Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

hjt log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

hjt log

Unread postby chetanind2004 » February 21st, 2007, 11:00 am

Logfile of HijackThis v1.99.1
Scan saved at 6:53:59 PM, on 2/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\eScan\AVPMWrap.EXE
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\eScan\kavss.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\PROGRA~1\eScan\avpm.exe
C:\WINDOWS\system32\mgabg.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\PROGRA~1\eScan\AvpM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mwti.net/virusnews/virusalertd.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A75462F-1CC6-4E41-9810-04C0CD374DAF}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{82B3E95F-31D8-468E-A17A-80A850B2FBC2}: NameServer = 202.56.215.55 202.56.215.54
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\NavNT\rtvscan.exe
chetanind2004
Active Member
 
Posts: 3
Joined: February 21st, 2007, 10:08 am
Top
Advertisement
Register to Remove

Unread postby Elrond » February 21st, 2007, 2:40 pm

Hi chetanind2004

Welcome to Malware Removal Forum.

Your log looks clean. Can you please give me a description of your problems.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Top

Problem Description

Unread postby chetanind2004 » February 22nd, 2007, 6:44 am

Thanx for responce, the problem is

Once connected to the internet, after some time the connection gets disconnected automatically.
The icon tray at the bottom of Desktop changes color from blue to white
and then bliks/flashes 2-3 times.
After this if i disconnect the power supply to my modem, the DSL icon in the tray shd become red from green but it does not happen
and to start the internet connection i have to reboot the system

I have fully updated AVG Free, NAV Corporate Edition, E Scan and Spybot.
Scans from all these are negative that is NO Virus
Where as being a doctor my self I understand that this whole process is so recurrent it has to be a malicious code.

Pls hlp. I have no idea what I am dealing with.

I also have in my C drive a file '23990098.$$$' which is 0 KB ad a Notepad file 'PROGRAM.LOG'. R these to do something with the E Scan that is installed.
chetanind2004
Active Member
 
Posts: 3
Joined: February 21st, 2007, 10:08 am
Top

Unread postby Elrond » February 22nd, 2007, 11:27 am

Have you discussed the problem with your ISP? It sounds as if it could be a problem with the modem.
It is next to impossible to tell you what those two files are without knowing more about them.
If you wnat me to we can run some tests for malware but it will ientail some time use ofor both of us.

As I said your Hijackthis log is clean and any tests will be more complex both to run and to interpret. Same as with the deeper medical tests. Gives more info but needs more training and time do and interpret.Let me know what your ISP said and we will take it from there.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Top

Good Doctors

Unread postby chetanind2004 » February 28th, 2007, 9:45 am

Well gentlemen

Thanx for all the help.

It seems my problem saw u guys and disappeared in a couple of days.

Diseases see good doctors and some times vanish

Thanks again, keep up the good work
chetanind2004
Active Member
 
Posts: 3
Joined: February 21st, 2007, 10:08 am
Top

Unread postby Elrond » February 28th, 2007, 10:27 am

Glad to hear that the problem solved itself. :)

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Top
Advertisement
Register to Remove
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 431 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index