reformated to remove new win32 virus ,still keeps coming back

Question

msfcool 0 Newbie Poster

15 Years Ago

hi

i am facing this new virus name new win32, i reformated my hard disk to remove it but still it keeps coming back...i do not why ,

and one more thing how this virus is coming because of internet ,or some other reason...just i want to know it

BUT important thing is after formating my hard disk also it is coming back ..please any one help me..rite now i am not in a mood to buy a new hard disk

thank u

windows-virus

5 Contributors
17 Replies
278 Views
2 Years Discussion Span
Latest Post 13 Years Ago Latest Post by jholland1964

All 17 Replies

crunchie 990 Most Valuable Poster

15 Years Ago

Are you doing a reformat, or simply installing the OS over the top of the original installation?
You must do a full reformat.

==

Download HijackThis Executable from here. Save it to your desktop.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.

crunchie 990 Most Valuable Poster

15 Years Ago

Lets see if we can remove the virus first and worry about formatting later :).

Please , also try to use correct English as it can be difficult for those of us who do not understand the abbreviations :D. Thanks.

==

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

==

Please download ComboFix by sUBs from HERE or HERE

You must download it to and run it from your Desktop
Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Post new HJT log.

OlyComputers 110 Practically a Master Poster

15 Years Ago

It's coming from one of two places:
Your own hard drive if you didn't properly format.
Or you could be infected by another system on your network (you said something about another network computer, but I couldn't really make it out first thing in the morning).

As far as virus removal vs. reformat... I always advocate removal and reinstall as a last resort, but if he has just reinstalled the OS and lost everything anyway he might not have anything to lose from doing a nice clean format and reinstall.

If you do want to pursue a reformat, it will be an option during instalation. It should (depending on the version of windows you're installing) give you the options to format, quick format, or leave partition as is. You can also hit D at the partition selection portion to delete the existing partition completely and then create a new one in the free space, this will guarantee a clean format.

crunchie 990 Most Valuable Poster

15 Years Ago

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

C:\WINDOWS\system32\woasick.dll
C:\WINDOWS\system32\quaryfy.dll
C:\WINDOWS\system32\quaryfyk.exe
C:\WINDOWS\system32\verptw.dll
C:\WINDOWS\system32\verptwk.exe
C:\WINDOWS\system32\dllcache\hwxjpn.dll
C:\WINDOWS\system32\erjxakin.sys
C:\WINDOWS\system32\tuker.dll
C:\WINDOWS\system32\snfybbyt.sys
C:\WINDOWS\system32\iujraler.sys
C:\WINDOWS\system32\xsdjbbmp.sys
C:\WINDOWS\system32\rnmxajkl.sys
C:\WINDOWS\system32\aoqnabib.sys
C:\WINDOWS\system32\smdsbsrv.sys

=========

Go to Add/Remove programs and uninstall the following, if present:

NavExcel Search Toolbar
NavHelper

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

=========

A. Please RUN HijackThis Click the SCAN button to produce a log.
Place a check mark beside each one of the following items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll

O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll

O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll (file missing)
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O21 - SSODL: mstimewd - {00180018-0018-0018-0018-00180018BB15} - C:\WINDOWS\system32\mstimewd.dll
Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.
B. 1. Please open Notepad Click Start , then Run
Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\WINDOWS\system32\hmsdvf.dll
C:\WINDOWS\system32\mstimewd.dll
Folder::
C:\Program Files\NavExcel Search Toolbar

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), pleasere-enable all the programs that were disabled during the running of ComboFix then post the following reports/logs into your next reply:Combofix.txt
A new HijackThis log.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

crunchie 990 Most Valuable Poster

15 Years Ago

I really need to see what those files are. * Please download F2T (Files To Text)

*Doubleclick

F2Ts.exe to start the program.
*Next to Path on top, copy and paste next line:

*C:\WINDOWS\system32\woasick.dll
*When done, press the GO button next to it.
*Then click the Select F2T-list button below to select the results.
*Right-click the selected text
*Click on "copy"
*Paste the copied text into your next reply.

Do the same for all these;

C:\WINDOWS\system32\quaryfy.dll
C:\WINDOWS\system32\quaryfyk.exe
C:\WINDOWS\system32\verptw.dll
C:\WINDOWS\system32\verptwk.exe
C:\WINDOWS\system32\dllcache\hwxjpn.dll
C:\WINDOWS\system32\erjxakin.sys
C:\WINDOWS\system32\tuker.dll
C:\WINDOWS\system32\snfybbyt.sys
C:\WINDOWS\system32\iujraler.sys
C:\WINDOWS\system32\xsdjbbmp.sys
C:\WINDOWS\system32\rnmxajkl.sys
C:\WINDOWS\system32\aoqnabib.sys
C:\WINDOWS\system32\smdsbsrv.sys

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

msfcool 0 Newbie Poster · Answer 1 · 2008-06-22T00:30:39+00:00

hi

well i think i am installing OS over my old version i think..can u show me how to reformat the system totaly ...do we have to do some physical changes like changing the jumper positio behind the hard disk...

as u said i have run that hijackthis program n here is the file...but i still cant figure it out how did this virus came in my system

here is the report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:03 AM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\agent\McRegWiz.Exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\quaryfyk.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?product=ssearch&src_id=316&client_id=4858E89001C8D2BC00523142&version=4.5.6.0&it=1213955952&loc=&qry=&url=about%3Ablank
O2 - BHO: tisqatyu.dll - {18093456-9012-4568-9076-908765467181} - C:\WINDOWS\system32\tisqatyu.dll
O2 - BHO: opshbbty.dll - {22596546-2036-9451-6058-658402589722} - C:\WINDOWS\system32\opshbbty.dll
O2 - BHO: rijxbkin.dll - {25FD6584-698F-BCD2-602C-698745210352} - C:\WINDOWS\system32\rijxbkin.dll
O2 - BHO: lassaplo.dll - {2B69874A-C58C-458D-69F0-698F874E41B2} - C:\WINDOWS\system32\lassaplo.dll
O2 - BHO: skqncbib.dll - {32023698-6984-8541-9654-698745012523} - C:\WINDOWS\system32\skqncbib.dll
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll
O2 - BHO: nhmxcjkl.dll - {37AC9076-C898-B098-D098-A18319080973} - C:\WINDOWS\system32\nhmxcjkl.dll
O2 - BHO: akjsckaq.dll - {3A908760-8000-4000-A000-9000322145A3} - C:\WINDOWS\system32\akjsckaq.dll
O2 - BHO: lijzclit.dll - {3C954872-1230-6541-9548-6541025884C3} - C:\WINDOWS\system32\lijzclit.dll
O2 - BHO: oswxdttb.dll - {43512378-9874-5641-1025-985420368734} - C:\WINDOWS\system32\oswxdttb.dll
O2 - BHO: mpwddapi.dll - {45694105-5108-9405-3695-954187462154} - C:\WINDOWS\system32\mpwddapi.dll
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - C:\WINDOWS\system32\zptlcsys.dll
O2 - BHO: ptjhehlp.dll - {528DF602-9541-A985-210A-984A698C6F25} - C:\WINDOWS\system32\ptjhehlp.dll
O2 - BHO: pjjxedwd.dll - {54FAE856-AD58-20CB-A025-CD4895FA6E45} - C:\WINDOWS\system32\pjjxedwd.dll
O2 - BHO: ozfyebyt.dll - {5A069845-2036-6084-9054-6087502480A5} - C:\WINDOWS\system32\ozfyebyt.dll
O2 - BHO: arjrcler.dll - {5C69034A-F45F-D34D-A33A-C33C4D324FC5} - C:\WINDOWS\system32\arjrcler.dll
O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware316\bin\Starware316.dll
O2 - BHO: zxmscwin.dll - {6A041F13-A111-12A3-B0CF-F99818AA68A6} - C:\WINDOWS\system32\zxmscwin.dll
O2 - BHO: apsgfjba.dll - {6FD45A54-9875-698F-E56E-65102358FDF6} - C:\WINDOWS\system32\apsgfjba.dll
O2 - BHO: mndsgsrv.dll - {77FD640A-158F-48AC-FD14-1597F14A9777} - C:\WINDOWS\system32\mndsgsrv.dll
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll
O2 - BHO: yxfhcjpg.dll - {83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38} - C:\WINDOWS\system32\yxfhcjpg.dll
O2 - BHO: mpmyhapi.dll - {8629FF4F-ACDB-5C90-A098-FACB3456A268} - C:\WINDOWS\system32\mpmyhapi.dll
O2 - BHO: ypdjgbmp.dll - {91954FAC-1023-154F-895A-1458258AD819} - C:\WINDOWS\system32\ypdjgbmp.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O2 - BHO: yzztjmsn.dll - {A490415F-65F8-B5C5-D8BA-9405FB12054A} - C:\WINDOWS\system32\yzztjmsn.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Starware Screensavers Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware316\bin\Starware316.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\McRegWiz.Exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4560A5A8-FCF0-4907-ACD4-C6E43892C33E}: NameServer = 202.144.105.4,202.144.10.50
O17 - HKLM\System\CS1\Services\Tcpip\..\{4560A5A8-FCF0-4907-ACD4-C6E43892C33E}: NameServer = 202.144.105.4,202.144.10.50
O17 - HKLM\System\CS2\Services\Tcpip\..\{4560A5A8-FCF0-4907-ACD4-C6E43892C33E}: NameServer = 202.144.105.4,202.144.10.50
O20 - AppInit_DLLs: nhmxcjkl.dll,skqncbib.dll,tisqatyu.dll,yzztjmsn.dll,arjrcler.dll,akjsckaq.dll quaryfy.dll woasick.dll
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6606 bytes

and one more thing

usualy this virus is coming back when i am connecting to internet but some time with out connection also it comes back.........well when it comes when connected to internet it comes as gif file in temp folders in local setting where internet temporary files r there.....n if not conected to internet it comes in systemvolume information donot know wat kind of file it

from where it is coming internet or som other reason...

day before yesterday it said that my client program which conect to internet got corupted download it again.....and yesterday it came that it found same ip address using by other system on the network....

i am confused n worried wat is happening to my system

msfcool 0 Newbie Poster · Answer 2 · 2008-06-22T20:27:53+00:00

hi

thanks for the information.i wil definately do that,

about my english i am really sorry i am little bad in it.:icon_cheesygrin:

i will send you the report tommorrow because right now i am not at my desktop,But one thing i wanted to know where the hell this virus is coming from :@

thank you
MSF

msfcool 0 Newbie Poster · Answer 3 · 2008-06-23T13:25:11+00:00

hi

thanks for showing me where this virus is coming from...well i read on macfee site that to disable the restore utility option. so i did it and after that this virus did not came back but as soon as i connected to internet it started troubling me back.

two weeks back i connected another hard disk to extract some data from it. i am in a doubt whether the virus came from that hard disk or another systm on the network...as i told before some days back i got information on my system that same ip address is being used by another system on the network....

but the hard disk which i connected last 2 weeks back it was little damaged ..the drives of that disk was not getting open easily ..i had to go to explorer to open that drives in that another hard disk.......

