41:06 0 dr------- C:\Documents and Settings\Nirmal Misra\Favorites
2008-05-24 11:41:06 0 d-------- C:\Documents and Settings\Nirmal Misra\Desktop
2008-05-24 11:41:06 0 d--hs---- C:\Documents and Settings\Nirmal Misra\Cookies
2008-05-24 11:41:06 0 dr-h----- C:\Documents and Settings\Nirmal Misra\Application Data
2008-05-24 11:40:30 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-24 11:40:27 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-05-24 11:40:25 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-05-24 11:40:25 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-05-24 11:40:25 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-05-24 11:40:25 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-05-24 11:40:25 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-24 11:40:08 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-05-24 11:40:08 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-05-24 11:40:08 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-05-24 11:40:08 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-05-24 11:40:08 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-24 11:36:26 0 d-------- C:\WINDOWS\system32\xircom
2008-05-24 11:36:26 0 d-------- C:\Program Files\microsoft frontpage
2008-05-24 11:36:10 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-05-24 11:36:08 0 -rahs---- C:\MSDOS.SYS
2008-05-24 11:36:08 0 -rahs---- C:\IO.SYS
2008-05-24 11:36:08 0 --a------ C:\CONFIG.SYS
2008-05-24 11:36:08 24 --a------ C:\AUTOEXEC.BAT
2008-05-24 11:35:11 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-05-24 11:34:57 0 dr------- C:\WINDOWS\Offline Web Pages
2008-05-24 11:34:57 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-24 11:34:45 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-24 11:34:23 0 d-------- C:\WINDOWS\system32\DirectX
2008-05-24 11:33:44 0 d---s---- C:\WINDOWS\Tasks
2008-05-24 11:33:43 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-24 11:33:39 0 d-------- C:\WINDOWS\srchasst
2008-05-24 11:33:38 0 d-------- C:\WINDOWS\system32\Macromed
2008-05-24 11:33:28 0 d-------- C:\Program Files\Movie Maker
2008-05-24 11:33:19 0 d-------- C:\WINDOWS\system32\Restore
2008-05-24 11:32:46 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-24 11:32:39 0 d-------- C:\WINDOWS\Registration
2008-05-24 11:32:35 0 d-------- C:\Program Files\Online Services
2008-05-24 11:32:31 0 d-------- C:\Program Files\Messenger
2008-05-24 11:32:27 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-24 11:31:40 0 d-------- C:\Program Files\Windows NT
2008-05-24 11:31:36 0 d-------- C:\WINDOWS\system32\MsDtc
2008-05-24 11:31:34 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-05-24 14:26:23 62 --ahs---- C:\Documents and Settings\Nirmal Misra\Application Data\desktop.ini
2008-05-13 04:53:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 04:50:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-13 04:50:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-13 04:50:08 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-13 04:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-13 04:50:08 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-05-13 04:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-13 04:50:06 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-13 04:49:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/09/07 02:27 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [15/04/06 05:26 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [15/04/06 05:26 PM]
"nwiz"="nwiz.exe" [15/04/06 05:26 PM C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [16/05/08 02:19 AM]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareT erminatorShield.exe" [25/05/08 12:05 AM]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/07 02:29 AM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [15/06/08 09:20 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [24/05/08 04:08 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [08/03/05 10:02 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\runonce]
"Index Washer"=C:\Program Files\Webroot\Washer\WashIdx.exe "Nirmal Misra"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonce]
"Index Washer"=C:\Program Files\Webroot\Washer\WashIdx.exe "Nirmal Misra"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\FDCDNT.SYS"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\FileAndFolderProtector_S"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ffpsrv]
c:\windows\ffpext\ffpsrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
"C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDisp]
C:\WINDOWS\system32\PrintDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shock4Way3D]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"TuneUp.Defrag"=3 (0x3)
"ServiceLayer"=3 (0x3)
"Printer Control"=2 (0x2)
"NBService"=3 (0x3)
"hpqwmiex"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"btwdins"=2 (0x2)
"Spooler"=2 (0x2)
"SCardSvr"=3 (0x3)
"ose"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0d14afbd-30b5-11dd-96b1-0013029742a9}]
AutoRun\command- H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{27eb9015-296d-11dd-969c-c45c9a902127}]
AutoRun\command- G:\lzext.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2ee074b4-31f9-11dd-96b4-0013029742a9}]
AutoRun\command- qa8sywva.cmd
explore\Command- qa8sywva.cmd
open\Command- qa8sywva.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b6399770-2989-11dd-96a1-0013029742a9}]
AutoRun\command- wscript.exe VirusRemoval.vbs
open\Command- wscript.exe VirusRemoval.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c5a12576-2b11-11dd-96a9-0013029742a9}]
AutoRun\command- H:\qa8sywva.cmd
explore\Command- H:\qa8sywva.cmd
open\Command- H:\qa8sywva.cmd




