Member Panel

nlmisra

These are the Required Logs : -
Main.txt
Deckard's System Scanner v20071014.68
Run by Nirmal Misra on 2008-06-17 11:21:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2008-06-17 08:21:47 UTC - RP76 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Nirmal Misra.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:44 AM, on 17/06/08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nirmal Misra\Desktop\Unused Desktop Shortcuts\dss.exe
C:\DOCUME~1\NIRMAL~1\Desktop\UNUSED~1\Nirmal Misra.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield. exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Nirmal Misra"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Nirmal Misra"
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1211622668156
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6132 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 a347bus - c:\windows\system32\drivers\a347bus.sys
R0 a347scsi - c:\windows\system32\drivers\a347scsi.sys
R0 atapi (Standard IDE/ESDI Hard Disk Controller) - c:\windows\system32\drivers\atapi.sys
R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 FDCDNT - c:\windows\system32\drivers\fdcdnt.sys <Not Verified; Silence of Troubles United Company Ltd.; Filter Device for WinNT/2k/XP>
R1 sp_rsdrv2 (Spyware Terminator Driver 2) - c:\windows\system32\drivers\sp_rsdrv2.sys
R3 BTKRNL (Bluetooth Bus Enumerator) - c:\windows\system32\drivers\btkrnl.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2601>

S3 BFAIFILT - c:\windows\system32\drivers\bfaifilt.sys
S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - c:\windows\system32\drivers\btwusb.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2601>
S3 U2KG54 (BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service) - c:\windows\system32\drivers\u2kg54.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)
S3 upperdev - c:\windows\system32\drivers\usbser_lowerflt.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 FileZilla Server (FileZilla Server FTP server) - c:\program files\filezilla server\filezilla server.exe <Not Verified; FileZilla Project; FileZilla Server>
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>

S3 btwdins (Bluetooth Service) - c:\program files\widcomm\bluetooth software\bin\btwdins.exe <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2601>
S4 Adobe LM Service - "c:\program files\common files\adobe systems shared\service\adobelmsvc.exe"
S4 hpqwmiex - c:\program files\hewlett-packard\shared\hpqwmiex.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmiex Module>
S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 Printer Control - c:\windows\system32\printctrl.exe
S4 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-06-17 06:00:00 374 --a------ C:\WINDOWS\Tasks\PF, PT, BF.job
2008-06-13 17:15:00 390 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job