:S i am confused and worried that from where the virus had come

msfcool 0 Newbie Poster · Answer 4 · 2008-06-23T14:47:39+00:00

hi!

As you told me to run all those scan and send you the report s i have done them all and here are the results

1st malware byte result

Malwarebytes' Anti-Malware 1.18
Database version: 881
1:05:18 AM 6/23/2008
mbam-log-6-23-2008 (01-05-18).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 60337
Time elapsed: 21 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 36
Registry Keys Infected: 79
Registry Values Infected: 35
Registry Data Items Infected: 0
Folders Infected: 30
Files Infected: 153
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\sergy.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\ergfwe.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\tisqatyu.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\jfdses.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\wyrsdj.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\pedadt.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\hhrdxd.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\tfsdmz.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\cedafb.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\tdggrz.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\zgrjdx.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\fsrgeb.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\nhmxcjkl.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\skqncbib.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\yzztjmsn.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\arjrcler.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\akjsckaq.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\mnmhgsrv.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\opshbbty.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\zptlcsys.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\rijxbkin.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\ozfyebyt.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\apsgfjba.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\ypdjgbmp.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\yxfhcjpg.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\mpmyhapi.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\ptjhehlp.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\mndsgsrv.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\lassaplo.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\pjjxedwd.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\lijzclit.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\mpwddapi.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\yxcschlp.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\zxmscwin.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\oswxdttb.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\Program Files\Starware316\bin\Starware316.dll (Adware.Starware) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{18093456-9012-4568-9076-908765467181} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18093456-9012-4568-9076-908765467181} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{81af1cf6-d1c9-4c6a-ac01-ede54e71945b} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e51c0fd-ee36-434b-ad2a-fd1ff3731c38} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5e907a48-400e-4ea8-9792-ffae052d59e9} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{17dfd111-bf3a-4cb4-adb0-88fcbfe69821} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{875e07b1-0614-43d9-a76e-d76a28ab3d7b} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84143967-b645-4bff-b873-da1dc886e9a7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d165a2a-4bc1-4ca8-8299-08e05aaab5a4} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ea5d4b0e-b8ce-4761-8c7e-5d26369f0ec6} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37ac9076-c898-b098-d098-a18319080973} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37ac9076-c898-b098-d098-a18319080973} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{32023698-6984-8541-9654-698745012523} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32023698-6984-8541-9654-698745012523} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a490415f-65f8-b5c5-d8ba-9405fb12054a} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a490415f-65f8-b5c5-d8ba-9405fb12054a} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5c69034a-f45f-d34d-a33a-c33c4d324fc5} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5c69034a-f45f-d34d-a33a-c33c4d324fc5} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3a908760-8000-4000-a000-9000322145a3} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3a908760-8000-4000-a000-9000322145a3} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{22596546-2036-9451-6058-658402589722} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22596546-2036-9451-6058-658402589722} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{25fd6584-698f-bcd2-602c-698745210352} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25fd6584-698f-bcd2-602c-698745210352} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5a069845-2036-6084-9054-6087502480a5} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5a069845-2036-6084-9054-6087502480a5} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6fd45a54-9875-698f-e56e-65102358fdf6} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6fd45a54-9875-698f-e56e-65102358fdf6} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{91954fac-1023-154f-895a-1458258ad819} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91954fac-1023-154f-895a-1458258ad819} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{83ba45af-faaa-cddd-beee-bcde1234ab38} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ba45af-faaa-cddd-beee-bcde1234ab38} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8629ff4f-acdb-5c90-a098-facb3456a268} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8629ff4f-acdb-5c90-a098-facb3456a268} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{528df602-9541-a985-210a-984a698c6f25} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{528df602-9541-a985-210a-984a698c6f25} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{77fd640a-158f-48ac-fd14-1597f14a9777} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77fd640a-158f-48ac-fd14-1597f14a9777} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2b69874a-c58c-458d-69f0-698f874e41b2} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2b69874a-c58c-458d-69f0-698f874e41b2} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{54fae856-ad58-20cb-a025-cd4895fa6e45} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54fae856-ad58-20cb-a025-cd4895fa6e45} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3c954872-1230-6541-9548-6541025884c3} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3c954872-1230-6541-9548-6541025884c3} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45694105-5108-9405-3695-954187462154} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45694105-5108-9405-3695-954187462154} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6a041f13-a111-12a3-b0cf-f99818aa68a6} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a041f13-a111-12a3-b0cf-f99818aa68a6} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{43512378-9874-5641-1025-985420368734} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43512378-9874-5641-1025-985420368734} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ab3dfa03-f743-4302-81dd-c370bffeca23} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e550dc77-ef3b-474f-b59c-b3e2aa1fa6a5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{e550dc77-ef3b-474f-b59c-b3e2aa1fa6a5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sssinstaller.sinstaller (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a84e835e-1b9c-4fc0-980f-4b2da3c6a2a7} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a84e835e-1b9c-4fc0-980f-4b2da3c6a2a7} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sssinstaller.sinstaller.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sssinstaller.installer (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sssinstaller.installer.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0fbc3efb-fc98-4b32-bf10-bde9aa4dea5a} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6a4b7d17-1de9-4c14-8adf-eb4c07060519} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{abf441b2-9b57-4838-96a0-34b1cecd4aa5} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{74278296-0ec7-4f7a-ad55-eb7a2f35f311} (Adware.Comet) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\starware316 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Starware316 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SSSInstaller (Adware.Comet) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{18093456-9012-4568-9076-908765467181} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{81af1cf6-d1c9-4c6a-ac01-ede54e71945b} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1e51c0fd-ee36-434b-ad2a-fd1ff3731c38} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5e907a48-400e-4ea8-9792-ffae052d59e9} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{17dfd111-bf3a-4cb4-adb0-88fcbfe69821} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{875e07b1-0614-43d9-a76e-d76a28ab3d7b} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{84143967-b645-4bff-b873-da1dc886e9a7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4d165a2a-4bc1-4ca8-8299-08e05aaab5a4} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ea5d4b0e-b8ce-4761-8c7e-5d26369f0ec6} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{37ac9076-c898-b098-d098-a18319080973} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{32023698-6984-8541-9654-698745012523} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a490415f-65f8-b5c5-d8ba-9405fb12054a} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5c69034a-f45f-d34d-a33a-c33c4d324fc5} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3a908760-8000-4000-a000-9000322145a3} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{22596546-2036-9451-6058-658402589722} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{25fd6584-698f-bcd2-602c-698745210352} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5a069845-2036-6084-9054-6087502480a5} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6fd45a54-9875-698f-e56e-65102358fdf6} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{91954fac-1023-154f-895a-1458258ad819} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{83ba45af-faaa-cddd-beee-bcde1234ab38} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8629ff4f-acdb-5c90-a098-facb3456a268} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{528df602-9541-a985-210a-984a698c6f25} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{77fd640a-158f-48ac-fd14-1597f14a9777} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{2b69874a-c58c-458d-69f0-698f874e41b2} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{54fae856-ad58-20cb-a025-cd4895fa6e45} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3c954872-1230-6541-9548-6541025884c3} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{45694105-5108-9405-3695-954187462154} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6a041f13-a111-12a3-b0cf-f99818aa68a6} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{43512378-9874-5641-1025-985420368734} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Adware.Starware) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Starware316 (Adware.Starware) -> Delete on reboot.
C:\Program Files\Starware316\bin (Adware.Starware) -> Delete on reboot.
C:\Program Files\Starware316\icons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInstaller (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInstaller\bin (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\ActiveDesktop (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\ActiveDesktop\bin (Adware.Comet) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Screensavers (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Free_Credit_Score (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Free_Music (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Ringtones (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\sergy.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\ergfwe.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\tisqatyu.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\jfdses.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\wyrsdj.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\pedadt.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\hhrdxd.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\tfsdmz.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\cedafb.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\tdggrz.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\zgrjdx.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\fsrgeb.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\nhmxcjkl.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\skqncbib.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\yzztjmsn.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\arjrcler.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\akjsckaq.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\mnmhgsrv.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\opshbbty.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\zptlcsys.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\rijxbkin.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\ozfyebyt.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\apsgfjba.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\ypdjgbmp.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\yxfhcjpg.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\mpmyhapi.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\ptjhehlp.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\mndsgsrv.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\lassaplo.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\pjjxedwd.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\lijzclit.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\mpwddapi.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\yxcschlp.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\zxmscwin.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\oswxdttb.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\Starware316\bin\Starware316.dll (Adware.Starware) -> Delete on reboot.
C:\Program Files\Screensavers.com\SSSInstaller\bin\SSSInstaller.dll (Adware.Comet) -> Quarantined and deleted successfully.
C:\WINDOWS\linkinfo.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\vcmgcd32.dl_ (Virus.Sality) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcmgcd32.dll (Virus.Sality) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zdesfx.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cdralw.sys (Trojan.Alman) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f30.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f3B.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f3D.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f47.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f40.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f46.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f45.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f5B.tmp (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f49.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~fFF.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f8.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f4.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f7.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f9.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f21.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f5E.tmp (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f1E.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f24.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f5F.tmp (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f60.tmp (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f61.tmp (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f66.tmp (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f68.tmp (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f69.tmp (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f6D.tmp (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\0A23M56Y\30[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\0A23M56Y\11[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\0A23M56Y\27[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\0A23M56Y\32[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\X7CY2RHD\19[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\X7CY2RHD\8[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\X7CY2RHD\23[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\X7CY2RHD\28[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\X7CY2RHD\38[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\X7CY2RHD\42[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\EO2YQEHH\21[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\EO2YQEHH\15[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\I7ZUJQOJ\17[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\I7ZUJQOJ\25[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\I7ZUJQOJ\26[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\I7ZUJQOJ\31[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInstaller\bin\sinstaller3.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Starware316\Starware316Config.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware316\Starware316Uninstall.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware316\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSUninst.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInstaller\bin\screensavers.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\775_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\WeatherHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Ringtones0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Free_Credit_Score0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Free_Music0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Screensavers\ScreensaversOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Free_Music\Free_MusicOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Free_Music\Free_MusicOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Ringtones\RingtonesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Ringtones\RingtonesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\MicroSoft.pif (Trojan.Agent) -> Quarantined and deleted successfully.

