please help

Question

abhi_lp 0 Newbie Poster

16 Years Ago

Please help I am posting HJT log.
Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:13 AM, on 8/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe
C:\Program Files\Messenger\mezepod22011.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\imabunny.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4518BD6B-451A-4877-B42D-8D9AE5DC5257} - C:\WINDOWS\system32\vturs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\flayqwwd.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\opnllml.dll
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [{F8-86-60-0F-ZN}] C:\Documents and Settings\ABHILASH\Local Settings\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [mezepod] C:\Program Files\Messenger\mezepod22011.exe
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\ABHILASH\Local Settings\Temp\thinksnet.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183943294843
O20 - Winlogon Notify: opnllml - C:\WINDOWS\SYSTEM32\opnllml.dll
O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Plus\rtemehd.html

--
End of file - 8492 bytes

windows-virus

2 Contributors
12 Replies
265 Views
5 Days Discussion Span
Latest Post 16 Years Ago Latest Post by gerbil

All 12 Replies

gerbil 216 Industrious Poster

16 Years Ago

abhi, hello.
==Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4
=Restart your system in Safe Mode.
Double-click VundoFix.exe to start it. Click the Scan for Vundo button.
When the scan completes click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will restart your computer - click OK.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
!!! Check the Vundofix log for any found files that were not deleted - if present rerun Vundofix !!!
Post the contents of C:\vundofix.txt plus a new HijackThis log.

Please start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

C:\Program Files\Messenger\mezepod22011.exe
O2 - BHO: (no name) - {4518BD6B-451A-4877-B42D-8D9AE5DC5257} - C:\WINDOWS\system32\vturs.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\flayqwwd.dll
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\opnllml.dll
O4 - HKLM\..\Run: [{F8-86-60-0F-ZN}] C:\Documents and Settings\ABHILASH\Local Settings\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [mezepod] C:\Program Files\Messenger\mezepod22011.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\ABHILASH\Local Settings\Temp\thinksnet.exe
O20 - Winlogon Notify: opnllml - C:\WINDOWS\SYSTEM32\opnllml.dll
O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Plus\rtemehd.html

Delete these files:
C:\Program Files\Windows Plus\rtemehd.html
C:\Program Files\Messenger\mezepod22011.exe

==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it from the installation checkboxes to only open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs]
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

gerbil 216 Industrious Poster

16 Years Ago

Good stuff. Please rerun CCLeaner, then do this:
==Please use IE to do an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.

==Please copy the text between the lines to a notepad [no wordwrap] and save as showkey.bat, as type "all files", to your desktop; dclick it to run, then post the file C:\showkey.txt
__________________________________________________________
reg query "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg" /s >C:\showkey.txt
__________________________________________________________
Then, very importantly...:
== get one of these free firewalls: ZoneAlarm Free, Kerio, Comodo
== get ONE of these free, resident AVs: AVG FRE, Avast, Avira

AVG Free 7.5 at http://free.grisoft.com/doc/5390/lng/us/tpl/v5
Avira personal free at http://www.free-av.com/
Avast home edition at http://www.avast.com/eng/avast_4_home.html

Post the panda log, showkey.txt, and say how things are....

gerbil 216 Industrious Poster

16 Years Ago

oops, and a fresh hijackthis log too...

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

abhi_lp 0 Newbie Poster · Answer 1 · 2007-08-29T14:37:18+00:00

Thanks gerbil Here is the new Hijack This log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:27 AM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\imabunny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [url]www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us[/url]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - [url]http://dl.tvunetworks.com/TVUAx.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183943294843[/url]
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

--
End of file - 7523 bytes

The VundoFix log fiel


VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 9:40:17 PM 7/7/2007

Listing files found while scanning....

C:\windows\system32\hqrhhljn.ini
C:\windows\system32\njlhhrqh.dll
C:\windows\system32\tuvsspo.dll
C:\windows\system32\xxywwvv.dll

Beginning removal...

 Attempting to delete C:\windows\system32\hqrhhljn.ini
C:\windows\system32\hqrhhljn.ini Has been deleted!

 Attempting to delete C:\windows\system32\njlhhrqh.dll
C:\windows\system32\njlhhrqh.dll Has been deleted!

 Attempting to delete C:\windows\system32\tuvsspo.dll
C:\windows\system32\tuvsspo.dll Has been deleted!

 Attempting to delete C:\windows\system32\xxywwvv.dll
C:\windows\system32\xxywwvv.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 9:43:37 PM 7/7/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 11:15:11 PM 7/7/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 12:06:08 AM 7/11/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:59:26 PM 8/7/2007

Listing files found while scanning....

C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\gebcb.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\gebcb.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 10:50:53 PM 8/7/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 5:29:54 PM 8/11/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 12:15:13 AM 8/29/2007

Listing files found while scanning....