-- Files created between 2008-05-17 and 2008-06-17 -----------------------------

2008-06-17 11:21:48 0 d-------- C:\WINDOWS\ERDNT
2008-06-17 11:21:13 0 d-------- C:\Deckard
2008-06-16 10:47:41 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-15 21:20:35 0 dr-h----- C:\Documents and Settings\Nirmal Misra\Recent
2008-06-15 20:50:23 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-06-15 11:03:10 0 d-------- C:\WINDOWS\Prefetch
2008-06-15 09:37:06 0 d-------- C:\WINDOWS\system32\scripting
2008-06-15 09:37:04 0 d-------- C:\WINDOWS\l2schemas
2008-06-15 09:37:02 0 d-------- C:\WINDOWS\system32\en
2008-06-15 09:37:01 0 d-------- C:\WINDOWS\system32\bits
2008-06-15 09:30:03 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-14 22:36:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-06-14 22:10:20 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-14 14:03:08 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Help
2008-06-08 20:25:43 0 d-------- C:\temp
2008-06-03 16:31:01 0 d-------- C:\Program Files\Microsoft.NET
2008-06-03 16:30:50 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-03 16:30:06 0 d-------- C:\Program Files\Common Files\DESIGNER
2008-06-03 16:29:48 0 d-------- C:\WINDOWS\SHELLNEW
2008-06-03 16:29:39 0 d-------- C:\Program Files\Microsoft Office
2008-06-02 19:20:21 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\U3
2008-05-30 23:12:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-30 23:09:00 0 d-------- C:\Program Files\Yahoo!
2008-05-29 18:11:51 0 d-------- C:\WINDOWS\Sun
2008-05-29 18:11:50 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Sun
2008-05-28 09:47:15 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-26 11:53:14 0 d-------- C:\WINDOWS\network diagnostic
2008-05-25 06:42:18 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Macromedia
2008-05-25 00:15:49 0 d-------- C:\Program Files\Crawler
2008-05-25 00:05:29 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Spyware Terminator
2008-05-25 00:05:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-05-25 00:05:20 0 d-------- C:\Program Files\Spyware Terminator
2008-05-24 23:03:08 0 d-------- C:\WINDOWS\ie7updates
2008-05-24 22:52:41 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Comodo
2008-05-24 22:52:36 0 d-------- C:\Program Files\COMODO
2008-05-24 22:43:44 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\vlc
2008-05-24 22:34:54 0 d-------- C:\Program Files\Alcohol Soft
2008-05-24 21:58:36 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\DivX
2008-05-24 21:53:20 0 d-------- C:\WINDOWS\pss
2008-05-24 18:19:09 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\uTorrent
2008-05-24 18:15:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-24 17:45:58 0 d-------- C:\WINDOWS\WBEM
2008-05-24 17:45:54 0 d-------- C:\WINDOWS\system32\en-US
2008-05-24 17:44:20 0 d--h---c- C:\WINDOWS\ie7
2008-05-24 17:38:48 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\PC Suite
2008-05-24 17:38:47 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-24 17:36:57 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Nokia
2008-05-24 17:36:23 0 d-------- C:\Program Files\DIFX
2008-05-24 17:36:16 0 d-------- C:\Program Files\PC Connectivity Solution
2008-05-24 17:34:31 0 d-------- C:\Program Files\DivX
2008-05-24 16:53:38 0 d-------- C:\Program Files\FileZilla Server
2008-05-24 16:38:38 0 d-------- C:\WINDOWS\Start Menu
2008-05-24 16:38:38 0 d--h----- C:\WINDOWS\PIF
2008-05-24 16:38:34 0 d-------- C:\IDAPI32
2008-05-24 16:38:32 0 d-------- C:\BDE32
2008-05-24 16:37:23 0 d-------- C:\BC5
2008-05-24 16:27:49 0 d-------- C:\Program Files\VideoLAN
2008-05-24 16:25:52 0 d-------- C:\Program Files\Webroot
2008-05-24 16:25:52 0 d-------- C:\Program Files\Common Files\Webroot Shared
2008-05-24 16:25:52 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Webroot
2008-05-24 16:22:48 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-24 16:21:43 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-24 16:21:43 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-24 16:21:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-24 16:19:17 0 d-------- C:\Documents and Settings\Nirmal Misra\Contacts
2008-05-24 16:18:57 0 d-------- C:\Program Files\Messenger Plus! Live
2008-05-24 16:12:55 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Adobe
2008-05-24 16:11:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-05-24 16:11:47 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-24 16:08:30 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-24 16:08:22 0 d-------- C:\Program Files\Real
2008-05-24 16:08:21 0 d-------- C:\Program Files\Common Files\Real
2008-05-24 16:08:20 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Real
2008-05-24 16:05:33 0 d--h----- C:\WINDOWS\ffpext
2008-05-24 16:05:33 0 d-------- C:\Program Files\File and Folder Protector
2008-05-24 16:03:10 0 d-------- C:\Program Files\Registry Mechanic
2008-05-24 16:01:25 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\TuneUp Software
2008-05-24 16:01:20 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-24 16:01:17 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-24 16:01:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-24 15:58:32 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\WinRAR
2008-05-24 15:58:22 0 d-------- C:\Program Files\WinRAR
2008-05-24 15:57:43 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Ipswitch
2008-05-24 15:57:38 0 d-------- C:\Program Files\Ipswitch
2008-05-24 15:57:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Ipswitch
2008-05-24 15:55:22 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Ahead
2008-05-24 15:54:15 0 d-------- C:\Program Files\Nero
2008-05-24 15:54:15 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-24 15:51:54 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Opera
