Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 10 of 10 Posts

·
Registered
Joined
·
222 Posts
Discussion Starter · #1 ·
My pc cd writer tray keeps coming out on its own many a times what could be the problem?
When writing with nero also it behaves the same way?

win xp(Prof), Intel P-III(800), original Intel m/b,256MB SDRAM.

Please help!
 

·
Retired Moderator
Joined
·
106,726 Posts
Another possibility is that the limit switch is failing.
 

·
Registered
Joined
·
222 Posts
Discussion Starter · #5 ·
Dear bonk please find below the HJT log file

Logfile of HijackThis v1.99.1
Scan saved at 7:12:34 PM, on 1/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\AntiVir PersonalEdition Classic\sched.exe
c:\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\sm56hlpr.exe
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
C:\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe,C:\WINDOWS\system32\NETSVCS.EXE
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\DisMgnt.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://mail.yahoo.com/"); (C:\Documents and Settings\G RAMESH\Application Data\Mozilla\Profiles\default\dif587gf.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\G RAMESH\Application Data\Mozilla\Profiles\default\dif587gf.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O6 "USB001" /M "Stylus C41"
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
O4 - HKLM\..\Run: [avgnt] "c:\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Do&wnload by ReGet Pro - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Pro - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - c:\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - c:\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
 

·
Banned
Joined
·
11,097 Posts
I would ask this be moved to the Security Section

If you think your post has got lost click on the red triangle on the right-hand side of your post and request your post be moved to the Security Section.
 

·
Retired Moderator
Joined
·
106,726 Posts
You have at least one piece of spyware, and what looks to be a Trojan, so I'll move you over to security.
 

·
Registered
Joined
·
9,396 Posts
For a start your problems have been made much worse by having two antivirus programs.. :rolleyes: ...they will offer very little if any protection.
I would uninstall Norton straight away!

After that.....
Update Antivir to make sure you have the very latest definitions and Run a full indepth system scan

Then.....

Download and install AVG Anti-Spyware 7.5 AVG ANTI-SPYWARE IS ONLY FOR SYSTEMS RUNNING WIN 2K and XP
(This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware)
1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
7. Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
8. Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
9. Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here. Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware as follows:
1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?" check all (default).
  • Under "Possibly unwanted software" check all (default).
  • Under "What to Scan?" make sure "Scan every file" is selected (default).
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response along with a new H/T log.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

Note: If AVG Anti-Spyware "crashes" or "hangs" during the scan, try scanning again by doing this:
1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.

2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.


;)
 

·
Registered
Joined
·
222 Posts
Discussion Starter · #9 ·
Dear $teve
I had uninstalled Norton and,
please find below log files of AVG Anti spy HJT.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:33:55 PM 1/9/2007

+ Scan result:

C:\WINDOWS\system32\ld101.tmp -> Downloader.Zlob.pw : Cleaned with backup (quarantined).
C:\Documents and Settings\G RAMESH\WinTask.exe -> Trojan.Enfal.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Winkrnl.exe -> Trojan.Enfal.d : Cleaned with backup (quarantined).
C:\Program Files\Media-Codec -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1142.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1373.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld169.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld16F7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1DE6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld20F1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld25B1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld268F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld285E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2DD4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld399E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld42A2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld46C5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld48BE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4C63.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4CDE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld50A2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld569A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5B8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5D70.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld60BE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6393.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld67A2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld69F7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6E9C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld73A3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7407.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld765A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7FAA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld83D6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld8543.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld8A7C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld90D0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9C02.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA4D7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA7CF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldAD05.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB00.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB2A3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldBB10.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldBB4F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldBD08.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldBEB6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC06A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC482.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC69F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC83.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC924.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldCD7A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldCD86.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldD332.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldD8A0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldEDD6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF061.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF21A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF328.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF4E1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF7A9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF925.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF9F2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldFB3C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldFB5F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldFE0D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldFED9.tmp -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 9:39:27 PM, on 1/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\AntiVir PersonalEdition Classic\sched.exe
c:\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\sm56hlpr.exe
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
C:\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe,C:\WINDOWS\system32\NETSVCS.EXE
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\DisMgnt.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://mail.yahoo.com/"); (C:\Documents and Settings\G RAMESH\Application Data\Mozilla\Profiles\default\dif587gf.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\G RAMESH\Application Data\Mozilla\Profiles\default\dif587gf.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O6 "USB001" /M "Stylus C41"
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
O4 - HKLM\..\Run: [avgnt] "c:\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Do&wnload by ReGet Pro - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Pro - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - c:\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - c:\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
 
1 - 10 of 10 Posts
Status
Not open for further replies.
Top