C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\xbeeg.bak1
C:\WINDOWS\system32\xbeeg.bak2
C:\WINDOWS\system32\xbeeg.ini

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\geebx.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\xbeeg.bak1
C:\WINDOWS\system32\xbeeg.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xbeeg.bak2
C:\WINDOWS\system32\xbeeg.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xbeeg.ini
C:\WINDOWS\system32\xbeeg.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\geebx.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\xbeeg.ini
C:\WINDOWS\system32\xbeeg.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 12:25:38 AM 8/29/2007

Listing files found while scanning....

C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\xbeeg.ini

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\geebx.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xbeeg.ini
C:\WINDOWS\system32\xbeeg.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 12:32:28 AM 8/29/2007

Listing files found while scanning....

No infected files were found.


and the combofix log file
ComboFix 07-08-29.2 - "ABHILASH" 2007-08-29  1:14:37.1 - NTFSx86 
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1516 [GMT -7:00]
 * Created a new restore point


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ABHILASH\MYDOCU~1\fnts~1
C:\DOCUME~1\ABHILASH\STARTM~1\Programs\Outerinfo
C:\Program Files\ipwindows
C:\Program Files\Online Services\merozegeq4444.dll
C:\Program Files\pppatc~1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070826-105958-627.dll
C:\Program Files\Windows Plus\qudas.dll
C:\Program Files\Windows Plus\qudas428.dll
C:\Program Files\wnsxs~1
C:\Program Files\ymante~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\curity~1
C:\WINDOWS\icroso~1
C:\WINDOWS\racle~1
C:\WINDOWS\racle~1\?racle\
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\configs
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\driver\w717.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\F2
C:\WINDOWS\system32\F3
C:\WINDOWS\system32\flayqwwd.dll
C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.bak2
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ggjlm.ini2
C:\WINDOWS\system32\ggjlm.tmp
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\mednolby.ini
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\opnllml.dll
C:\WINDOWS\system32\pmnkhfe.dll
C:\WINDOWS\system32\smpi1
C:\WINDOWS\system32\srutv.bak1
C:\WINDOWS\system32\srutv.bak2
C:\WINDOWS\system32\srutv.ini
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T6
C:\WINDOWS\system32\tvvwa.bak1
C:\WINDOWS\system32\tvvwa.ini
C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.bak2
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\vvhrhkru.exe
C:\WINDOWS\system32\wapisvtr32.exe
C:\WINDOWS\system32\yblondem.dll
C:\WINDOWS\tk58.exe
C:\WINDOWS\wr.txt


(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\DomainService


(((((((((((((((((((((((((   Files Created from 2007-07-28 to 2007-08-29  )))))))))))))))))))))))))))))))