2008-05-24 15:51:51 0 d-------- C:\Program Files\Opera
2008-05-24 15:43:04 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-24 15:43:01 0 d-------- C:\Program Files\Windows Live
2008-05-24 15:42:55 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-24 15:41:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-05-24 15:41:38 0 d-------- C:\Program Files\SpeedFan
2008-05-24 15:38:52 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Mozilla
2008-05-24 15:38:45 0 d-------- C:\Program Files\Mozilla Firefox
2008-05-24 15:37:20 0 dr-hs---- C:\Documents and Settings\All Users\Application Data\Temp
2008-05-24 15:37:18 0 d-------- C:\Program Files\ActMask ALL2PDF PDF Creator
2008-05-24 15:11:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-24 15:11:25 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-24 15:11:25 0 d-------- C:\Program Files\Adobe
2008-05-24 15:09:05 0 d-------- C:\Program Files\Alwil Software
2008-05-24 14:31:03 0 d--hs---- C:\WINDOWS\CSC
2008-05-24 14:27:05 0 d--hs---- C:\WINDOWS\Installer
2008-05-24 14:27:05 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-24 14:27:00 0 dr------- C:\Program Files
2008-05-24 14:27:00 0 d-------- C:\Program Files\Common Files
2008-05-24 14:27:00 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-24 14:27:00 0 d-------- C:\Program Files\Common Files\Microsoft Shared
2008-05-24 14:26:23 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-05-24 14:26:23 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-05-24 14:26:23 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-05-24 14:26:23 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-05-24 14:26:23 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-05-24 14:26:23 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-05-24 14:26:23 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-05-24 14:26:23 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-05-24 14:26:23 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-05-24 14:26:23 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-05-24 14:26:23 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-05-24 14:26:23 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-05-24 14:26:23 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-05-24 14:26:23 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-05-24 14:26:23 0 dr------- C:\Documents and Settings\All Users\Documents
2008-05-24 14:26:23 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-05-24 14:26:08 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-24 14:26:08 0 d-------- C:\WINDOWS\system32\CatRoot
2008-05-24 14:26:02 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-05-24 14:26:02 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-24 14:26:02 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-05-24 14:26:02 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-24 14:25:36 0 d-------- C:\Documents and Settings
2008-05-24 14:25:35 0 d--hs---- C:\System Volume Information
2008-05-24 14:16:17 0 d-------- C:\WINDOWS
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\WinSxS
2008-05-24 14:16:17 0 dr------- C:\WINDOWS\Web
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\twain_32
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\Temp
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\wins
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\wbem
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\usmt
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\spool
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\ShellExt
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\Setup
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\ras
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\oobe
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\npp
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\mui
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\inetsrv
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\IME
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\icsxml
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\ias
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\export
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\drivers
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-05-24 14:16:17 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\dhcp
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\config
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\3076
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\2052
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\1054
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\1042
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\1041
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\1037
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\1033
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\1031
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\1028
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system32\1025
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\system
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\security
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\Resources
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\repair
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\Provisioning
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\PeerNet
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\pchealth
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\NLDRV
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\mui
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\msapps
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\msagent
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\Media
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\java
2008-05-24 14:16:17 0 d--h----- C:\WINDOWS\inf