2nd combofix one

ComboFix 08-06-20.4 - Sohail 2008-06-23 1:30:20.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.762 [GMT -7:00]
Running from: C:\Documents and Settings\Sohail\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\hmsdvf.dll
C:\WINDOWS\system32\asfjthj.dll
C:\WINDOWS\system32\xfgnfx.dll
C:\WINDOWS\system32\hgfhk.dll
C:\WINDOWS\system32\njritc.dll
C:\WINDOWS\system32\oqrthc.dll
C:\WINDOWS\system32\zdbdb.dll
C:\WINDOWS\system32\lariytrz.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\AppPatch\AcXtrnel.dll
C:\WINDOWS\AppPatch\Jview.dll
C:\WINDOWS\system32\asfjthj.dll.vir
C:\WINDOWS\system32\cgsqatyu.sys
C:\WINDOWS\system32\ddserh.dll
C:\WINDOWS\system32\ergfwe.dll
C:\WINDOWS\system32\fassaplo.sys
C:\WINDOWS\system32\fstlbsys.sys
C:\WINDOWS\system32\fzmsbwin.sys
C:\WINDOWS\system32\gajzalit.sys
C:\WINDOWS\system32\ghjyer.dll
C:\WINDOWS\system32\gjbhr.dll
C:\WINDOWS\system32\gpsgajba.sys
C:\WINDOWS\system32\hgfhk.cfg
C:\WINDOWS\system32\hgfhk.dll.vir
C:\WINDOWS\system32\hjk.dll
C:\WINDOWS\system32\ijsgajba.sys
C:\WINDOWS\system32\jashbbty.sys
C:\WINDOWS\system32\jkjkll.dll
C:\WINDOWS\system32\lariytrz.cfg
C:\WINDOWS\system32\lariytrz.dll.vir
C:\WINDOWS\system32\newxbttb.sys
C:\WINDOWS\system32\njritc.cfg
C:\WINDOWS\system32\njritc.dll.vir
C:\WINDOWS\system32\oqrthc.cfg
C:\WINDOWS\system32\oqrthc.dll.vir
C:\WINDOWS\system32\pmjhbhlp.sys
C:\WINDOWS\system32\sdjsakaq.sys
C:\WINDOWS\system32\sergy.dll
C:\WINDOWS\system32\smmhbsrv.sys
C:\WINDOWS\system32\spmybapi.sys
C:\WINDOWS\system32\spwdbapi.sys
C:\WINDOWS\system32\sqjsakaq.sys
C:\WINDOWS\system32\tiwxattb.sys
C:\WINDOWS\system32\toqnabib.sys
C:\WINDOWS\system32\ujkwet.dll
C:\WINDOWS\system32\wymxajkl.sys
C:\WINDOWS\system32\xfgnfx.cfg
C:\WINDOWS\system32\xfgnfx.dll.vir
C:\WINDOWS\system32\xfztbmsn.sys
C:\WINDOWS\system32\xzcsbhlp.sys
C:\WINDOWS\system32\xzfhbjpg.sys
C:\WINDOWS\system32\ysjxbdwd.sys
C:\WINDOWS\system32\zdbdb.cfg
C:\WINDOWS\system32\zdbdb.dll.vir
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 )))))))))))))))))))))))))))))))
.
2008-06-23 00:34 . 2008-06-23 00:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-23 00:34 . 2008-06-23 00:34 <DIR> d-------- C:\Documents and Settings\Sohail\Application Data\Malwarebytes
2008-06-23 00:34 . 2008-06-23 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-23 00:34 . 2008-06-19 17:55 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-23 00:34 . 2008-06-19 17:55 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-22 23:22 . 2008-06-22 23:22 <DIR> d-------- C:\Documents and Settings\Sohail\Application Data\Ulead Systems
2008-06-22 23:21 . 2008-06-22 23:21 <DIR> d-------- C:\Program Files\NavExcel Search Toolbar
2008-06-22 23:21 . 2004-07-21 21:48 327,680 --a------ C:\WINDOWS\nxstinst.exe
2008-06-22 23:21 . 2008-06-22 23:21 57,344 --a------ C:\WINDOWS\remover.dll
2008-06-22 23:20 . 2008-06-22 23:21 <DIR> d-------- C:\Program Files\Burn4Free
2008-06-22 23:18 . 2008-06-22 23:18 <DIR> d-------- C:\Driver
2008-06-22 23:17 . 2008-06-22 23:17 <DIR> d-------- C:\Program Files\Ulead Systems
2008-06-22 23:17 . 2008-06-22 23:17 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-22 23:17 . 2008-06-22 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-22 23:17 . 2003-07-10 00:07 57,344 --------- C:\WINDOWS\dvdrgn.exe
2008-06-22 23:17 . 2008-06-22 23:22 74 --ah----- C:\WINDOWS\UCMDPPG.ETF
2008-06-22 23:17 . 2008-06-22 23:22 74 --ah----- C:\WINDOWS\ACLASS.DMF
2008-06-22 22:08 . 2008-06-22 22:08 25 --a------ C:\WINDOWS\cdplayer.ini
2008-06-22 22:07 . 2008-06-22 22:07 <DIR> d-------- C:\Program Files\Real
2008-06-22 22:07 . 2008-06-22 22:07 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-06-22 22:07 . 2008-06-22 22:07 <DIR> d-------- C:\Program Files\Common Files\Real
2008-06-22 21:55 . 2008-06-22 21:56 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-22 21:55 . 2008-06-22 21:56 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-06-22 21:55 . 2003-08-05 14:23 266,240 --a------ C:\WINDOWS\CMIUninstall.exe
2008-06-22 21:55 . 2003-07-22 11:15 225,280 --a------ C:\WINDOWS\CmiRmRedundDir.exe
2008-06-22 21:55 . 2002-10-18 15:56 28,672 --a------ C:\WINDOWS\CMIRmDriver.dll
2008-06-21 11:24 . 2008-06-21 11:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-21 11:18 . 2008-06-23 00:12 24,576 --a------ C:\WINDOWS\system32\woasick.dll
2008-06-21 11:18 . 2008-06-23 00:12 24,576 --a------ C:\WINDOWS\system32\quaryfy.dll
2008-06-21 11:18 . 2008-06-23 00:12 10,240 --a------ C:\WINDOWS\system32\quaryfyk.exe
2008-06-21 03:09 . 2008-06-23 00:12 28,672 --a------ C:\WINDOWS\system32\verptw.dll
2008-06-21 03:09 . 2008-06-21 03:08 11,264 --a------ C:\WINDOWS\system32\verptwk.exe
2008-06-20 12:08 . 2001-08-22 23:30 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-20 12:07 . 2004-08-03 12:26 2,134,528 --a------ C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-06-20 12:05 . 2008-06-20 12:05 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-06-20 12:05 . 2008-06-20 12:05 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-06-20 12:05 . 2008-06-20 12:05 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-06-20 12:05 . 2008-06-20 12:05 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-06-20 12:05 . 2008-06-20 12:05 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-06-20 12:05 . 2008-06-20 12:05 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-06-20 12:01 . 2007-12-10 14:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-06-20 12:01 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-06-20 03:23 . 2008-06-20 03:23 <DIR> d-------- C:\Program Files\McAfee
2008-06-20 03:23 . 2008-06-20 03:23 <DIR> d-------- C:\Documents and Settings\Sohail\Application Data\McAfee
2008-06-20 03:23 . 2002-03-13 08:50 23,296 --a------ C:\WINDOWS\system32\drivers\NaiFiltr.sys
2008-06-20 03:22 . 2008-06-20 03:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-20 03:21 . 2008-06-20 03:21 <DIR> d-------- C:\Program Files\McAfee.com
2008-06-20 03:21 . 2004-10-04 12:29 341,064 --a------ C:\WINDOWS\system32\mcinsctl.dll
2008-06-20 03:21 . 2004-09-07 06:14 279,624 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2008-06-20 02:48 . 2008-06-20 02:48 <DIR> d-------- C:\Program Files\RegistryFix6
2008-06-19 15:46 . 2008-06-23 00:40 18,048 --a------ C:\WINDOWS\system32\drivers\eth8023.sys
2008-06-19 14:57 . 2008-06-19 14:57 <DIR> d---s---- C:\Documents and Settings\Sohail\UserData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 05:35 9,728 ----a-w C:\WINDOWS\AppPatch\AcSpecf.dll
2008-06-20 09:35 30 ----a-w C:\MicroSoft.bat
2008-06-20 09:35 186 ----a-w C:\MicroSoft.vbs
2008-06-19 22:46 27,136 ----a-w C:\WINDOWS\AppPatch\AcPlugin.dll
2008-06-19 06:37 --------- d-----w C:\Program Files\Sify Broadband
2008-06-19 06:31 --------- d-----w C:\Documents and Settings\Sohail\Application Data\Broadband
2008-06-19 06:24 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-19 06:14 --------- d-----w C:\Program Files\microsoft frontpage
2004-09-03 17:32 3,488 ----a-w C:\WINDOWS\inf\OTHER\CMIAINFO.SYS
2004-08-08 06:45 520 --sh--w C:\WINDOWS\system32\erjxakin.sys
2004-08-04 02:26 9,216 --sha-w C:\WINDOWS\system32\tuker.dll
2004-08-08 06:45 520 --sh--w C:\WINDOWS\system32\snfybbyt.sys
2004-08-08 06:45 520 --sh--w C:\WINDOWS\system32\iujraler.sys
2004-08-08 06:45 520 --sh--w C:\WINDOWS\system32\xsdjbbmp.sys
2004-08-08 06:45 520 --sh--w C:\WINDOWS\system32\rnmxajkl.sys
2004-08-08 06:45 520 --sh--w C:\WINDOWS\system32\aoqnabib.sys
2004-08-08 06:46 520 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97421D0D-E07F-40DF-8F07-99597B9585AD}]
2008-06-18 23:46 45056 --a------ C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D80C4E21-C346-4E21-8E64-20746AA20AEB}]
2008-06-22 23:21 331776 --a------ C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5AA06644-BC46-4220-A460-47A6EB47C96D}"= "C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll" [2008-06-22 23:21 331776]
[HKEY_CLASSES_ROOT\clsid\{5aa06644-bc46-4220-a460-47a6eb47c96d}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5AA06644-BC46-4220-A460-47A6EB47C96D}"= C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll [2008-06-22 23:21 331776]
[HKEY_CLASSES_ROOT\clsid\{5aa06644-bc46-4220-a460-47a6eb47c96d}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"="C:\Program Files\Sify Broadband\BBImpSec.exe" [2006-04-21 20:04 127085]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"McRegWiz"="C:\PROGRA~1\mcafee.com\agent\McRegWiz.Exe" [2004-07-29 14:55 139264]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 15:15 139264]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 16:55 180224]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2004-08-17 18:26 245760]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2004-10-02 16:34 184320]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Cmaudio"="cmicnfg.cpl,CMICtrlWnd" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-22 22:07 180269]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A9895933-6636-4281-BC58-EE6DE2AF96E3}"= C:\WINDOWS\system32\ddserh.dll [ ]
"{00180018-0018-0018-0018-00180018BB15}"= C:\WINDOWS\system32\mstimewd.dll [2001-06-23 00:12 919188]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"JavaView"= {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll [ ]
"ThunderAdvise"= {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll [2008-06-18 23:46 45056]
"mstimewd"= {00180018-0018-0018-0018-00180018BB15} - C:\WINDOWS\system32\mstimewd.dll [2001-06-23 00:12 919188]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
S2 cdralw;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys []
S3 eth8023;eth8023;C:\WINDOWS\system32\drivers\eth8023.sys [2008-06-23 00:40]
.
Contents of the 'Scheduled Tasks' folder
"2008-06-23 05:34:10 C:\WINDOWS\Tasks\McAfee.com Update Check (HOME-5CEA0A0A44-Sohail).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent.SohailPMcAfee SecurityCenter periodically checks for updates for your McAfee Services.
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 01:34:27
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHIELD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCREGWIZ.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2008-06-23 1:35:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-23 08:35:00
Pre-Run: 6,019,162,112 bytes free
Post-Run: 6,074,253,312 bytes free
224