2007-08-29 01:09    51,200  --a------   C:\WINDOWS\nircmd.exe
2007-08-27 21:58    <DIR>    d--------   C:\Program Files\Alcohol Soft
2007-08-27 21:49    <DIR>    d--------   C:\WINDOWS\Easy DVD Copy
2007-08-27 21:49    <DIR>    d--------   C:\Program Files\Easy DVD Copy
2007-08-26 00:35    94,263  --a------   C:\WINDOWS\DLA.EXE
2007-08-26 00:35    89,456  --a------   C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2007-08-26 00:35    61,500  --a------   C:\WINDOWS\system32\DLAAPI_W.DLL
2007-08-26 00:35    5,660   --a------   C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2007-08-26 00:35    40,544  --a------   C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2007-08-26 00:35    22,684  --a------   C:\WINDOWS\system32\drivers\DLARTL_N.SYS
2007-08-25 14:00    5,600   --a------   C:\WINDOWS\system\winaspi.dll
2007-08-25 14:00    45,056  --a------   C:\WINDOWS\system32\wnaspi32.dll
2007-08-25 14:00    4,672   --a------   C:\WINDOWS\system\wowpost.exe
2007-08-25 14:00    25,244  --a------   C:\WINDOWS\system32\drivers\aspi32.sys
2007-08-25 13:26    <DIR>    d--------   C:\Program Files\DAEMON Tools
2007-08-25 08:51    1,628,497   --ahs----   C:\WINDOWS\system32\abadd.bak2
2007-08-25 08:48    685,816 --a------   C:\WINDOWS\system32\drivers\sptd.sys
2007-08-24 08:07    <DIR>    d--------   C:\Program Files\Common Files\NSV
2007-08-23 21:47    6,473   --ahs----   C:\WINDOWS\system32\abadd.bak1
2007-08-23 20:28    6,855   --ahs----   C:\WINDOWS\system32\wycdd.bak2
2007-08-23 20:28    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\eFax Messenger 4.3 Output
2007-08-23 20:28    <DIR>    d--------   C:\DOCUME~1\ABHILASH\APPLIC~1\eFax Messenger
2007-08-23 20:27    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\eFax Messenger 4.3 Setup
2007-08-23 20:26    <DIR>    d--------   C:\Program Files\eFax Messenger 4.3
2007-08-23 03:11    6,473   --ahs----   C:\WINDOWS\system32\aybeg.bak1
2007-08-22 23:48    6,473   --ahs----   C:\WINDOWS\system32\kjjlm.bak1
2007-08-22 22:19    6,513   --ahs----   C:\WINDOWS\system32\xbadd.bak1
2007-08-22 20:33    6,513   --ahs----   C:\WINDOWS\system32\cbeeg.bak1
2007-08-22 19:20    6,473   --ahs----   C:\WINDOWS\system32\efhkj.bak1
2007-08-22 07:27    6,473   --ahs----   C:\WINDOWS\system32\rtstv.bak1
2007-08-22 01:04    6,473   --ahs----   C:\WINDOWS\system32\cdeeg.bak2
2007-08-21 23:14    6,513   --ahs----   C:\WINDOWS\system32\jmllm.bak1
2007-08-21 22:02    6,513   --ahs----   C:\WINDOWS\system32\bccdd.bak1
2007-08-21 20:08    6,473   --ahs----   C:\WINDOWS\system32\abeeg.bak1
2007-08-21 08:56    6,473   --ahs----   C:\WINDOWS\system32\cdeeg.bak1
2007-08-18 08:13    <DIR>    d--------   C:\Program Files\Winamp
2007-08-18 04:19    6,473   --a------   C:\WINDOWS\system32\wycdd.bak1.ren
2007-08-18 04:19    298,080 --a------   C:\WINDOWS\system32\ddcyw.dll.ren
2007-08-18 04:19    29,683  --a------   C:\WINDOWS\system32\wycdd.ini.ren
2007-08-17 20:35    6,473   --ahs----   C:\WINDOWS\system32\ttstv.bak1
2007-08-17 20:30    31,254  --a------   C:\WINDOWS\system32\iifcbyw.dll.ren
2007-08-17 20:30    <DIR>    d--------   C:\WINDOWS\system32\ICM3
2007-08-17 20:30    <DIR>    d--------   C:\WINDOWS\system32\CC1
2007-08-17 20:30    <DIR>    d--------   C:\WINDOWS\system32\bgfig5
2007-08-15 03:04    <DIR>    d--------   C:\Program Files\MSXML 6.0
2007-08-11 23:01    <DIR>    d-a------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-11 23:00    77,312  --a------   C:\WINDOWS\system32\ztvunace26.dll
2007-08-11 23:00    75,264  --a------   C:\WINDOWS\system32\unacev2.dll
2007-08-11 23:00    69,632  --a------   C:\WINDOWS\system32\ztvcabinet.dll
2007-08-11 23:00    162,304 --a------   C:\WINDOWS\system32\ztvunrar36.dll
2007-08-11 23:00    153,088 --a------   C:\WINDOWS\system32\UNRAR3.dll
2007-08-11 23:00    <DIR>    d--------   C:\Program Files\Trojan Remover
2007-08-11 23:00    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
2007-08-11 23:00    <DIR>    d--------   C:\DOCUME~1\ABHILASH\APPLIC~1\Simply Super Software
2007-08-11 22:52    9,593   --a------   C:\WINDOWS\system32\gfhkj.ini.ren
2007-08-11 22:52    6,421   --a------   C:\WINDOWS\system32\gfhkj.bak1.ren
2007-08-11 22:52    231,520 --a------   C:\WINDOWS\system32\jkhfg.dll.ren
2007-08-11 17:33    7,120   --a------   C:\WINDOWS\system32\mmllm.ini.ren
2007-08-11 17:33    6,421   --a------   C:\WINDOWS\system32\mmllm.bak1.ren
2007-08-11 16:49    69,184  --a------   C:\WINDOWS\system32\fdnqxkev.dll.ren
2007-08-11 03:30    6,461   --ahs----   C:\WINDOWS\system32\vyadd.bak1
2007-08-11 01:44    6,421   --ahs----   C:\WINDOWS\system32\jlnmp.bak1
2007-08-11 00:10    6,461   --ahs----   C:\WINDOWS\system32\fhkmp.bak1
2007-08-09 08:42    6,531   --a------   C:\WINDOWS\system32\jmllm.ini.ren
2007-08-09 08:42    6,461   --a------   C:\WINDOWS\system32\jmllm.bak1.ren
2007-08-09 07:18    6,421   --ahs----   C:\WINDOWS\system32\orqss.bak1
2007-08-08 22:39    6,461   --ahs----   C:\WINDOWS\system32\prqss.bak1
2007-08-08 21:01    6,513   --ahs----   C:\WINDOWS\system32\tttss.bak1
2007-08-08 19:41    6,421   --ahs----   C:\WINDOWS\system32\rstwa.bak1
2007-08-07 23:35    6,461   --ahs----   C:\WINDOWS\system32\yybeg.bak1
2007-08-07 22:07    6,421   --ahs----   C:\WINDOWS\system32\ghhkj.bak1
2007-08-07 20:13    6,421   --ahs----   C:\WINDOWS\system32\ttvwa.bak1
2007-08-04 21:55    69,184  --a------   C:\WINDOWS\system32\akkjvdfq.dll.ren
2007-08-04 07:37    31,254  --a------   C:\WINDOWS\system32\tuvtrpn.dll.ren
2007-08-02 07:35    <DIR>    d--------   C:\WinZix
2007-08-02 07:35    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\LICENSE FORD HOPE DRAW
2007-08-02 07:35    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Face error funk license
2007-07-31 22:49    <DIR>    d--------   C:\Program Files\Netflix


