A naked XP!! You were a sitting duck for this!! It is just FOOLHARDY to not have SP2. So now you've got worms.
=Rename the Hijackthis.exe to imabunny.exe.
=Please download HostsXpert v4 from: http://www.funkytoad.com/content/view/13/31/ and extract it to your Desktop.
=Click the Restore MS Hosts Button and then click OK and exit HostsXpert.

==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Okay, please run HT again and repost with the fixwareout and combofix logs.

==============================
Hi,

As per your instructions I had downloded both i.e. HostsXpert & ComboFix.exe. But the problem is whenever I click the restore MS
Hosts Button and click OK - A Error messsage comes out "(Cannot create file C:\WINNT\system32\DRIVERS\ETC\host)".
I tried for several time but the same error msg.

Milan Hazra

Something has locked your Hosts file, possibly an application, possibly the pest. Unlock hosts exists in Zonealarm, firewall, advanced, or Spybot.
In Spybot, click Tools,Hosts File, uncheck "Lock Hosts file read-only as protection against hijackers"
Or just...[ but a Spybot setting may over-ride this command....] do this:
Go Start, run, type cmd -press Enter. Paste this line into the window at the prompt, press Enter, close the window.

attrib -r -h -s %SystemRoot%\system32\drivers\etc\HOSTS

Now try HostsXpert.

Here are the log files of HijakThis & ComboFix.exe

==================================ComboFix 07-08-17.2 - "Milan Hazra" 08/23/2007 19:48:16.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.0.1252.1.1033.18.72 [GMT 5.5:30]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINNT\system32\ddccb.dll
C:\WINNT\system32\jkkll.dll
C:\WINNT\system32\mllmn.dll
C:\WINNT\system32\muwdsvqg.dll
C:\WINNT\system32\ybadd.bak2
C:\WINNT\system32\ybadd.ini2
C:\WINNT\system32\ybadd.tmp


((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 )))))))))))))))))))))))))))))))