3rd the fresh hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:31 AM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\agent\McRegWiz.Exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Down

msfcool 0 Newbie Poster · Answer 5 · 2008-06-23T14:55:45+00:00

i have saved my all important data in set of dvds

next time when i store them when system is fine does this virus will come back or the data will be safe.

if i am not wroung this virus is in my operating system...not on my other drives...

all other important documents which i stored are from other drives nnot from operating drive

so if i restore all the data back when my system is fine thus this virus will come back

msfcool 0 Newbie Poster · Answer 6 · 2008-06-26T03:23:34+00:00

hi

i am sorry i am replying late...there was net conection problem

well i cannot scan those files because uploading a file is a prblem for me i cannot upload any files.this problem is in gmail or yahoo too i cannot upload attachment but i can download..

this problem is there from begining of my net connection so i think this is problem in my net connection..

but the other result as combo fix after draging that txt file to it here is the log

ComboFix 08-06-20.4 - Sohail 2008-06-26 2:40:19.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.791 [GMT -7:00]
Running from: C:\Documents and Settings\Sohail\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sohail\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\hmsdvf.dll
C:\WINDOWS\system32\mstimewd.dll
.
The following files were disabled during the run:
C:\WINDOWS\system32\hmsdvf.dll
C:\WINDOWS\system32\asfjthj.dll
C:\WINDOWS\system32\hgfhk.dll
C:\WINDOWS\system32\njritc.dll
C:\WINDOWS\system32\oqrthc.dll
C:\WINDOWS\system32\zdbdb.dll
C:\WINDOWS\system32\lariytrz.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\61QRSNIP\cnsminex_empty[1].htm
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\CLC90NIH\cnsminex_empty[1].htm
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\O8UROY1P\cnsminex_empty[1].htm
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\O8UROY1P\cnsminex_empty[2].htm
C:\WINDOWS\AppPatch\AcXtrnel.dll
C:\WINDOWS\AppPatch\Jview.dll
C:\WINDOWS\linkinfo.dll
C:\WINDOWS\system32\asfjthj.dll.vir
C:\WINDOWS\system32\cedafb.dll
C:\WINDOWS\system32\ddserh.dll
C:\WINDOWS\system32\drivers\cdralw.sys
C:\WINDOWS\system32\ergfwe.dll
C:\WINDOWS\system32\fsrgeb.dll
C:\WINDOWS\system32\ghjyer.dll
C:\WINDOWS\system32\gjbhr.dll
C:\WINDOWS\system32\hgfhk.cfg
C:\WINDOWS\system32\hgfhk.dll.vir
C:\WINDOWS\system32\hhrdxd.dll
C:\WINDOWS\system32\hjk.dll
C:\WINDOWS\system32\hmsdvf.dll.vir
C:\WINDOWS\system32\jkjkll.dll
C:\WINDOWS\system32\lariytrz.cfg
C:\WINDOWS\system32\lariytrz.dll.vir
C:\WINDOWS\system32\mstimewd.dll
C:\WINDOWS\system32\njritc.cfg
C:\WINDOWS\system32\njritc.dll.vir
C:\WINDOWS\system32\oqrthc.cfg
C:\WINDOWS\system32\oqrthc.dll.vir
C:\WINDOWS\system32\sergy.dll
C:\WINDOWS\system32\tdggrz.dll
C:\WINDOWS\system32\tfsdmz.dll
C:\WINDOWS\system32\ujkwet.dll
C:\WINDOWS\system32\wyrsdj.dll
C:\WINDOWS\system32\zdbdb.cfg
C:\WINDOWS\system32\zdbdb.dll.vir
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CDRALW
-------\Service_cdralw