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-29 01:20    ---------   d--------   C:\Program Files\Windows Plus
2007-08-29 00:53    ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-27 22:05    ---------   d--------   C:\Program Files\dvdSanta
2007-08-26 00:35    ---------   d--------   C:\Program Files\Roxio
2007-08-23 20:36    ---------   d--------   C:\DOCUME~1\ABHILASH\APPLIC~1\OpenOffice.org2
2007-08-23 20:32    56  -r-hs----   C:\WINDOWS\system32\9E04DCDE50.sys
2007-08-23 20:32    4288    --ahs----   C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-16 20:55    ---------   d--------   C:\Program Files\DivX
2007-08-12 01:42    ---------   d--------   C:\Program Files\Common Files\Sonic Shared
2007-08-12 01:42    ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-08-12 01:41    ---------   d--------   C:\Program Files\Sonic
2007-08-12 01:40    ---------   d--------   C:\Program Files\Dell
2007-08-11 22:50    ---------   d--------   C:\DOCUME~1\ABHILASH\APPLIC~1\Corel
2007-07-30 19:19    92504   --a------   C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19    92504   --a------   C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720  --a------   C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    549720  --a------   C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19    53080   --a------   C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    53080   --a------   C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19    43352   --a------   C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976  --a------   C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    325976  --a------   C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19    271224  --a------   C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19    207736  --a------   C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19    203096  --a------   C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    203096  --a------   C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19    1712984 --a------   C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19    1712984 --a------   C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18    33624   --a------   C:\WINDOWS\system32\wups.dll
2007-07-30 19:18    33624   --a------   C:\WINDOWS\system32\dllcache\wups.dll
2007-07-26 16:06    524288  --a------   C:\WINDOWS\system32\DivXsm.exe
2007-07-26 16:06    3596288 --a------   C:\WINDOWS\system32\qt-dx331.dll
2007-07-26 16:06    200704  --a------   C:\WINDOWS\system32\ssldivx.dll
2007-07-26 16:06    144704  --a------   C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-26 16:06    129784  --a------   C:\WINDOWS\system32\pxafs.dll
2007-07-26 16:06    118520  --a------   C:\WINDOWS\system32\pxinsi64.exe
2007-07-26 16:06    1044480 --a------   C:\WINDOWS\system32\libdivx.dll
2007-07-26 16:03    823296  --a------   C:\WINDOWS\system32\divx_xx0c.dll
2007-07-26 16:03    823296  --a------   C:\WINDOWS\system32\divx_xx07.dll
2007-07-26 16:03    81920   --a------   C:\WINDOWS\system32\dpl100.dll
2007-07-26 16:03    802816  --a------   C:\WINDOWS\system32\divx_xx11.dll
2007-07-26 16:03    740442  --a------   C:\WINDOWS\system32\DivX.dll
2007-07-26 16:03    593920  --a------   C:\WINDOWS\system32\dpuGUI11.dll
2007-07-26 16:03    57344   --a------   C:\WINDOWS\system32\dpv11.dll
2007-07-26 16:03    53248   --a------   C:\WINDOWS\system32\dpuGUI10.dll
2007-07-26 16:03    344064  --a------   C:\WINDOWS\system32\dpus11.dll
2007-07-26 16:03    294912  --a------   C:\WINDOWS\system32\dpu11.dll
2007-07-26 16:03    294912  --a------   C:\WINDOWS\system32\dpu10.dll
2007-07-26 16:03    196608  --a------   C:\WINDOWS\system32\dtu100.dll
2007-07-26 16:03    12288   --a------   C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-18 23:59    3583488 --a------   C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 16:31    765952  --a------   C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-08 18:17    ---------   d--------   C:\Program Files\Common Files\Autodesk Shared
2007-07-08 18:17    ---------   d--------   C:\Program Files\AutoCAD 2005
2007-07-08 18:04    ---------   d--h-----   C:\Program Files\InstallShield Installation Information
2007-07-08 17:55    ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-07-08 11:41    ---------   d--------   C:\Program Files\Windows Defender
2007-07-08 10:43    ---------   d--------   C:\Program Files\Lavasoft
2007-07-08 10:43    ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-08 10:42    ---------   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-07-08 10:33    ---------   d--------   C:\Program Files\CCleaner
2007-07-07 21:16    ---------   d--------   C:\Program Files\Trend Micro
2007-07-07 21:03    ---------   d--------   C:\Program Files\Microsoft Windows OneCare Live
2007-07-07 20:29    ---------   d--------   C:\Program Files\Reference Assemblies
2007-06-27 07:34    823808  --a------   C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 07:34    671232  --a------   C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 07:34    6058496 ---------   C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 07:34    52224   ---------   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 07:34    477696  --a------   C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 07:34    459264  ---------   C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 07:34    44544   ---------   C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 07:34    384512  ---------   C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 07:34    383488  ---------   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 07:34    27648   --a------   C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 07:34    267776  ---------   C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 07:34    232960  ---------   C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 07:34    230400  ---------   C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 07:34    193024  --a------   C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 07:34    153088  ---------   C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 07:34    132608  --a------   C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 07:34    124928  ---------   C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 07:34    1152000 --a------   C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 07:34    105984  ---------   C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 07:34    102400  ---------   C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 01:27    63488   ---------   C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 01:27    625152  ---------   C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 01:27    13824   ---------   C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 00:00    161792  ---------   C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-25 23:08    1104896 --a------   C:\WINDOWS\system32\msxml3.dll
2007-06-25 23:08    1104896 ---------   C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 06:31    282112  --a------   C:\WINDOWS\system32\gdi32.dll
2007-06-19 06:31    282112  ---------   C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 03:23    1033216 --a------   C:\WINDOWS\explorer.exe
2007-06-13 03:23    1033216 ---------   C:\WINDOWS\system32\dllcache\explorer.exe
2007-03-22 12:57:59 88  --sh--r C:\WINDOWS\system32\50DEDC049E.sys