2007-08-23 19:46 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-22 18:34 7,008 --a------ C:\WINNT\system\SETUPKIT.DLL
2007-08-22 18:34 398,416 --a------ C:\WINNT\system\VBRUN300.DLL
2007-08-22 18:07 5,221,441 --------- C:\AVG7QT.DAT
2007-08-22 18:06 217,110 -r-hs---- C:\AVG7DB_F.DAT
2007-08-22 18:04 18,720 --a------ C:\WINNT\system32\drivers\avg7rsnt.sys
2007-08-21 23:05 236,032 --a------ C:\WINNT\system32\bbot.exe
2007-08-21 17:52 <DIR> dr------- C:\WINNT\Offline Web Pages
2007-08-21 17:49 94,480 --a------ C:\WINNT\system32\msencode.dll
2007-08-21 17:49 72,464 --a------ C:\WINNT\system32\actxprxy.dll
2007-08-21 17:49 62,976 --a------ C:\WINNT\system32\inetcplc.dll
2007-08-21 17:49 58,368 --a------ C:\WINNT\system32\mshtmler.dll
2007-08-21 17:49 58,128 --a------ C:\WINNT\system32\iesetup.dll
2007-08-21 17:49 553,232 --a------ C:\WINNT\system32\comctl32.dll
2007-08-21 17:49 523,024 --a------ C:\WINNT\system32\mlang.dll
2007-08-21 17:49 46,352 --a------ C:\WINNT\system32\digest.dll
2007-08-21 17:49 38,672 --a------ C:\WINNT\system32\msident.dll
2007-08-21 17:49 35,328 --a------ C:\WINNT\system32\browselc.dll
2007-08-21 17:49 332,288 --a------ C:\WINNT\system32\shdoclc.dll
2007-08-21 17:49 31,504 --a------ C:\WINNT\system32\imgutil.dll
2007-08-21 17:49 29,968 --a------ C:\WINNT\system32\mshta.exe
2007-08-21 17:49 245,520 --a------ C:\WINNT\system32\msieftp.dll
2007-08-21 17:49 21,776 --a------ C:\WINNT\system32\shfolder.dll
2007-08-21 17:49 18,704 --a------ C:\WINNT\system32\sendmail.dll
2007-08-21 17:49 14,848 --a------ C:\WINNT\system32\msidntld.dll
2007-08-20 21:37 236,032 --a------ C:\WINNT\system32\spbb.exe
2007-08-20 21:36 8,192 --a------ C:\WINNT\system32\psvc.exe
2007-08-20 21:36 42,496 --a------ C:\WINNT\system32\gate.exe
2007-08-17 08:36 <DIR> d-------- C:\Program Files\CCleaner
2007-08-16 23:23 236,032 --a------ C:\WINNT\system32\spools.exe
2007-08-16 23:21 56,832 --a------ C:\WINNT\system32\mmsvc32.exe
2007-08-15 07:20 56,832 --a------ C:\WINNT\system32\mmf32.exe
2007-08-14 22:55 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
2007-08-12 04:04 83,208 --a------ C:\WINNT\system32\S32EVNT1.DLL
2007-08-12 04:04 82,136 --a------ C:\WINNT\system32\drivers\SYMEVENT.SYS
2007-08-12 04:04 2,397 --a------ C:\WINNT\system32\drivers\symlcbrd.sys
2007-08-12 04:04 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-08-12 04:03 <DIR> d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\Symantec
2007-08-12 04:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-10 11:00 34,578 --a------ C:\WINNT\system32\drivers\NPDRIVER.SYS
2007-08-10 10:58 <DIR> d-------- C:\Program Files\Symantec
2007-08-10 10:58 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-10 06:33 <DIR> d-------- C:\Program Files\WindowsUpdate
2007-08-10 06:32 <DIR> d-------- C:\WINNT\SoftwareDistribution
2007-08-10 05:16 1,635 --a------ C:\nordm.exe
2007-08-09 06:12 46,482 --a------ C:\my2.exe
2007-08-09 05:19 <DIR> d-------- C:\Program Files\RegCleaner
2007-08-07 05:00 <DIR> d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\SlimBrowser
2007-08-06 21:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-06 11:37 476,320 --a------ C:\WINNT\system32\ImagXpr7.dll
2007-08-06 11:37 471,040 --a------ C:\WINNT\system32\ImagXRA7.dll
2007-08-06 11:37 38,912 --a------ C:\WINNT\system32\picn20.dll
2007-08-06 11:37 364,544 --a------ C:\WINNT\system32\TwnLib4.dll
2007-08-06 11:37 262,144 --a------ C:\WINNT\system32\ImagXR7.dll
2007-08-06 11:37 106,496 --a------ C:\WINNT\system32\TwnLib20.dll
2007-08-06 11:37 1,568,768 --a------ C:\WINNT\system32\ImagX7.dll
2007-08-06 11:36 155,648 --a------ C:\WINNT\system32\NeroCheck.exe
2007-08-06 11:36 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-08-06 11:36 <DIR> d-------- C:\Program Files\Ahead
2007-08-06 07:37 74,752 --a------ C:\WINNT\ST6UNST.EXE
2007-08-06 07:37 26,897 --a------ C:\WINNT\SETUP1.EXE
2007-07-31 19:16 <DIR> d-------- C:\WINNT\Adobe Illustrator CS
2007-07-30 01:11 19,808 --a------ C:\WINNT\system\DDRAW16.DLL
2007-07-30 01:11 16,896 --a------ C:\WINNT\system32\DDHELP.EXE
2007-07-30 01:06 2,560 --a------ C:\WINNT\_MSRSTRT.EXE
2007-07-30 00:52 610,304 --a------ C:\WINNT\system32\AVViewer.dll
2007-07-30 00:52 40,960 --a------ C:\WINNT\system32\StaticIm.dll
2007-07-30 00:52 28,672 --a------ C:\WINNT\system32\VService.dll
2007-07-30 00:20 5,600 --a------ C:\WINNT\system\winaspi.dll
2007-07-30 00:20 48,128 --a------ C:\WINNT\system32\wnaspi32.dll
2007-07-30 00:20 4,672 --a------ C:\WINNT\system\wowpost.exe
2007-07-30 00:20 23,936 --a------ C:\WINNT\system32\drivers\aspi32.sys
2007-07-29 23:39 66,048 --a------ C:\WINNT\system32\unam4ie.exe
2007-07-29 23:39 53,248 --a------ C:\WINNT\system32\mspmspsv.exe
2007-07-29 23:39 52,720 --a------ C:\WINNT\system32\drivers\cdr4_2k.sys
2007-07-29 23:39 5,120 --a------ C:\WINNT\system32\msdxmlc.dll
2007-07-29 23:39 466,944 --a------ C:\WINNT\system32\wmv8dmoe.dll
2007-07-29 23:39 45,056 --a------ C:\WINNT\system32\wmplenc.dll
2007-07-29 23:39 45,056 --a------ C:\WINNT\system32\cdrtc.dll
2007-07-29 23:39 45,056 --a------ C:\WINNT\system32\cdral.dll
2007-07-29 23:39 446,464 --a------ C:\WINNT\system32\wmvdmoe.dll
2007-07-29 23:39 368,710 --a------ C:\WINNT\system32\msisam11.dll
2007-07-29 23:39 352,256 --a------ C:\WINNT\system32\lyrasp.dll
2007-07-29 23:39 335,360 --a------ C:\WINNT\system32\wmstream.dll
2007-07-29 23:39 32,768 --a------ C:\WINNT\system32\asferror.dll
2007-07-29 23:39 309,584 --a------ C:\WINNT\system32\wmv8dmod.dll
2007-07-29 23:39 278,016 --a------ C:\WINNT\system32\vct3216.dll
2007-07-29 23:39 241,725 --a------ C:\WINNT\system32\msuni11.dll
2007-07-29 23:39 24,064 --a------ C:\WINNT\system32\wmdmlog.dll
2007-07-29 23:39 221,184 --a------ C:\WINNT\system32\msscp.dll
2007-07-29 23:39 22,585 --a------ C:\WINNT\system32\drivers\cdralw2k.sys
2007-07-29 23:39 188,416 --a------ C:\WINNT\system32\mspmsp.dll
2007-07-29 23:39 163,840 --a------ C:\WINNT\system32\mindex.dll
2007-07-29 23:39 16,384 --a------ C:\WINNT\system32\wmdmps.dll
2007-07-29 23:39 159,744 --a------ C:\WINNT\system32\mswmdm.dll
2007-07-29 23:39 147,456 --a------ C:\WINNT\system32\CEWMDM.dll
2007-07-29 23:39 118,784 --a------ C:\WINNT\system32\wmsdmoe.dll
2007-07-29 23:39 <DIR> d-------- C:\Program Files\Adaptec
2007-07-29 23:37 722,192 --a------ C:\WINNT\system32\VB40032.DLL
2007-07-29 23:37 <DIR> d-------- C:\WINNT\NPCommon