((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.
2008-06-25 20:17 . 2008-06-26 00:22 28,672 --a------ C:\WINDOWS\system32\weblso.dll
2008-06-25 20:17 . 2008-06-25 20:17 24,576 --a------ C:\WINDOWS\system32\mrsingd.dll
2008-06-25 20:17 . 2008-06-25 20:17 11,264 --a------ C:\WINDOWS\system32\weblsok.exe
2008-06-25 16:53 . 2008-06-25 16:53 28,672 --a------ C:\WINDOWS\system32\qflxs.dll
2008-06-25 16:53 . 2008-06-26 00:22 24,576 --a------ C:\WINDOWS\system32\womsoy.dll
2008-06-25 16:53 . 2008-06-25 16:53 24,576 --a------ C:\WINDOWS\system32\hellodon.dll
2008-06-25 16:53 . 2008-06-25 16:53 11,264 --a------ C:\WINDOWS\system32\hellodonk.exe
2008-06-25 12:45 . 2008-06-25 12:45 229,376 --ah----- C:\WINDOWS\system32\pedadt.dll
2008-06-25 12:45 . 2008-06-25 12:45 218,624 --ah----- C:\WINDOWS\system32\zgrjdx.dll
2008-06-25 12:45 . 2008-06-26 00:22 24,576 --a------ C:\WINDOWS\system32\yitalle.dll
2008-06-25 12:45 . 2008-06-26 00:22 10,240 --a------ C:\WINDOWS\system32\yitallek.exe
2008-06-24 15:33 . 2008-06-24 20:09 10,022 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-24 15:31 . 2008-06-24 15:31 <DIR> d-------- C:\Program Files\DivX
2008-06-23 21:32 . 2008-06-23 21:32 <DIR> d-------- C:\Documents and Settings\Sohail\Application Data\Yahoo!
2008-06-23 21:31 . 2008-06-23 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-23 21:28 . 2008-06-23 21:28 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-23 18:54 . 2008-06-23 18:54 <DIR> d-------- C:\Documents and Settings\Sohail\Application Data\CyberLink
2008-06-23 18:53 . 2008-06-23 18:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-23 18:52 . 2008-06-23 18:52 <DIR> d-------- C:\Program Files\CyberLink
2008-06-23 01:35 . 2008-06-23 01:35 <DIR> d--hs---- C:\Recycled
2008-06-23 00:34 . 2008-06-23 00:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-23 00:34 . 2008-06-23 00:34 <DIR> d-------- C:\Documents and Settings\Sohail\Application Data\Malwarebytes
2008-06-23 00:34 . 2008-06-23 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-23 00:34 . 2008-06-19 17:55 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-23 00:34 . 2008-06-19 17:55 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-22 23:22 . 2008-06-22 23:22 <DIR> d-------- C:\Documents and Settings\Sohail\Application Data\Ulead Systems
2008-06-22 23:20 . 2008-06-22 23:21 <DIR> d-------- C:\Program Files\Burn4Free
2008-06-22 23:18 . 2008-06-22 23:18 <DIR> d-------- C:\Driver
2008-06-22 23:17 . 2008-06-22 23:17 <DIR> d-------- C:\Program Files\Ulead Systems
2008-06-22 23:17 . 2008-06-22 23:17 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-22 23:17 . 2008-06-22 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-22 23:17 . 2003-07-10 00:07 57,344 --------- C:\WINDOWS\dvdrgn.exe
2008-06-22 23:17 . 2008-06-23 06:18 74 --ah----- C:\WINDOWS\UCMDPPG.ETF
2008-06-22 23:17 . 2008-06-24 13:59 74 --ah----- C:\WINDOWS\ACLASS.DMF
2008-06-22 22:08 . 2008-06-23 05:25 50 --a------ C:\WINDOWS\cdplayer.ini
2008-06-22 22:07 . 2008-06-22 22:07 <DIR> d-------- C:\Program Files\Real
2008-06-22 22:07 . 2008-06-22 22:07 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-06-22 22:07 . 2008-06-22 22:07 <DIR> d-------- C:\Program Files\Common Files\Real
2008-06-22 21:55 . 2008-06-22 21:56 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-22 21:55 . 2008-06-22 21:56 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-06-22 21:55 . 2003-08-05 14:23 266,240 --a------ C:\WINDOWS\CMIUninstall.exe
2008-06-22 21:55 . 2003-07-22 11:15 225,280 --a------ C:\WINDOWS\CmiRmRedundDir.exe
2008-06-22 21:55 . 2002-10-18 15:56 28,672 --a------ C:\WINDOWS\CMIRmDriver.dll
2008-06-21 11:24 . 2008-06-21 11:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-21 11:18 . 2008-06-23 00:12 24,576 --a------ C:\WINDOWS\system32\woasick.dll
2008-06-21 11:18 . 2008-06-23 23:11 24,576 --a------ C:\WINDOWS\system32\quaryfy.dll
2008-06-21 11:18 . 2008-06-23 23:11 10,240 --a------ C:\WINDOWS\system32\quaryfyk.exe
2008-06-21 03:09 . 2008-06-23 00:12 28,672 --a------ C:\WINDOWS\system32\verptw.dll
2008-06-21 03:09 . 2008-06-21 03:08 11,264 --a------ C:\WINDOWS\system32\verptwk.exe
2008-06-20 12:08 . 2001-08-22 23:30 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-20 12:07 . 2004-08-03 12:26 2,134,528 --a------ C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-06-20 12:05 . 2008-06-20 12:05 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-06-20 12:05 . 2008-06-20 12:05 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-06-20 12:05 . 2008-06-20 12:05 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-06-20 12:05 . 2008-06-20 12:05 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-06-20 12:05 . 2008-06-20 12:05 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-06-20 12:05 . 2008-06-20 12:05 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-06-20 12:01 . 2007-12-10 14:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-06-20 12:01 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-06-20 11:52 . 2008-06-26 00:20 1,064,189,952 --a------ C:\WINDOWS\MEMORY.DMP
2008-06-20 03:23 . 2008-06-20 03:23 <DIR> d-------- C:\Program Files\McAfee
2008-06-20 03:23 . 2008-06-20 03:23 <DIR> d-------- C:\Documents and Settings\Sohail\Application Data\McAfee
2008-06-20 03:23 . 2002-03-13 08:50 23,296 --a------ C:\WINDOWS\system32\drivers\NaiFiltr.sys
2008-06-20 03:22 . 2008-06-20 03:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-20 03:21 . 2008-06-20 03:21 <DIR> d-------- C:\Program Files\McAfee.com
2008-06-20 03:21 . 2004-10-04 12:29 341,064 --a------ C:\WINDOWS\system32\mcinsctl.dll
2008-06-20 03:21 . 2004-09-07 06:14 279,624 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2008-06-20 02:48 . 2008-06-20 02:48 <DIR> d-------- C:\Program Files\RegistryFix6
2008-06-19 15:46 . 2008-06-26 02:26 18,048 --a------ C:\WINDOWS\system32\drivers\eth8023.sys
2008-06-19 14:57 . 2008-06-19 14:57 <DIR> d---s---- C:\Documents and Settings\Sohail\UserData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 09:37 9,728 ----a-w C:\WINDOWS\AppPatch\AcSpecf.dll
2008-06-26 06:54 30 ----a-w C:\MicroSoft.bat
2008-06-26 06:54 186 ----a-w C:\MicroSoft.vbs
2008-06-19 22:46 27,136 ----a-w C:\WINDOWS\AppPatch\AcPlugin.dll
2008-06-19 06:37 --------- d-----w C:\Program Files\Sify Broadband
2008-06-19 06:31 --------- d-----w C:\Documents and Settings\Sohail\Application Data\Broadband
2008-06-19 06:24 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-19 06:14 --------- d-----w C:\Program Files\microsoft frontpage
2004-09-03 17:32 3,488 ----a-w C:\WINDOWS\inf\OTHER\CMIAINFO.SYS
2004-08-08 06:45 520 --sh--w C:\WINDOWS\system32\erjxakin.sys
2004-08-04 02:26 9,216 --sha-w C:\WINDOWS\system32\tuker.dll
2004-08-08 06:45 520 --sh--w C:\WINDOWS\system32\snfybbyt.sys
2004-08-08 06:45 520 --sh--w C:\WINDOWS\system32\iujraler.sys
2004-08-08 06:45 520 --sh--w C:\WINDOWS\system32\xsdjbbmp.sys
2004-08-08 06:45 520 --sh--w C:\WINDOWS\system32\rnmxajkl.sys
2004-08-08 06:45 520 --sh--w C:\WINDOWS\system32\aoqnabib.sys
2004-08-08 06:46 520 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-23_ 1.34.41.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-23 08:34:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-26 09:43:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-19 06:13:56 8,738 ----a-w C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
+ 2008-06-24 04:57:52 8,972 ----a-w C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
- 2008-06-19 06:13:52 86,327 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
+ 2008-06-24 04:59:02 86,327 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
- 2008-06-19 06:13:56 2,112 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2008-06-24 04:59:02 2,722 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2004-07-12 21:06:54 849,408 ----a-w C:\WINDOWS\system32\DivX.dll
+ 2004-07-12 21:06:50 206,848 ----a-w C:\WINDOWS\system32\divx_xx07.dll
+ 2004-07-12 21:06:50 206,336 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
+ 2004-07-12 21:06:52 206,848 ----a-w C:\WINDOWS\system32\divx_xx11.dll
+ 2004-07-12 21:06:52 89,600 ----a-w C:\WINDOWS\system32\divxdec_0407.dll
+ 2004-07-12 21:06:52 90,112 ----a-w C:\WINDOWS\system32\divxdec_040c.dll
+ 2004-07-12 21:06:52 89,600 ----a-w C:\WINDOWS\system32\divxdec_0411.dll
+ 2004-07-12 21:07:22 290,816 ----a-w C:\WINDOWS\system32\dpu10.dll
+ 2004-07-12 21:07:22 602,112 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
+ 2004-07-12 21:07:22 335,872 ----a-w C:\WINDOWS\system32\dpus10.dll
+ 2004-07-12 21:07:22 53,248 ----a-w C:\WINDOWS\system32\dpv10.dll
+ 2004-07-12 21:06:56 1,335,296 ----a-w C:\WINDOWS\system32\PSIKey.dll
+ 2004-07-12 21:07:22 3,375,104 ----a-w C:\WINDOWS\system32\qt-mt331.dll
+ 2004-07-12 21:07:20 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
+ 2006-12-02 05:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 05:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 05:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 05:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 07:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 07:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 07:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 07:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 07:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 07:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 07:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 07:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 07:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 07:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 07:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 07:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 07:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 07:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"="C:\Program Files\Sify Broadband\BBImpSec.exe" [2006-04-21 20:04 127085]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-05-27 21:58 4269296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"McRegWiz"="C:\PROGRA~1\mcafee.com\agent\McRegWiz.Exe" [2004-07-29 14:55 139264]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 15:15 139264]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 16:55 180224]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2004-08-17 18:26 245760]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2004-10-02 16:34 184320]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Cmaudio"="cmicnfg.cpl,CMICtrlWnd" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-22 22:07 180269]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A9895933-6636-4281-BC58-EE6DE2AF96E3}"= C:\WINDOWS\system32\ddserh.dll [ ]
"{00180018-0018-0018-0018-00180018BB15}"= C:\WINDOWS\system32\mstimewd.dll [ ]
"{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}"= C:\WINDOWS\system32\wyrsdj.dll [ ]
"{45AADFAA-DD36-42AB-83AD-0521BBF58C24}"= C:\WINDOWS\system32\zgrjdx.dll [2008-06-25 12:45 218624]
"{5E907A48-400E-4EA8-9792-FFAE052D59E9}"= C:\WINDOWS\system32\pedadt.dll [2008-06-25 12:45 229376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mstimewd"= {00180018-0018-0018-0018-00180018BB15} - C:\WINDOWS\system32\mstimewd.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
S3 eth8023;eth8023;C:\WINDOWS\system32\drivers\eth8023.sys [2008-06-26 02:26]
.
Contents of the 'Scheduled Tasks' folder
"2008-06-26 08:45:56 C:\WINDOWS\Tasks\McAfee.com Update Check (HOME-5CEA0A0A44-Sohail).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent.SohailPMcAfee SecurityCenter periodically checks for updates for your McAfee Services.
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 02:44:05
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\PROGRAM FILES\COMMON FILES\ULEAD SYSTEMS\DVD\ULCDRSVR.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHIELD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCREGWIZ.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
.
**************************************************************************
.
Completion time: 2008-06-26 2:44:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-26 09:44:40
ComboFix2.txt 2008-06-23 08:35:06
Pre-Run: 4,852,654,080 bytes free
Post-Run: 4,882,997,248 bytes free
271

and this is fresh log of HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:51:23 AM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\agent\McRegWiz.Exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\McRegWiz.Exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4560A5A8-FCF0-4907-ACD4-C6E43892C33E}: NameServer = 202.144.105.4,202.144.10.50
O17 - HKLM\System\CS1\Services\Tcpip\..\{4560A5A8-FCF0-4907-ACD4-C6E43892C33E}: NameServer = 202.144.105.4,202.144.10.50
O17 - HKLM\System\CS2\Services\Tcpip\..\{4560A5A8-FCF0-4907-ACD4-C6E43892C33E}: NameServer = 202.144.105.4,202.144.10.50
O21 - SSODL: mstimewd - {00180018-0018-0018-0018-00180018BB15} - C:\WINDOWS\system32\mstimewd.dll (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 4563 bytes

and one thing after all this process i found out one thing there is no virus coming when computer being normally opened but it is coming when i am connecting it to net..

and it is coming in to my temp folders in local settings

man i am getting sick doing this

msfcool 0 Newbie Poster · Answer 7 · 2008-06-26T23:25:23+00:00

hi

here the result of those file

before that 1 good newz ...rite now i am not geting any virus back even after i connect to internet also........so this mean my problem is solved and if it is solve can you please explain me what was actually wrong ..

i did try to read all the steps you showed me but still i am not getting what was exactly gone wrong .........................................it will be kind of you to tell me the problem

in between i was about to loose the patience and thought to reformat it gain but i thought when your are taking your precious time to help me to solve my problem then what is bad to do it

so really thanks

and ya here are the result

F2Ts version 1.1 (april 5, 2006)
Date: 6/26/2008 10:19:28 PM
F2Ts File-Properties of C:\WINDOWS\system32\woasick.dll
-------------------------------------------------------
No version available for this file
Company Name:
File Description:
Product version: File Version:
Internal Name:
Legal Copyright:
Original FileName:
Product Name:
Original FileName:Product Version:

F2Ts version 1.1 (april 5, 2006)
Date: 6/26/2008 10:20:09 PM
F2Ts File-Properties of C:\WINDOWS\system32\quaryfy.dll
-------------------------------------------------------
No version available for this file
Company Name:
File Description:
Product version: File Version:
Internal Name:
Legal Copyright:
Original FileName:
Product Name:
Original FileName:Product Version:

F2Ts version 1.1 (april 5, 2006)
Date: 6/26/2008 10:20:52 PM
F2Ts File-Properties of C:\WINDOWS\system32\quaryfyk.exe
-------------------------------------------------------
No version available for this file
Company Name:
File Description:
Product version: File Version:
Internal Name:
Legal Copyright:
Original FileName:
Product Name:
Original FileName:Product Version:
F2Ts version 1.1 (april 5, 2006)
Date: 6/26/2008 10:21:53 PM
F2Ts File-Properties of C:\WINDOWS\system32\verptw.dll
-------------------------------------------------------
No version available for this file
Company Name:
File Description:
Product version: File Version:
Internal Name:
Legal Copyright:
Original FileName:
Product Name:
Original FileName:Product Version:

F2Ts version 1.1 (april 5, 2006)
Date: 6/26/2008 10:22:53 PM
F2Ts File-Properties of C:\WINDOWS\system32\verptwk.exe
-------------------------------------------------------
No version available for this file
Company Name:
File Description:
Product version: File Version:
Internal Name:
Legal Copyright:
Original FileName:
Product Name:
Original FileName:Product Version:

F2Ts version 1.1 (april 5, 2006)
Date: 6/26/2008 10:23:32 PM
F2Ts File-Properties of C:\WINDOWS\system32\dllcache\hwxjpn.dll
-------------------------------------------------------
No version available for this file
Company Name:
File Description:
Product version: File Version:
Internal Name:
Legal Copyright:
Original FileName:
Product Name:
Original FileName:Product Version:
F2Ts version 1.1 (april 5, 2006)
Date: 6/26/2008 10:32:36 PM
F2Ts File-Properties of C:\WINDOWS\system32\erjxakin.sys
-------------------------------------------------------
No version available for this file
Company Name:
File Description:
Product version: File Version:
Internal Name:
Legal Copyright:
Original FileName:
Product Name:
Original FileName:Product Version:

F2Ts version 1.1 (april 5, 2006)
Date: 6/26/2008 10:33:34 PM
F2Ts File-Properties of C:\WINDOWS\system32\tuker.dll
-------------------------------------------------------
No version available for this file
Company Name:
File Description:
Product version: File Version:
Internal Name:
Legal Copyright:
Original FileName:
Product Name:
Original FileName:Product Version:
F2Ts version 1.1 (april 5, 2006)
Date: 6/26/2008 10:34:24 PM
F2Ts File-Properties of C:\WINDOWS\system32\snfybbyt.sys
-------------------------------------------------------
No version available for this file
Company Name:
File Description:
Product version: File Version:
Internal Name:
Legal Copyright:
Original FileName:
Product Name:
Original FileName:Product Version:

F2Ts version 1.1 (april 5, 2006)
Date: 6/26/2008 10:35:03 PM
F2Ts File-Properties of C:\WINDOWS\system32\iujraler.sys
-------------------------------------------------------
No version available for this file
Company Name:
File Description:
Product version: File Version:
Internal Name:
Legal Copyright:
Original FileName:
Product Name:
Original FileName:Product Version:

F2Ts version 1.1 (april 5, 2006)
Date: 6/26/2008 10:35:35 PM
F2Ts File-Properties of C:\WINDOWS\system32\xsdjbbmp.sys
-------------------------------------------------------
No version available for this file
Company Name:
File Description:
Product version: File Version:
Internal Name:
Legal Copyright:
Original FileName:
Product Name:
Original FileName:Product Version:

F2Ts version 1.1 (april 5, 2006)
Date: 6/26/2008 10:36:39 PM
F2Ts File-Properties of C:\WINDOWS\system32\rnmxajkl.sys
-------------------------------------------------------
No version available for this file
Company Name:
File Description:
Product version: File Version:
Internal Name:
Legal Copyright:
Original FileName:
Product Name:
Original FileName:Product Version:

F2Ts version 1.1 (april 5, 2006)
Date: 6/26/2008 10:37:21 PM
F2Ts File-Properties of C:\WINDOWS\system32\aoqnabib.sys
-------------------------------------------------------
No version available for this file
Company Name:
File Description:
Product version: File Version:
Internal Name:
Legal Copyright:
Original FileName:
Product Name:
Original FileName:Product Version:
F2Ts version 1.1 (april 5, 2006)
Date: 6/26/2008 10:38:28 PM
F2Ts File-Properties of C:\WINDOWS\system32\smdsbsrv.sys
-------------------------------------------------------
No version available for this file
Company Name:
File Description:
Product version: File Version:
Internal Name:
Legal Copyright:
Original FileName:
Product Name:
Original FileName:Product Version:

thanks oce again so should i think it is solved or not?

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 8 · 2008-06-27T15:54:32+00:00

1. Please open Notepad Click Start , then Run
Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
KillAll::

File::
C:\WINDOWS\system32\quaryfy.dll
C:\WINDOWS\system32\quaryfyk.exe
C:\WINDOWS\system32\verptw.dll
C:\WINDOWS\system32\verptwk.exe
C:\WINDOWS\system32\dllcache\hwxjpn.dll
C:\WINDOWS\system32\erjxakin.sys
C:\WINDOWS\system32\tuker.dll
C:\WINDOWS\system32\snfybbyt.sys
C:\WINDOWS\system32\iujraler.sys
C:\WINDOWS\system32\xsdjbbmp.sys
C:\WINDOWS\system32\rnmxajkl.sys
C:\WINDOWS\system32\aoqnabib.sys
C:\WINDOWS\system32\smdsbsrv.sysNote: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter youre-enable all the programs that were disabled during the running of ComboFix:Combofix.txt
A new HijackThis log.
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

msfcool 0 Newbie Poster · Answer 9 · 2008-07-01T11:11:52+00:00

hi!

i am sorry for replying late i was noy at home,

after three days when i open the the system or started the system again the virus came back after connecting to internet only

here are the virus are geting detected

C:\Documents and Settings\Sohail\Local Settings\Temp\4.gif
C:\Documents and Settings\Sohail\Local Settings\Temp\6.gif
C:\Documents and Settings\Sohail\Local Settings\Temp\7.gif
C:\Documents and Settings\Sohail\Local Settings\Temp\11.gif
C:\Documents and Settings\Sohail\Local Settings\Temp\12.gif
C:\Documents and Settings\Sohail\Local Settings\Temp\13.gif
C:\Documents and Settings\Sohail\Local Settings\Temp\14.gif
C:\Documents and Settings\Sohail\Local Settings\Temp\15.gif
C:\Documents and Settings\Sohail\Local Settings\Temp\17.gif
C:\Documents and Settings\Sohail\Local Settings\Temp\19.gif
C:\Documents and Settings\Sohail\Local Settings\Temp\21.gif
C:\Documents and Settings\Sohail\Local Settings\Temp\26.gif
C:\Documents and Settings\Sohail\Local Settings\Temp\28.gif
C:\Documents and Settings\Sohail\Local Settings\Temp\29.gif
C:\Documents and Settings\Sohail\Local Settings\Temp\31.gif
C:\Documents and Settings\Sohail\Local Settings\Temp\32.gif
C:\Documents and Settings\Sohail\Local Settings\Temp\33.gif
C:\Documents and Settings\Sohail\Local Settings\Temp\34.gif

C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\

and here is the log created after combo fix as you asked me to do it

ComboFix 08-06-20.4 - Sohail 2008-06-30 21:41:15.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.755 [GMT -7:00]
Running from: C:\Documents and Settings\Sohail\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sohail\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\aoqnabib.sys
C:\WINDOWS\system32\dllcache\hwxjpn.dll
C:\WINDOWS\system32\erjxakin.sys
C:\WINDOWS\system32\iujraler.sys
C:\WINDOWS\system32\quaryfy.dll
C:\WINDOWS\system32\quaryfyk.exe
C:\WINDOWS\system32\rnmxajkl.sys
C:\WINDOWS\system32\smdsbsrv.sys
C:\WINDOWS\system32\snfybbyt.sys
C:\WINDOWS\system32\tuker.dll
C:\WINDOWS\system32\verptw.dll
C:\WINDOWS\system32\verptwk.exe
C:\WINDOWS\system32\xsdjbbmp.sys
.
The following files were disabled during the run:
C:\WINDOWS\system32\tuker.dll
C:\WINDOWS\system32\ujkwet.dll
C:\WINDOWS\system32\asfjthj.dll
C:\WINDOWS\system32\hmsdvf.dll
C:\WINDOWS\system32\hgfhk.dll
C:\WINDOWS\system32\njritc.dll
C:\WINDOWS\system32\oqrthc.dll
C:\WINDOWS\system32\zdbdb.dll
C:\WINDOWS\system32\lariytrz.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Sohail\Local Settings\Temp\Temporary Internet Files\Content.IE5\W3MQ14BV\cnsminex_empty[1].htm
C:\WINDOWS\AppPatch\AcXtrnel.dll
C:\WINDOWS\AppPatch\Jview.dll
C:\WINDOWS\linkinfo.dll
C:\WINDOWS\system32\aoqnabib.sys
C:\WINDOWS\system32\asfjthj.dll.vir
C:\WINDOWS\system32\cedafb.dll
C:\WINDOWS\system32\ddserh.dll
C:\WINDOWS\system32\dllcache\hwxjpn.dll
C:\WINDOWS\system32\drivers\cdralw.sys
C:\WINDOWS\system32\ergfwe.dll
C:\WINDOWS\system32\erjxakin.sys
C:\WINDOWS\system32\fsrgeb.dll
C:\WINDOWS\system32\ghjyer.dll
C:\WINDOWS\system32\gjbhr.dll
C:\WINDOWS\system32\hgfhk.cfg
C:\WINDOWS\system32\hgfhk.dll.vir
C:\WINDOWS\system32\hjk.dll
C:\WINDOWS\system32\iujraler.sys
C:\WINDOWS\system32\jkjkll.dll
C:\WINDOWS\system32\lariytrz.cfg
C:\WINDOWS\system32\lariytrz.dll.vir
C:\WINDOWS\system32\njritc.cfg
C:\WINDOWS\system32\njritc.dll.vir
C:\WINDOWS\system32\oqrthc.cfg
C:\WINDOWS\system32\oqrthc.dll.vir
C:\WINDOWS\system32\quaryfy.dll
C:\WINDOWS\system32\quaryfyk.exe
C:\WINDOWS\system32\rnmxajkl.sys
C:\WINDOWS\system32\sergy.dll
C:\WINDOWS\system32\smdsbsrv.sys
C:\WINDOWS\system32\snfybbyt.sys
C:\WINDOWS\system32\tdggrz.dll
C:\WINDOWS\system32\tfsdmz.dll
C:\WINDOWS\system32\tuker.dll.vir
C:\WINDOWS\system32\ujkwet.dll.vir
C:\WINDOWS\system32\verptw.dll
C:\WINDOWS\system32\verptwk.exe
C:\WINDOWS\system32\wyrsdj.dll
C:\WINDOWS\system32\xsdjbbmp.sys
C:\WINDOWS\system32\zdbdb.cfg
C:\WINDOWS\system32\zdbdb.dll.vir
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CDRALW
-------\Service_cdralw