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\ime
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\Help
2008-05-24 14:16:17 0 dr--s---- C:\WINDOWS\Fonts
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\ehome
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\Driver Cache
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\Debug
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\Cursors
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\Connection Wizard
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\Config
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\AppPatch
2008-05-24 14:16:17 0 d-------- C:\WINDOWS\addins
2008-05-24 14:10:06 0 d-------- C:\Program Files\Java
2008-05-24 14:10:05 0 d-------- C:\Program Files\Common Files\Java
2008-05-24 12:49:44 0 d--hs---- C:\Documents and Settings\Nirmal Misra\UserData
2008-05-24 12:46:09 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-24 12:44:10 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-24 12:42:25 0 d-------- C:\WINDOWS\nview
2008-05-24 12:38:53 0 d-------- C:\Program Files\NetWaiting
2008-05-24 12:37:45 0 d-------- C:\Program Files\CONEXANT
2008-05-24 12:28:17 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\DMCache
2008-05-24 12:22:43 0 d-------- C:\Program Files\HP
2008-05-24 12:22:42 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-24 12:22:14 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-24 12:22:09 0 d-------- C:\Program Files\Texas Instruments Inc
2008-05-24 12:21:24 0 d-------- C:\Program Files\Synaptics
2008-05-24 12:19:56 0 d-------- C:\Documents and Settings\Nirmal Misra\Bluetooth Software
2008-05-24 12:19:19 0 d-------- C:\Program Files\WIDCOMM
2008-05-24 12:16:10 0 d--hs---- C:\RECYCLER
2008-05-24 12:09:30 0 d-------- C:\Program Files\HPQ
2008-05-24 12:09:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-24 12:09:28 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-24 12:09:17 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-24 11:57:44 0 d-------- C:\SWSetup
2008-05-24 11:54:51 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-24 11:54:49 0 d-------- C:\Program Files\Intel
2008-05-24 11:54:18 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-24 11:41:15 0 d-------- C:\Documents and Settings\Nirmal Misra\Application Data\Identities
2008-05-24 11:41:13 0 d--h----- C:\Program Files\Uninstall Information
2008-05-24 11:41:06 0 d--h----- C:\Documents and Settings\Nirmal Misra\Templates
2008-05-24 11:41:06 0 dr------- C:\Documents and Settings\Nirmal Misra\Start Menu
2008-05-24 11:41:06 0 dr-h----- C:\Documents and Settings\Nirmal Misra\SendTo
2008-05-24 11:41:06 0 d--h----- C:\Documents and Settings\Nirmal Misra\PrintHood
2008-05-24 11:41:06 0 d--h----- C:\Documents and Settings\Nirmal Misra\NetHood
2008-05-24 11:41:06 0 dr------- C:\Documents and Settings\Nirmal Misra\My Documents
2008-05-24 11:41:06 0 d--h----- C:\Documents and Settings\Nirmal Misra\Local Settings
2008-05-24 11:41:06 0 dr------- C:\Documents and Settings\Nirmal Misra\Favorites
2008-05-24 11:41:06 0 d-------- C:\Documents and Settings\Nirmal Misra\Desktop
2008-05-24 11:41:06 0 d--hs---- C:\Documents and Settings\Nirmal Misra\Cookies
2008-05-24 11:41:06 0 dr-h----- C:\Documents and Settings\Nirmal Misra\Application Data
2008-05-24 11:41:06 0 d---s---- C:\Documents and Settings\Nirmal Misra\Application Data\Microsoft
2008-05-24 11:40:30 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-24 11:40:27 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-05-24 11:40:25 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-05-24 11:40:25 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-05-24 11:40:25 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-05-24 11:40:25 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-24 11:40:08 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-05-24 11:40:08 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-05-24 11:40:08 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-05-24 11:40:08 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-24 11:36:26 0 d-------- C:\WINDOWS\system32\xircom
2008-05-24 11:36:26 0 d-------- C:\Program Files\xerox
2008-05-24 11:36:26 0 d-------- C:\Program Files\microsoft frontpage
2008-05-24 11:35:11 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-05-24 11:34:57 0 dr------- C:\WINDOWS\Offline Web Pages
2008-05-24 11:34:57 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-24 11:34:45 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-24 11:34:23 0 d-------- C:\WINDOWS\system32\DirectX
2008-05-24 11:33:47 0 d-------- C:\Program Files\Common Files\Services
2008-05-24 11:33:44 0 d---s---- C:\WINDOWS\Tasks
2008-05-24 11:33:43 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-24 11:33:39 0 d-------- C:\WINDOWS\srchasst
2008-05-24 11:33:38 0 d-------- C:\WINDOWS\system32\Macromed
2008-05-24 11:33:28 0 d-------- C:\Program Files\Movie Maker
2008-05-24 11:33:19 0 d-------- C:\WINDOWS\system32\Restore
2008-05-24 11:33:15 0 d-------- C:\Program Files\NetMeeting
2008-05-24 11:33:11 0 d-------- C:\Program Files\Outlook Express
2008-05-24 11:33:03 0 d-------- C:\Program Files\Common Files\System
2008-05-24 11:33:01 0 d-------- C:\Program Files\Internet Explorer
2008-05-24 11:32:43 0 d-------- C:\Program Files\ComPlus Applications
2008-05-24 11:32:39 0 d-------- C:\WINDOWS\Registration
2008-05-24 11:32:35 0 d-------- C:\Program Files\Windows Media Player
2008-05-24 11:32:35 0 d-------- C:\Program Files\Online Services
2008-05-24 11:32:31 0 d-------- C:\Program Files\Messenger
2008-05-24 11:32:27 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-24 11:31:42 0 d-------- C:\Program Files\MSN
2008-05-24 11:31:40 0 d-------- C:\Program Files\Windows NT
2008-05-24 11:31:36 0 d-------- C:\WINDOWS\system32\MsDtc
2008-05-24 11:31:34 0 d-------- C:\WINDOWS\system32\Com