-- End of Deckard's System Scanner: finished at 2008-06-18 13:37:58 ------------

there is a hijack log file created which i cam putting here
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:35 PM, on 18/06/08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\CToolbar.exe
c:\PROGRA~1\Crawler\CMail.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Nirmal Misra\Desktop\Unused Desktop Shortcuts\dss.exe
C:\DOCUME~1\NIRMAL~1\Desktop\UNUSED~1\Nirmal Misra.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield. exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Nirmal Misra"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Nirmal Misra"
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1211622668156
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6723 bytes


I ran the scan with the new Opera 9.5. I had run the scan before with an older version of opera browser somedays back and it ran smoothly.

I had allowed my Comodo Firewall to allow the ScanningProcess.exe to run. I had stoped my Avast protection. So It's not because of them.

I have heard of several malwares which are particularly adept at disallowing such online-scan.

Also, i had posted another thread realted to this..starting with Firefox Crashes....dss.exe kept gettin flagged while it ran by my firewall (comodo) as having possible malware activities..

Pls do get back to me at the earliest.

Thnxs..

you need to run Kaspersky with Internet Explorer, and then post the results back here. Kaspersky is sort of picky about that.

Thanks ,

v

In the meantime, you can open hijack this, click 'perform system scan only', close all other windows, place a tick next to the below, and click 'fix checked'. After the Kasperksy scan is finished, post a new log.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Boot into safe mode, navigate to and delete the following:

C:\PROGRA~1\Crawler\CToolbar.exe
c:\PROGRA~1\Crawler\CMail.exe

thanks,

v

hey valis,
I don't know what regesitry key you are asking me to delete but the applications that you are asking me to delete are valid and have been tested by me. They are : -
1) Crawler Toolbar - Comes with the Web Seurity Guard that comes with Spyware Terminator. One of the BEST toolbars. It also got a Guard which gives you if a site is safe to go to or not and blocks all ad sites lke yeildmanager which try to inject a code with the parent site.
2)CMail - Its an add-on which helps me monitor my mails.

However if u feel that these cud me security threats then i wud gladly delete them though I would be thankful if you can suggest some alternative software/toolbar which could do wat the above softwares were doing for me.

Thnx for ur interest in my matter

Hey valis,
Oh by da way, I had already run Kaspersky before i could read ur rply on this thread. But alas, Kaspersky could not run on run even on IE7. Though I did forget 2 turn off the protection of my Avast AV home v4.
The error msg that came is : -
[ERROR: java.security.PrivilegedActionException: java.io.EOFException: Unexpected end of ZLIB input stream]

Pls help..getting a little bothered now...incidently this is the 1st time i ve actually ever had any malware related problem..am generally very careful about the sites i visit, downloads etc. Cant think how this may have come across

Hey valis,
Incidently would you know why dss.exe is creating a copy of hijackthis.exe n renaming it as Nirmal Misra.exe (Nirmal Misra is my username in windows) while running.
I hvnt installed highjackthis.exe. Runnin it as a stand alone exe. Also neither dss.exe nor hijackthis.exe is stored on Desktop

thnks in advance..

Ok valis,
I hvnt heard form you as yet so i have NOT deleted those registry entries. Reason - Pls chk a few messages back.
I did however do take another HJT log after Kaskpersky dint run even with IE7

HJT log : -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:18:26 PM, on 18/06/08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Nirmal Misra\Desktop\Unused Desktop Shortcuts\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield. exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Nirmal Misra"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Nirmal Misra"
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1211622668156
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 6505 bytes


Waiting to find out what went wrong...