((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.
2008-06-30 12:02 . 2008-06-30 12:02 <DIR> d-------- C:\Documents and Settings\Sohail\Application Data\Creative
2008-06-30 11:55 . 2000-05-22 01:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx
2008-06-30 11:55 . 1999-10-10 18:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-06-30 11:53 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-06-30 11:53 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\dllcache\wstcodec.sys
2008-06-30 11:53 . 2004-08-04 00:56 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-06-30 11:53 . 2004-08-04 00:56 16,384 --a------ C:\WINDOWS\system32\dllcache\ipsink.ax
2008-06-30 11:53 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-06-30 11:53 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\dllcache\streamip.sys
2008-06-30 11:53 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-06-30 11:53 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\dllcache\slip.sys
2008-06-30 11:53 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-06-30 11:53 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\dllcache\ndisip.sys
2008-06-30 11:50 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-06-30 11:49 . 2008-06-30 11:49 <DIR> d-------- C:\Program Files\Creative
2008-06-29 14:05 . 2008-06-29 14:05 <DIR> d-------- C:\Documents and Settings\Sohail\Application Data\GRETECH
2008-06-29 03:48 . 2008-06-29 03:48 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-29 03:48 . 2005-02-24 20:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-28 20:09 . 2008-06-28 20:09 <DIR> d--hs---- C:\FOUND.002
2008-06-28 19:18 . 2008-06-28 19:18 <DIR> d-------- C:\Documents and Settings\Sohail\Application Data\AdobeUM
2008-06-28 19:11 . 2008-06-28 19:11 <DIR> d--hs---- C:\FOUND.001
2008-06-28 16:55 . 2008-06-28 16:55 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-28 12:35 . 2008-06-29 13:58 10,752 --a------ C:\WINDOWS\system32\mrsingdk.exe
2008-06-26 16:43 . 2008-06-26 16:43 <DIR> d--hs---- C:\FOUND.000
2008-06-25 20:17 . 2008-06-29 13:59 28,672 --a------ C:\WINDOWS\system32\weblso.dll
2008-06-25 20:17 . 2008-06-29 15:01 24,576 --a------ C:\WINDOWS\system32\mrsingd.dll
2008-06-25 20:17 . 2008-06-25 20:17 11,264 --a------ C:\WINDOWS\system32\weblsok.exe
2008-06-25 16:53 . 2008-06-29 14:01 28,672 --a------ C:\WINDOWS\system32\qflxs.dll
2008-06-25 16:53 . 2008-06-29 15:02 24,576 --a------ C:\WINDOWS\system32\womsoy.dll
2008-06-25 16:53 . 2008-06-28 12:36 24,576 --a------ C:\WINDOWS\system32\hellodon.dll
2008-06-25 16:53 . 2008-06-25 16:53 11,264 --a------ C:\WINDOWS\system32\hellodonk.exe
2008-06-25 12:45 . 2008-06-29 15:01 229,376 --ah----- C:\WINDOWS\system32\pedadt.dll
2008-06-25 12:45 . 2008-06-29 13:58 218,624 --ah----- C:\WINDOWS\system32\zgrjdx.dll
2008-06-25 12:45 . 2008-06-29 13:59 24,576 --a------ C:\WINDOWS\system32\yitalle.dll
2008-06-25 12:45 . 2008-06-26 00:22 10,240 --a------ C:\WINDOWS\system32\yitallek.exe
2008-06-24 15:33 . 2008-06-29 21:52 10,022 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-24 15:31 . 2008-06-24 15:31 <DIR> d-------- C:\Program Files\DivX
2008-06-23 21:32 . 2008-06-23 21:32 <DIR> d-------- C:\Documents and Settings\Sohail\Application Data\Yahoo!
2008-06-23 21:31 . 2008-06-23 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-23 21:28 . 2008-06-23 21:28 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-23 18:54 . 2008-06-23 18:54 <DIR> d-------- C:\Documents and Settings\Sohail\Application Data\CyberLink
2008-06-23 18:53 . 2008-06-23 18:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-23 18:52 . 2008-06-23 18:52 <DIR> d-------- C:\Program Files\CyberLink
2008-06-23 01:35 . 2008-06-23 01:35 <DIR> d--hs---- C:\Recycled
2008-06-23 00:34 . 2008-06-23 00:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-23 00:34 . 2008-06-23 00:34 <DIR> d-------- C:\Documents and Settings\Sohail\Application Data\Malwarebytes
2008-06-23 00:34 . 2008-06-23 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-23 00:34 . 2008-06-19 17:55 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-23 00:34 . 2008-06-19 17:55 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-22 23:22 . 2008-06-22 23:22 <DIR> d-------- C:\Documents and Settings\Sohail\Application Data\Ulead Systems
2008-06-22 23:20 . 2008-06-22 23:21 <DIR> d-------- C:\Program Files\Burn4Free
2008-06-22 23:18 . 2008-06-22 23:18 <DIR> d-------- C:\Driver
2008-06-22 23:17 . 2008-06-22 23:17 <DIR> d-------- C:\Program Files\Ulead Systems
2008-06-22 23:17 . 2008-06-22 23:17 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-22 23:17 . 2008-06-22 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-22 23:17 . 2003-07-10 00:07 57,344 --------- C:\WINDOWS\dvdrgn.exe
2008-06-22 23:17 . 2008-06-23 06:18 74 --ah----- C:\WINDOWS\UCMDPPG.ETF
2008-06-22 23:17 . 2008-06-29 13:49 74 --ah----- C:\WINDOWS\ACLASS.DMF
2008-06-22 22:08 . 2008-06-30 11:46 100 --a------ C:\WINDOWS\cdplayer.ini
2008-06-22 22:07 . 2008-06-22 22:07 <DIR> d-------- C:\Program Files\Real
2008-06-22 22:07 . 2008-06-22 22:07 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-06-22 22:07 . 2008-06-22 22:07 <DIR> d-------- C:\Program Files\Common Files\Real
2008-06-22 21:55 . 2008-06-22 21:56 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-22 21:55 . 2008-06-22 21:56 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-06-22 21:55 . 2003-08-05 14:23 266,240 --a------ C:\WINDOWS\CMIUninstall.exe
2008-06-22 21:55 . 2003-07-22 11:15 225,280 --a------ C:\WINDOWS\CmiRmRedundDir.exe
2008-06-22 21:55 . 2002-10-18 15:56 28,672 --a------ C:\WINDOWS\CMIRmDriver.dll
2008-06-21 11:24 . 2008-06-21 11:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-21 11:18 . 2008-06-23 00:12 24,576 --a------ C:\WINDOWS\system32\woasick.dll
2008-06-20 12:08 . 2001-08-22 23:30 10,129,408 --a------ C:\WINDOWS\system32\dllcache\hwxkor.dll
2008-06-20 12:07 . 2004-08-03 12:26 2,134,528 --a------ C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-06-20 12:05 . 2008-06-20 12:05 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-06-20 12:05 . 2008-06-20 12:05 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-06-20 12:05 . 2008-06-20 12:05 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-06-20 12:05 . 2008-06-20 12:05 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-06-20 12:05 . 2008-06-20 12:05 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-06-20 12:05 . 2008-06-20 12:05 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-06-20 12:01 . 2007-12-10 14:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-06-20 12:01 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-06-20 11:52 . 2008-06-30 13:26 1,064,189,952 --a------ C:\WINDOWS\MEMORY.DMP
2008-06-20 03:23 . 2008-06-20 03:23 <DIR> d-------- C:\Program Files\McAfee
2008-06-20 03:23 . 2008-06-20 03:23 <DIR> d-------- C:\Documents and Settings\Sohail\Application Data\McAfee
2008-06-20 03:23 . 2002-03-13 08:50 23,296 --a------ C:\WINDOWS\system32\drivers\NaiFiltr.sys
2008-06-20 03:22 . 2008-06-20 03:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-20 03:21 . 2008-06-20 03:21 <DIR> d-------- C:\Program Files\McAfee.com
2008-06-20 03:21 . 2004-10-04 12:29 341,064 --a------ C:\WINDOWS\system32\mcinsctl.dll
2008-06-20 03:21 . 2004-09-07 06:14 279,624 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2008-06-20 02:48 . 2008-06-20 02:48 <DIR> d-------- C:\Program Files\RegistryFix6
2008-06-19 15:46 . 2008-06-30 13:32 18,048 --a------ C:\WINDOWS\system32\drivers\eth8023.sys
2008-06-19 14:57 . 2008-06-19 14:57 <DIR> d---s---- C:\Documents and Settings\Sohail\UserData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 04:45 9,728 ----a-w C:\WINDOWS\AppPatch\AcSpecf.dll
2008-07-01 04:45 9,728 ----a-w C:\WINDOWS\AppPatch\AclLayer.dll
2008-07-01 04:45 53,248 ----a-w C:\WINDOWS\linkinfo.dll
2008-07-01 04:34 30 ----a-w C:\MicroSoft.bat
2008-06-29 23:26 14,336 ----a-w C:\WINDOWS\AppPatch\DesktopWin.dll
2008-06-28 07:29 186 ----a-w C:\MicroSoft.vbs
2008-06-19 22:46 27,136 ----a-w C:\WINDOWS\AppPatch\AcPlugin.dll
2008-06-19 06:37 --------- d-----w C:\Program Files\Sify Broadband
2008-06-19 06:31 --------- d-----w C:\Documents and Settings\Sohail\Application Data\Broadband
2008-06-19 06:24 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-19 06:14 --------- d-----w C:\Program Files\microsoft frontpage
2004-09-03 17:32 3,488 ----a-w C:\WINDOWS\inf\OTHER\CMIAINFO.SYS
.
((((((((((((((((((((((((((((( snapshot_2008-06-26_ 2.44.20.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-26 09:43:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-01 04:45:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2004-05-10 02:10:00 86,016 ----a-r C:\WINDOWS\CtDrvIns.exe
- 2008-06-19 06:46:30 45,056 ----a-w C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
+ 2008-06-28 19:19:36 45,056 ----a-w C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
+ 2008-06-28 23:59:40 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70000000000}\SC_Reader.exe
+ 2003-03-19 04:05:50 89,088 ----a-r C:\WINDOWS\system32\atl71.dll
- 2004-08-04 02:26:42 66,560 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-31 02:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2003-10-03 01:05:00 65,536 ----a-r C:\WINDOWS\system32\CtCamMgr.dll
+ 2002-09-17 01:04:00 36,864 ----a-r C:\WINDOWS\system32\CtRegApp.dll
+ 2004-08-04 06:10:18 17,024 ----a-w C:\WINDOWS\system32\dllcache\ccdecode.sys
- 2004-08-04 02:26:42 66,560 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-31 02:19:20 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2004-08-03 19:26:44 16,896 ----a-w C:\WINDOWS\system32\dllcache\fltlib.dll
+ 2006-08-21 12:21:06 16,896 ----a-w C:\WINDOWS\system32\dllcache\fltlib.dll
- 2004-08-03 19:26:50 22,528 ----a-w C:\WINDOWS\system32\dllcache\fltmc.exe
+ 2006-08-21 09:14:58 23,040 ----a-w C:\WINDOWS\system32\dllcache\fltmc.exe
- 2004-08-03 17:31:20 124,800 ----a-w C:\WINDOWS\system32\dllcache\fltmgr.sys
+ 2006-08-21 09:14:58 128,896 ----a-w C:\WINDOWS\system32\dllcache\fltmgr.sys
- 2001-08-23 13:30:00 77,850 ----a-w C:\WINDOWS\system32\dllcache\hlink.dll
+ 2006-07-21 08:24:44 72,704 ----a-w C:\WINDOWS\system32\dllcache\hlink.dll
+ 2004-08-04 07:56:44 47,616 ----a-w C:\WINDOWS\system32\dllcache\iyuv_32.dll
- 2004-08-04 02:26:44 2,804,224 ----a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2005-05-04 21:45:32 2,890,240 ----a-w C:\WINDOWS\system32\dllcache\msi.dll
- 2004-08-04 02:26:54 77,312 ----a-w C:\WINDOWS\system32\dllcache\msiexec.exe
+ 2005-05-04 21:45:36 78,848 ----a-w C:\WINDOWS\system32\dllcache\msiexec.exe
- 2004-08-04 02:26:44 331,264 ----a-w C:\WINDOWS\system32\dllcache\msihnd.dll
+ 2005-05-04 21:45:36 271,360 ----a-w C:\WINDOWS\system32\dllcache\msihnd.dll
- 2004-08-04 02:26:18 884,736 ----a-w C:\WINDOWS\system32\dllcache\msimsg.dll
+ 2005-05-04 21:45:36 884,736 ----a-w C:\WINDOWS\system32\dllcache\msimsg.dll
- 2004-08-04 02:26:44 44,032 ----a-w C:\WINDOWS\system32\dllcache\msisip.dll
+ 2005-05-04 21:45:36 15,360 ----a-w C:\WINDOWS\system32\dllcache\msisip.dll
+ 2004-08-04 05:58:40 5,504 ----a-w C:\WINDOWS\system32\dllcache\mstee.sys
+ 2004-08-04 07:56:46 17,408 ----a-w C:\WINDOWS\system32\dllcache\msyuv.dll
+ 2001-08-18 05:36:34 8,192 ----a-w C:\WINDOWS\system32\dllcache\tsbyuv.dll
+ 2004-08-04 07:56:48 53,760 ----a-w C:\WINDOWS\system32\dllcache\vfwwdm32.dll
- 2004-08-03 19:26:48 430,592 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2007-07-31 02:19:36 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2004-08-03 19:26:58 111,104 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2007-07-31 02:19:16 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2004-08-03 19:26:48 1,134,592 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2007-07-31 02:19:42 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2004-08-03 19:26:48 112,640 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2007-07-31 02:19:32 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2004-08-03 19:26:48 36,864 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2007-07-31 02:18:40 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2004-08-03 19:26:48 120,320 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-31 02:19:28 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2004-08-11 03:22:52 3,525 ----a-r C:\WINDOWS\system32\drivers\CamF2111.bin
+ 2004-08-11 03:22:52 3,525 ----a-r C:\WINDOWS\system32\drivers\CamH2111.bin
+ 2004-08-04 06:10:18 17,024 ----a-w C:\WINDOWS\system32\drivers\CCDECODE.sys
- 2004-08-03 17:31:20 124,800 ----a-w C:\WINDOWS\system32\drivers\fltMgr.sys
+ 2006-08-21 09:14:58 128,896 ----a-w C:\WINDOWS\system32\drivers\fltMgr.sys
+ 2008-07-01 04:45:36 15,872 ----a-w C:\WINDOWS\system32\drivers\IsDrv122.sys
+ 2004-08-04 05:58:40 5,504 ----a-w C:\WINDOWS\system32\drivers\MSTEE.sys
+ 2004-10-09 09:51:08 503,507 ----a-r C:\WINDOWS\system32\drivers\V0080Dev.sys
+ 2004-05-21 06:05:40 1,125,376 ----a-r C:\WINDOWS\system32\drivers\V0080Evx.sys
- 2004-08-03 19:26:44 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll
+ 2006-08-21 12:21:06 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll
- 2004-08-03 19:26:50 22,528 ----a-w C:\WINDOWS\system32\fltMc.exe
+ 2006-08-21 09:14:58 23,040 ----a-w C:\WINDOWS\system32\fltMc.exe
- 2001-08-23 13:30:00 77,850 ----a-w C:\WINDOWS\system32\hlink.dll
+ 2006-07-21 08:24:44 72,704 ----a-w C:\WINDOWS\system32\hlink.dll
- 2004-08-04 02:35:44 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
+ 2004-08-04 07:56:44 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
- 2004-08-04 02:35:44 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
+ 2004-08-04 07:56:58 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
- 2004-08-04 02:26:44 2,804,224 ----a-w C:\WINDOWS\system32\msi.dll
+ 2005-05-04 21:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-04 02:26:54 77,312 ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2005-05-04 21:45:36 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2004-08-04 02:26:44 331,264 ----a-w C:\WINDOWS\system32\msihnd.dll
+ 2005-05-04 21:45:36 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2004-08-04 02:26:18 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
+ 2005-05-04 21:45:36 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
- 2004-08-04 02:26:44 44,032 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2005-05-04 21:45:36 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2003-03-19 05:14:52 499,712 ----a-r C:\WINDOWS\system32\msvcp71.dll
+ 2003-02-21 11:42:22 348,160 ----a-r C:\WINDOWS\system32\msvcr71.dll
- 2004-08-04 02:35:44 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
+ 2004-08-04 07:56:46 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
+ 2007-07-31 02:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\system32\spmsg.dll
- 2001-08-23 13:30:00 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
+ 2001-08-18 05:36:34 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
+ 2004-07-26 01:00:00 49,152 ----a-r C:\WINDOWS\system32\V0080Hwx.dll
+ 2004-07-19 01:00:00 36,864 ----a-r C:\WINDOWS\system32\V0080Pin.dll
+ 2004-05-21 01:00:00 20,480 ----a-r C:\WINDOWS\system32\V0080Srv.exe
+ 2004-06-29 01:55:46 106,496 ----a-r C:\WINDOWS\system32\V0080Sti.dll
+ 2004-06-10 01:00:00 126,976 ----a-r C:\WINDOWS\system32\V0080Vfw.dll
+ 2004-08-04 07:56:48 53,760 ----a-w C:\WINDOWS\system32\vfwwdm32.dll
- 2004-08-03 19:26:48 430,592 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-31 02:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2004-08-03 19:26:58 111,104 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-31 02:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2004-08-03 19:26:48 1,134,592 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-31 02:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2004-08-03 19:26:48 112,640 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-31 02:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2004-08-03 19:26:48 36,864 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-31 02:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-31 02:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
- 2004-08-03 19:26:48 120,320 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-31 02:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2008-07-01 04:45:38 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_7d0.dat
+ 2004-07-16 01:02:00 98,304 ----a-r C:\WINDOWS\twain_32\Creative\VF0080\CtTwain.dll
+ 2001-08-23 08:25:28 1,706,800 ----a-r C:\WINDOWS\twain_32\Creative\VF0080\GdiPlus.dll
+ 2004-06-21 02:02:02 73,728 ----a-r C:\WINDOWS\twain_32\Creative\VF0080\HookWnd.dll
+ 2004-08-04 01:00:00 20,480 ----a-r C:\WINDOWS\V0080Cfg.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97421D0D-E07F-40DF-8F07-99597B9585AD}]
2008-06-28 12:19 45056 --a------ C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"="C:\Program Files\Sify Broadband\BBImpSec.exe" [2006-04-21 20:04 127085]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-05-27 21:58 4269296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"McRegWiz"="C:\PROGRA~1\mcafee.com\agent\McRegWiz.Exe" [2004-07-29 14:55 139264]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 15:15 139264]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 16:55 180224]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2004-08-17 18:26 245760]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2004-10-02 16:34 184320]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Cmaudio"="cmicnfg.cpl,CMICtrlWnd" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-22 22:07 180269]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - D:\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 66048]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A9895933-6636-4281-BC58-EE6DE2AF96E3}"= C:\WINDOWS\system32\ddserh.dll [ ]
"{00180018-0018-0018-0018-00180018BB15}"= C:\WINDOWS\system32\mstimewd.dll [ ]
"{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}"= C:\WINDOWS\system32\wyrsdj.dll [ ]
"{45AADFAA-DD36-42AB-83AD-0521BBF58C24}"= C:\WINDOWS\system32\zgrjdx.dll [2008-06-29 13:58 218624]
"{5E907A48-400E-4EA8-9792-FFAE052D59E9}"= C:\WINDOWS\system32\pedadt.dll [2008-06-29 15:01 229376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mstimewd"= {00180018-0018-0018-0018-00180018BB15} - C:\WINDOWS\system32\mstimewd.dll [ ]
"ThunderAdvise"= {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll [2008-06-28 12:19 45056]
"DesktopWin"= {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll [2008-06-29 16:26 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
R3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2004-10-09 02:51]
S3 eth8023;eth8023;C:\WINDOWS\system32\drivers\eth8023.sys [2008-06-30 13:32]
.
Contents of the 'Scheduled Tasks' folder
"2008-07-01 04:30:58 C:\WINDOWS\Tasks\McAfee.com Update Check (HOME-5CEA0A0A44-Sohail).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent.SohailPMcAfee SecurityCenter periodically checks for updates for your McAfee Services.
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 21:45:36
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\PROGRAM FILES\COMMON FILES\ULEAD SYSTEMS\DVD\ULCDRSVR.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHIELD.EXE
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCREGWIZ.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
.
**************************************************************************
.
Completion time: 2008-06-30 21:46:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-01 04:46:30
ComboFix3.txt 2008-06-23 08:35:06
ComboFix2.txt 2008-06-26 09:44:46
Pre-Run: 4,431,953,920 bytes free
Post-Run: 4,445,806,592 bytes free
386 --- E O F --- 2008-06-29 10:52:14