-- Find3M Report ---------------------------------------------------------------

2008-05-24 14:26:23 62 --ahs---- C:\Documents and Settings\Nirmal Misra\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

-- End of Deckard's System Scanner: finished at 2008-06-17 11:25:45 ------------

Extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 1022.04 MiB / 587.61 MiB
Pagefile Memory (total/avail): 2460.25 MiB / 2091.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1909.49 MiB

C: is Fixed (NTFS) - 14.65 GiB total, 6.22 GiB free.
D: is Fixed (NTFS) - 78.13 GiB total, 44.53 GiB free.
E: is Fixed (NTFS) - 19.01 GiB total, 7.41 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK1237GSX - 111.79 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 14.65 GiB - C:
\PARTITION1 - Installable File System - 78.13 GiB - D:
\PARTITION2 - Installable File System - 19.01 GiB - E:

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Nirmal Misra\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NIRMAL-LAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Nirmal Misra
LOGONSERVER=\\NIRMAL-LAPTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOW S\System32\Wbem;C:\BC5\BIN;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\NIRMAL~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\NIRMAL~1\LOCALS~1\Temp
USERDOMAIN=NIRMAL-LAPTOP
USERNAME=Nirmal Misra
USERPROFILE=C:\Documents and Settings\Nirmal Misra
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Nirmal Misra (admin)

-- Add/Remove Programs ---------------------------------------------------------

-- Application Event Log -------------------------------------------------------

Event Record #/Type431 / Error
Event Submitted/Written: 06/17/2008 10:19:33 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type430 / Error
Event Submitted/Written: 06/17/2008 10:10:02 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module unknown, version 0.0.0.0, fault address 0x300d4eea.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type429 / Error
Event Submitted/Written: 06/17/2008 10:07:49 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module unknown, version 0.0.0.0, fault address 0x300d4eea.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type428 / Error
Event Submitted/Written: 06/17/2008 10:03:55 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module npswf32.dll, version 9.0.124.0, fault address 0x000d4eef.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type427 / Error
Event Submitted/Written: 06/17/2008 09:59:41 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0006478e.
Processing media-specific event for [firefox.exe!ws!]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type3132 / Warning
Event Submitted/Written: 06/17/2008 02:02:05 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type3131 / Warning
Event Submitted/Written: 06/16/2008 10:22:06 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type3130 / Error
Event Submitted/Written: 06/16/2008 10:20:04 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The FileZilla Server FTP server service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type3129 / Warning
Event Submitted/Written: 06/16/2008 08:14:50 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type3126 / Warning
Event Submitted/Written: 06/16/2008 07:17:51 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

-- End of Deckard's System Scanner: finished at 2008-06-17 11:25:45 ------------

Well the problems i am facing are : -
1)Firefox is crashing rather frequently and its especially happening when i am trying to download something. (Last tried downloading from ipscanner.sourceforge.net)
2)I had received a TCP request on port 445 in an office network which I believed to be a malware trying to spread onto my system. I blocked the request. But after that request was blocked my firewall suddenly started eating up a lot of CPU and so i had to reinstall it. Now its working fine.
3)Computer is perforrming at lower speeds especially after SP3 service pack.

I am wondering if indeed I have gotten infected by any sort of malware as often I notice that svchost.exe is sending some or the other data to some different IP address each time. It's started happening rather more after I installed XP-SP3.

Security softwares I am using : -
1)Comodo Firewall Plus v3
2)Spyware Terminator v2.2
3)Avast Home v4

Thanks for looking into the matter

valis

hello nlmisra, and welcome to the forums. Do you know what the below app is?

C:\DOCUME~1\NIRMAL~1\Desktop\UNUSED~1\Nirmal Misra.exe

If not, go to Online malware scan and upload the following files by clicking on the 'browse' button at the top of the page and navigating to the below files. Please post the results in your next post.

Thanks,
v

nlmisra

ya...apparantely wen i ran dss.exe as was said by da thread regarding pre-work, it renamed the hijackthis.exe in da same folder into Nirmal Misra.exe (Nirmal Misra is my logon name) and created a copy of it...hence i had both Nirmal Misra.exe created by dss.exe and Hijackthis.exe which i had downloaded. Cud this hav been bcoz dss.exe was the actual malware...i downloaded it 4m da link on the thread given on pre-work
thnx for lookin in2 dis so soon

nlmisra

ok i had already deleted Nirmal Misra.exe, but i did dat online malware scan that u asked me to do on dss.exe that id downloaded 4m the link on one of ur pre-work threads.
The result is below : -
""VBA32 Found Trojan-Downloader.Win32.Agent.fpg""
Rest of the scans found nothing. Man...this is slightly disturbing...i followed a link given by ur elite members..ladygreenwitch..n da download 4m dere contains a trojan...pls do look into it immediately...
Thnx

nlmisra

ok...now just a few seconds ago firefox was actin al funny..wen i tried usin da scroll...the font size of the page was changin....automatically....it was as if da ctrl key was pressed by itself...i pressed it a few times 2 release it but nothin happened...i then lock my account n den unlocked it...n den it strtd workin properly...also....a few days bac....certain keys were jumping while usin firefox...if i type certain letters, instead of the curso movin to the right it jumps 2 da left...n it happened only 4 a few letters...i restrtd my comp n den it worked fine...
shud i just reinstall firefox...
anxiously waitin a rply....

nlmisra

hey..
sry 2 come down on u guys...but am stil waitin 4 a solution 2 my prob
thnx

Member Panel

Sponsors and Ads

Join the Team

Live Tag Cloud