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

99-12-07 17:30 32528 --a------ C:\WINNT\inf\wbfirdma.sys
07-08-23 08:00 --------- d-------- C:\Program Files\IrfanView
07-08-16 11:33 --------- d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\TextPad
07-08-10 09:52 --------- d--h----- C:\Program Files\InstallShield Installation Information
07-08-05 08:17 --------- d-------- C:\Program Files\AGLOCO Viewbar
07-08-02 19:37 439 --ah----- C:\os755515.bin
07-07-23 08:03 18980 --a------ C:\WINNT\system32\ne1.exe
07-07-19 07:36 --------- d--h----- C:\Program Files\Zenographics
07-07-19 07:36 --------- d-------- C:\Program Files\Hewlett-Packard
07-07-17 15:59 --------- d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\MyPictures3D
07-07-16 09:04 --------- d-------- C:\Program Files\Common Files\River Past
07-07-16 09:04 --------- d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\River Past G5
07-07-16 05:41 --------- d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\Microsoft Web Folders
07-07-15 21:55 --------- d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\IrfanView
07-07-15 20:54 50688 --a------ C:\WINNT\system32\wbhelp2.dll
07-07-15 20:53 --------- d-------- C:\Program Files\Common Files\InstallShield
07-07-15 18:35 --------- d-------- C:\Program Files\Windows NT
07-07-15 18:35 --------- d-------- C:\Program Files\Accessories
07-07-15 18:27 --------- d-a------ C:\Program Files\Common Files\ODBC
07-07-15 17:12 --------- d-------- C:\Program Files\Common Files\SynEdit
07-07-15 15:55 --------- d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\Help
07-07-15 14:11 --------- d-------- C:\Program Files\Common Files\Nero
07-07-15 14:02 --------- d-------- C:\Program Files\VIAudioi
07-07-15 14:00 --------- d-------- C:\Program Files\S3
07-07-15 13:59 --------- d-------- C:\Program Files\VIA
07-07-15 13:08 --------- d-------- C:\Program Files\microsoft frontpage
07-07-15 13:07 271 ---h----- C:\Program Files\desktop.ini
07-07-15 13:07 1152 --ahs---- C:\zjvjavz3.sys
07-07-15 13:07 0 -rahs---- C:\MSDOS.SYS
07-07-15 13:07 0 -rahs---- C:\IO.SYS
07-07-15 13:07 0 ---h----- C:\CONFIG.SYS
07-07-15 13:07 0 ---h----- C:\AUTOEXEC.BAT
07-05-31 17:42 21656 --a------ C:\WINNT\system32\dopdfmn5.dll
07-05-31 17:42 17048 --a------ C:\WINNT\system32\dopdfmi5.dll
1999-12-07 12:00:00 1,344,512 --sha-r C:\WINNT\system32\svbhost.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68B716B5-A06F-4738-B07C-DE1244B3E0ED}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAB14E04-B709-4C3B-AFE0-501B55E43AE6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F762FB4D-4539-4FEC-B3D6-8D5F332DC67A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [99-12-07 17:30 C:\WINNT\system32\mobsync.exe]
"PCTVOICE"="pctspk.exe" [03-04-24 16:45 C:\WINNT\system32\pctspk.exe]
"PV92TRAY"="PV92Tray.exe" [03-04-24 17:05 C:\WINNT\system32\PV92Tray.exe]
"VTTimer"="VTTimer.exe" [05-03-08 01:03 C:\WINNT\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [06-03-23 13:32 C:\WINNT\system32\VTTrayp.exe]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [06-07-26 11:49 ]
"Viewbar"="C:\Program Files\AGLOCO Viewbar\Viewbar.exe" [07-07-20 23:05 ]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [06-01-30 21:30 ]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 10:50 ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03-08-15 06:29 ]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [03-08-17 23:33 ]
"Microsoft Network Services Controller"="C:\WINNT\System32\mmsvc32.exe" [07-08-22 22:12 ]
"Spools Service Controller"="C:\WINNT\System32\spools.exe" [07-08-22 22:14 ]
"AVG7_CC"="e:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [07-08-22 18:03 ]
"AVG7_EMC"="e:\PROGRA~1\Grisoft\AVG7\avgemc.exe" [07-08-22 18:03 ]
"AVG7_RegCleaner"="e:\PROGRA~1\Grisoft\AVG7\avgregcl.exe" [07-08-22 18:03 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-13 10:11:12]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 11:35:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjkhhe]
ljjkhhe.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared Anti-Dialer]
"E:\Program Files\a-squared Anti-Dialer\a2adguard.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_RegCleaner]
C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT

R0 videX32;videX32;C:\WINNT\System32\DRIVERS\videX32.sys
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINNT\System32\DRIVERS\xfilt.sys
R1 Avg7RsNT;AVG7 Rezident Driver;C:\WINNT\System32\Drivers\avg7rsnt.sys
R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINNT\System32\Drivers\NPDRIVER.SYS
S2 mshexdefx;ms hexidecimal defx;"C:\WINNT\system32\dllcache\ivchost.exe"
S3 GMSIPCI;GMSIPCI;\??\G:\INSTALL\GMSIPCI.SYS

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS

Contents of the 'Scheduled Tasks' folder
2007-08-11 22:51:26 C:\WINNT\Tasks\Norton AntiVirus - Scan my computer.job - C:\PROGRA~1\NORTON~1\Navw32.exe
2007-08-23 14:23:04 C:\WINNT\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-23 19:52:01
Windows 5.0.2195 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="D:/mysql/bin/mysqld-nt.exe"

Completion time: 2007-08-23 19:55:31 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-08-23 19:55

--- E O F ---


=====================================

Logfile of HijackThis v1.99.1
Scan saved at 8:05:25 PM, on 8/23/2007
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
e:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
e:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
D:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\pctspk.exe
C:\WINNT\System32\PV92Tray.exe
C:\WINNT\System32\VTTimer.exe
C:\WINNT\System32\VTtrayp.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\AGLOCO Viewbar\Viewbar.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
e:\Program Files\SlimBrowser\sbrowser.exe
e:\Program Files\SlimBrowser\sbrowser.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Documents and Settings\Milan Hazra\My Documents\HJT\hijackthis\imabunny.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68B716B5-A06F-4738-B07C-DE1244B3E0ED} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EAB14E04-B709-4C3B-AFE0-501B55E43AE6} - (no file)
O2 - BHO: (no name) - {F762FB4D-4539-4FEC-B3D6-8D5F332DC67A} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINNT\System32\mmsvc32.exe
O4 - HKLM\..\Run: [Spools Service Controller] C:\WINNT\System32\spools.exe
O4 - HKLM\..\Run: [AVG7_CC] e:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] e:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] e:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - E:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Program Files\DAP\dapextie2.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: ljjkhhe - ljjkhhe.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ms hexidecimal defx (mshexdefx) - Unknown owner - C:\WINNT\system32\dllcache\ivchost.exe (file missing)
O23 - Service: MySql - Unknown owner - D:/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Please Reply !!!