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe" [2004-05-25 07:16]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 07:34]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-23 08:54]
"D-Link Air USB Utility"="C:\Program Files\D-Link\Air USB Utility\AirCFG.exe" [2003-05-26 15:44]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-26 16:41]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 07:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 07:44]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 04:42]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-08-11 20:11]
"DMXLauncher"="C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe" [2007-04-02 05:24]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 10:21]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-09-21 05:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 02:00]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-11 18:16]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-22 05:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ABHILASH^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk]
path=C:\Documents and Settings\ABHILASH\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyStudio_L]
"C:\Program Files\Samsung\Samsung PC Studio 3\Launcher.exe" -tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
Rundll32 CTMBHA.DLL,MBMon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
"C:\Program Files\Norton Ghost\Agent\GhostTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
MIDIDef.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
"C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsUpdate]
rundll32.exe "C:\WINDOWS\system32\wtelgjli.dll",realset

R2 NIOC;NIOC Service;\??\C:\WINDOWS\system32\NIOC.SYS
R2 WZCBDLService;WZCBDL Service;"C:\Program Files\WZCBDL Service\WZCBDLS.exe"
R2 XilinxPC4Driver;XilinxPC4Driver;C:\WINDOWS\system32\drivers\XPC4DRVR.SYS
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys
R3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys
R3 sigfilt;sigfilt;C:\WINDOWS\system32\drivers\sigfilt.sys
R3 WinDriver6;WinDriver6;C:\WINDOWS\system32\drivers\windrvr6.sys
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe


Contents of the 'Scheduled Tasks' folder
2007-06-14 14:20:46 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe
2007-08-29 07:32:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-08-29 01:27:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\WinSxS
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\wininit.ini
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\WORDPAD.INI
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\_default.pif

scan completed successfully
hidden files: 12

**************************************************************************

Completion time: 2007-08-29  1:29:11 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-29 01:29

    --- E O F ---

Thanks again for the help

abhi_lp 0 Newbie Poster · Answer 2 · 2007-08-31T09:13:20+00:00

Thanks again I have downloded AVG FRE and zonealarm
I am posting the panga log and the show key.txt