and here is the fresh HJT report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:51 PM, on 6/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\mcafee.com\agent\McRegWiz.Exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\McRegWiz.Exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4560A5A8-FCF0-4907-ACD4-C6E43892C33E}: NameServer = 202.144.105.4,202.144.10.50
O17 - HKLM\System\CS1\Services\Tcpip\..\{4560A5A8-FCF0-4907-ACD4-C6E43892C33E}: NameServer = 202.144.105.4,202.144.10.50
O17 - HKLM\System\CS2\Services\Tcpip\..\{4560A5A8-FCF0-4907-ACD4-C6E43892C33E}: NameServer = 202.144.105.4,202.144.10.50
O21 - SSODL: mstimewd - {00180018-0018-0018-0018-00180018BB15} - C:\WINDOWS\system32\mstimewd.dll (file missing)
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O21 - SSODL: DesktopWin - {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 5432 bytes

i am now really getting sick handling this .

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 10 · 2008-07-01T15:33:21+00:00

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.Once the files are downloaded click on Next
Click on Scan Settings and configure as follows: Scan using the following Anti-Virus database:Extended

Scan Options:Scan Archives
Scan Mail Bases

Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on:Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

===========

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program

========

Run malwarebytes antimalware and combofix again and post the logs.

Gronz 0 Newbie Poster · Answer 11 · 2010-09-29T21:29:35+00:00

I have small "r" problems I've use malwarebytes not helping.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 12 · 2010-09-30T01:59:29+00:00

Gronz, this thread is over one year old. Please create your own thread AFTER completing steps given in our Read Me Sticky and then post the logs along with a detailed description of your problems.

reformated to remove new win32 virus ,still keeps coming back

Recommended Answers Collapse Answers

All 17 Replies

Recommended Answers