You MUST uninstall either AVG or Norton resident AV services. Now. They interfere with each other. [To remove Norton you should use the cleanup tool from their website.]
Done that? Good, now start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O2 - BHO: (no name) - {68B716B5-A06F-4738-B07C-DE1244B3E0ED} - (no file)
O2 - BHO: (no name) - {EAB14E04-B709-4C3B-AFE0-501B55E43AE6} - (no file)
O2 - BHO: (no name) - {F762FB4D-4539-4FEC-B3D6-8D5F332DC67A} - (no file)
O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINNT\System32\mmsvc32.exe
O4 - HKLM\..\Run: [Spools Service Controller] C:\WINNT\System32\spools.exe
O20 - Winlogon Notify: ljjkhhe - ljjkhhe.dll (file missing)
O23 - Service: ms hexidecimal defx (mshexdefx) - Unknown owner - C:\WINNT\system32\dllcache\ivchost.exe (file missing)

Go start, run, type cmd -press Enter; paste this line into the window after the prompt, press Enter and close the window:

sc delete mshexdefx

Delete these files:
C:\WINNT\System32\mmsvc32.exe
C:\WINNT\System32\spools.exe
-if they play tough either do it in Safe mode or use this tool:
==This one is a general purpose deleter, Unlocker 1.8.5: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.

==Download SDFix from here: http://downloads.andymanchesta.com/R...ools/SDFix.exe
and save it to your desktop. Dclick SDFix.exe and choose Run to extract it to %systemdrive%, which commonly will be C:\
==Restart your computer in Safe Mode:- press F8 several times while POST is running and before IDE detection completes.
- On the Windows Advanced Options Menu, select Safe Mode and press Enter.
- When the Boot Menu appears again, select Microsoft Windows XP and press Enter.
- Log in by using the Administrator account and password. NOTE: The password is blank by default unless you set a password.
==Open the extracted SDFix folder, C:\SDFix and double click RunThis.bat to start the script. Type Y to begin the cleanup.
You will be prompted to press any key to Reboot - the pc will then restart.
The tool will run again and complete the removal process then display Finished; press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Restart the pc in normal mode. Post the contents of the file Report.txt here, along with the log of a fresh hijackthis scan run in normal mode plus your comments.

SDFix: Version 1.100

Run by Milan Hazra on Sun 08/26/2007 at 10:39a

Microsoft Windows 2000 [Version 5.00.2195]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
mshexdefx

ImagePath:
"C:\WINNT\system32\dllcache\ivchost.exe"

mshexdefx - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\NORDM.EXE - Deleted
C:\WINNT\system32\o - Deleted



Removing Temp Files...

ADS Check:

C:\WINNT
No streams found.

C:\WINNT\system32
No streams found.

C:\WINNT\system32\svchost.exe
No streams found.

C:\WINNT\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\WINNT\system32\svbhost.exe
C:\zjvjavz3.sys

Finished
======================
Logfile of HijackThis v1.99.1
Scan saved at 10:52:07 AM, on 8/26/2007
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
D:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\pctspk.exe
C:\WINNT\System32\PV92Tray.exe
C:\WINNT\System32\VTTimer.exe
C:\WINNT\System32\VTtrayp.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\AGLOCO Viewbar\Viewbar.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\a-squared Anti-Dialer\a2adguard.exe
C:\Documents and Settings\Milan Hazra\My Documents\HJT\hijackthis\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Program Files\a-squared Anti-Dialer\a2adguard.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - E:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Program Files\DAP\dapextie2.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: MySql - Unknown owner - D:/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Please Reply

Please delete these files:
C:\WINNT\system32\svbhost.exe
C:\zjvjavz3.sys
-you may do it in safe mode if they won't delete, else use this:
==This one is a general purpose deleter, Unlocker 1.8.5: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.
If you have the icons for those items but cllicking them does not work then dl this file, unzip it and dclick linkfile_fix.reg to run.
Please delete these files:
C:\WINNT\system32\svbhost.exe
C:\zjvjavz3.sys
-you may do it in safe mode if they won't delete, else use this:
==This one is a general purpose deleter, Unlocker 1.8.5: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.
If you have the icons for those items but cllicking them does not work then dl this file, unzip it and dclick linkfile_fix.reg to run.
http://www.dougknox.com/xp/fileassoc/linkfile_fix.zip