panda log

Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\txvhogjc.dll
Virus:Trj/Downloader.MDW Disinfected Operating system
Adware:Adware/Zenosearch Not disinfected c:\docume~1\abhilash\locals~1\temp\thinksnet.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ifustlnh.dll
Virus:Generic Malware Disinfected Operating system
Virus:Trj/Downloader.PCQ Disinfected Operating system
Adware:Adware/Winpopup Not disinfected C:\Program Files\WinPop\winpop.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\QUJISUxBU0ggU0hJVkFTSEFOS0FSQSBQSUxMQQ\command.exe
Adware:Adware/SearchAid Not disinfected C:\Program Files\Network Monitor\netmon.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\QUJISUxBU0ggU0hJVkFTSEFOS0FSQSBQSUxMQQ\asappsrv.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\jkkkjji.dll
Adware:adware/commad Not disinfected c:\windows\system32\atmtd.dll
Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\ABHILASH\Desktop\Click to Find and Fix Errors.url
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\ABHILASH\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\ABHILASH\Cookies\abhilash@adrevolver[1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\ABHILASH\Cookies\abhilash@ads.addynamix[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\ABHILASH\Cookies\abhilash@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\ABHILASH\Cookies\abhilash@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\ABHILASH\Cookies\abhilash@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\ABHILASH\Cookies\abhilash@fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\ABHILASH\Cookies\abhilash@mediaplex[2].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\ABHILASH\Cookies\abhilash@tickle[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\ABHILASH\Cookies\abhilash@trafficmp[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\ABHILASH\Cookies\abhilash@web.tickle[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\ABHILASH\Cookies\abhilash@zedo[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\ABHILASH\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\ABHILASH\Local Settings\Application Data\Mozilla\Firefox\Profiles\q9a3pona.default\Cache\7ED6F4AAd01[nircmd.exe]
Adware:Adware/CommAd Not disinfected C:\Documents and Settings\ABHILASH\Local Settings\Temp\cmdinst.exe
Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\ABHILASH\Local Settings\Temp\thinksnet.exe
Virus:Trj/ConHook.DB Disinfected C:\Documents and Settings\ABHILASH\Local Settings\Temporary Internet Files\Content.IE5\CVNE11WQ\is68089[1].exe
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\ABHILASH\Local Settings\Temporary Internet Files\Content.IE5\CVNE11WQ\jaun_20070726[1]
Virus:Trj/Downloader.PCQ Disinfected C:\Documents and Settings\ABHILASH\Local Settings\Temporary Internet Files\Content.IE5\FKIZ7VZH\lkjh[1]
Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\ABHILASH\Local Settings\Temporary Internet Files\Content.IE5\FKIZ7VZH\thinksnet[1].exe
Adware:Adware/TTC Not disinfected C:\Documents and Settings\ABHILASH\Local Settings\Temporary Internet Files\Content.IE5\FKIZ7VZH\tk58[1].exe
Adware:Adware/CWS Not disinfected C:\Documents and Settings\ABHILASH\Local Settings\Temporary Internet Files\Content.IE5\JTASS5WT\83122[1].exe
Virus:Trj/Downloader.MDW Disinfected C:\Documents and Settings\ABHILASH\Local Settings\Temporary Internet Files\Content.IE5\JTASS5WT\retadpu[1].exe
Adware:Adware/CommAd Not disinfected C:\Documents and Settings\ABHILASH\Local Settings\Temporary Internet Files\Content.IE5\WXA6XXOY\installer[1].exe
Virus:Trj/Downloader.MDW Disinfected C:\Documents and Settings\ABHILASH\Local Settings\Temporary Internet Files\Content.IE5\WXA6XXOY\xpre[1].exe
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\ABHILASH\Local Settings\Temporary Internet Files\Content.IE5\WXA6XXOY\_affvm[1]
Adware:Adware/TTC Not disinfected C:\Program Files\Messenger\mezepod22011.exe
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Trend Micro\HijackThis\backups\backup-20070826-110050-400.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Trend Micro\HijackThis\backups\backup-20070829-003841-206.dll
Adware:Adware/WebBuying Not disinfected C:\Program Files\Web Buying\v1.8.2\wbuninst.exe
Virus:Generic Malware Disinfected C:\Program Files\Windows Plus\qudas.dll
Virus:Generic Malware Disinfected C:\Program Files\Windows Plus\qudas.dll.ren
Virus:Trj/Downloader.MDW Disinfected C:\Program Files\WinPop\UnInstall.exe
Adware:Adware/TTC Not disinfected C:\QooBox\Quarantine\C\Program Files\Online Services\merozegeq4444.dll.vir
Virus:Generic Malware Disinfected C:\QooBox\Quarantine\C\Program Files\Trend Micro\HijackThis\backups\backup-20070826-105958-627.dll.vir
Virus:Generic Malware Disinfected C:\QooBox\Quarantine\C\Program Files\Windows Plus\qudas.dll.vir
Virus:Generic Malware Disinfected C:\QooBox\Quarantine\C\Program Files\Windows Plus\qudas428.dll.vir
Virus:Trj/Downloader.PNC Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\driver\w717.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\pmnkhfe.dll.vir
Adware:Adware/TTC Not disinfected C:\QooBox\Quarantine\C\WINDOWS\tk58.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\catchme2007-08-29_ 12711.00.zip[opnllml.dll]
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\njlhhrqh.dll.bad
Adware:Adware/Winpopup Not disinfected C:\WINDOWS\b122.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\system32\atmtd.dll._
Virus:Trj/Downloader.PNC Disinfected C:\WINDOWS\system32\bgfig5\xd01225.exe
Virus:Trj/Downloader.PUT Disinfected C:\WINDOWS\system32\capcom\nab22011.exe
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\system32\CC1\mon123bcz.exe
Virus:Trj/Downloader.PNC Disinfected C:\WINDOWS\system32\cfig32\icm33oc.exe
Adware:Adware/ISearch Not disinfected C:\WINDOWS\system32\drvr2\bbc002nws.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\fdnqxkev.dll.ren
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\iifcbyw.dll.ren
Virus:Trj/Passtealer.ED Disinfected C:\WINDOWS\system32\tuvtrpn.dll.ren
Adware:Adware/TTC Not disinfected C:\WINDOWS\tk58.exe

showkey.txt

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ
hkey REG_SZ HKLM
command REG_SZ
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ ccApp
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ CTDetect
hkey REG_SZ HKCU
command REG_SZ "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ ctfmon
hkey REG_SZ HKCU
command REG_SZ C:\WINDOWS\system32\ctfmon.exe
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ CTSysVol
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ DSAgnt
hkey REG_SZ HKCU
command REG_SZ "C:\Program Files\Dell Support\DSAgnt.exe" /startup
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ DLACTRLW
hkey REG_SZ HKLM
command REG_SZ C:\WINDOWS\System32\DLA\DLACTRLW.EXE
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ DMXLauncher
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\Dell\Media Experience\DMXLauncher.exe
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyStudio_L
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ Launcher
hkey REG_SZ HKCU
command REG_SZ "C:\Program Files\Samsung\Samsung PC Studio 3\Launcher.exe" -tray
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ ehtray
hkey REG_SZ HKLM
command REG_SZ C:\WINDOWS\ehome\ehtray.exe
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ GoogleDesktop
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ hkcmd
hkey REG_SZ HKLM
command REG_SZ C:\WINDOWS\system32\hkcmd.exe
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ igfxpers
hkey REG_SZ HKLM
command REG_SZ C:\WINDOWS\system32\igfxpers.exe
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ igfxtray
hkey REG_SZ HKLM
command REG_SZ C:\WINDOWS\system32\igfxtray.exe
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ IndexSearch
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ isuspm
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ issch
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ Rundll32 CTMBHA
hkey REG_SZ HKLM
command REG_SZ Rundll32 CTMBHA.DLL,MBMon
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ mcagent
hkey REG_SZ HKLM
command REG_SZ c:\PROGRA~1\mcafee.com\agent\mcagent.exe
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ McUpdate
hkey REG_SZ HKLM
command REG_SZ C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ mimboot
hkey REG_SZ HKLM
command REG_SZ C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ mm_tray
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ MpfTray
hkey REG_SZ HKLM
command REG_SZ C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ MskAgent
hkey REG_SZ HKLM
command REG_SZ C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ MSKDetct
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ GhostTray
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ oasclnt
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\McAfee.com\VSO\oasclnt.exe
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ pptd40nt
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ qttask
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ MIDIDef
hkey REG_SZ HKCU
command REG_SZ MIDIDef.exe
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ SSBkgdupdate
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ realsched
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ UpdReg
hkey REG_SZ HKLM
command REG_SZ C:\WINDOWS\UpdReg.EXE
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ mcvsshld
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\McAfee.com\VSO\mcvsshld.exe
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ AndreaVC
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ mcmnhdlr
hkey REG_SZ HKLM
command REG_SZ "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ MSASCui
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\Windows Defender\MSASCui.exe" -hide
inimapping REG_SZ 0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsUpdate
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ wtelgjli
hkey REG_SZ HKLM
command REG_SZ rundll32.exe "C:\WINDOWS\system32\wtelgjli.dll",realset
inimapping REG_SZ 0

thanks

abhi_lp 0 Newbie Poster · Answer 3 · 2007-08-31T13:44:39+00:00

Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:23 AM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\kniqopid.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Messenger\mezepod22011.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\imabunny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2FD21C40-21D5-4E6F-B617-7B1E93E13964} - C:\WINDOWS\system32\gebyy.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: 0 - {CE0737BA-B171-4C24-56BD-4C0364ACB44B} - C:\Program Files\Windows Plus\qudas.dll (file missing)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\ifustlnh.dll (file missing)
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\jkkkjji.dll (file missing)
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [{F8-86-60-0F-ZN}] C:\Documents and Settings\ABHILASH\Local Settings\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [mezepod] C:\Program Files\Messenger\mezepod22011.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\ABHILASH\Local Settings\Temp\thinksnet.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183943294843
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: gebyy - C:\WINDOWS\system32\gebyy.dll
O20 - Winlogon Notify: jkkkjji - jkkkjji.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\kniqopid.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Plus\rtemehd.html

--
End of file - 10116 bytes

Thanks

abhi_lp 0 Newbie Poster · Answer 4 · 2007-08-31T14:11:09+00:00

i removed the following as per the earlier reply
O2 - BHO: 0 - {CE0737BA-B171-4C24-56BD-4C0364ACB44B} - C:\Program Files\Windows Plus\qudas.dll (file missing)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\ifustlnh.dll (file missing)
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\jkkkjji.dll (file missing)
O4 - HKLM\..\Run: [mezepod] C:\Program Files\Messenger\mezepod22011.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\ABHILASH\Local Settings\Temp\thinksnet.exe
O20 - Winlogon Notify: jkkkjji - jkkkjji.dll (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Plus\rtemehd.htm

------------------------------------------------------
the new hijack this log is

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:28 AM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\kniqopid.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Trend Micro\HijackThis\imabunny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2FD21C40-21D5-4E6F-B617-7B1E93E13964} - C:\WINDOWS\system32\gebyy.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183943294843
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: gebyy - C:\WINDOWS\system32\gebyy.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\kniqopid.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

--
End of file - 9257 bytes

Thanks

gerbil 216 Industrious Poster · Answer 5 · 2007-08-31T14:10:48+00:00

abhi, please delete C:\vundofix.txt, delete Vundofix.exe, download a fresh [updated] copy from the same link as in my first post :
http://www.atribune.org/ccount/click.php?id=4 -and rerun Vundofix as before.

gerbil 216 Industrious Poster · Answer 6 · 2007-08-31T14:12:00+00:00

just posted to you re vundofix... :} - pls do it now.. and this:

O23 - Service: DomainService - - C:\WINDOWS\system32\kniqopid.exe
This service has to be stopped and removed, follow this procedure:
==Go Start, run, type services.msc -and press Enter. Maximise the window and at foot select Extended tab, scroll to the specific service [DomainService], rclick it, select properties. Write down the exact Service Name. Press Stop if it is highlighted [you may have to set the service to Disable first]. Close Services, now type this line into the run text box and press Enter:
sc delete "exact Service Name" - don't be silly now....
Browse to and ensure this file is deleted:
C:\WINDOWS\system32\kniqopid.exe

By the way, the order of doing those things in my posts I considered important - I did not wish your sys to be virus-infected when you installed AVG FRE AV.... Pls follow the order of things.. you were supposed to run CCleaner just before the panda scan.

gerbil 216 Industrious Poster · Answer 7 · 2007-08-31T15:02:17+00:00

And more... :)
Please go to CP, add/remove pgms and uninstall any of these:
WinPop, Network Monitor, Web Buying.

==Download Avenger from http://swandog46.geekstogo.com/avenger.zip
You must be in an Administrator-privileged account to run this procedure...
-unzip it to your desktop and start it; select “Input script manually” and then click the magnifying glass icon. Paste into the box as one block ALL the text between the lines:-
_____________________________________
Files to delete:
C:\Program Files\WinPop\winpop.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Web Buying\v1.8.2\wbuninst.exe
C:\WINDOWS\system32\txvhogjc.dll
c:\docume~1\abhilash\locals~1\temp\thinksnet.exe
C:\WINDOWS\system32\ifustlnh.dll
C:\WINDOWS\QUJISUxBU0ggU0hJVkFTSEFOS0FSQSBQSUxMQQ\command.exe
C:\WINDOWS\QUJISUxBU0ggU0hJVkFTSEFOS0FSQSBQSUxMQQ\asappsrv.dll
C:\WINDOWS\system32\jkkkjji.dll
c:\windows\system32\atmtd.dll
C:\Documents and Settings\ABHILASH\Local Settings\Temp\cmdinst.exe
C:\Documents and Settings\ABHILASH\Local Settings\Temp\thinksnet.exe
C:\Program Files\Messenger\mezepod22011.exe
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\CC1\mon123bcz.exe
C:\WINDOWS\system32\cfig32\icm33oc.exe
C:\WINDOWS\system32\drvr2\bbc002nws.exe
C:\WINDOWS\system32\fdnqxkev.dll.ren
C:\WINDOWS\system32\iifcbyw.dll.ren
C:\WINDOWS\system32\tuvtrpn.dll.ren
C:\WINDOWS\tk58.exe

Folders to delete:
C:\Program Files\WinPop
C:\Program Files\Network Monitor
C:\Program Files\Web Buying

Registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsUpdate

_____________________________________
...and click Done, and finally the green light.
Follow promps to reboot your machine.
[The files, etc., that you asked Avenger to delete are zipped to C:\avenger\backup.zip.]
Avenger creates a log file that should open with the results of its actions. This file is located at C:\avenger.txt

Please post that log file.

O23 - Service: DomainService - - C:\WINDOWS\system32\kniqopid.exe
This service has to be stopped and removed, follow this procedure:
==Go Start, run, type services.msc -and press Enter. Maximise the window and at foot select Extended tab, scroll to the specific service [DomainService], rclick it, select properties. Write down the exact Service Name. Press Stop if it is highlighted [you may have to set the service to Disable first]. Close Services, now type this line into the run text box and press Enter:
sc delete "exact Service Name" - don't be silly now....

And finally, please run:
= CCleaner
= AVG AS - make sure it is updated first, and under Scanner/ Settings please change the default action from Recommended Actions to QUARANTINE, and run the complete system scan.
-press Apply all Actions and Save the log file. Post the log file.
=Panda Online Scan.
That should keep you busy; post the vundofix, Avenger, AVG AS and Panda logs, plus another Hijackthis log.

abhi_lp 0 Newbie Poster · Answer 8 · 2007-08-31T20:54:56+00:00

thanks
I thought I followed the order correctly but I did run cccleaner both before and after panda scan
I followed the steps said above but kniqopid.exe was not deleted

gerbil 216 Industrious Poster · Answer 9 · 2007-09-01T17:37:08+00:00

Okay, thank you, abhi, I noted your comments on following the procedure... CCleaner should have deleted all your cookies from Firefox and IE, plus the temp inet files.... that is why I request it to be run before an AS or AV scan - it removes the log clutter.
You might check its settings to see that the relevant boxes are checked.
I really would like to see the results from Vundofix, Avenger, AVG and the final Panda scan, please - besides checking if the procedure has worked for you I use them to learn, to advance my methods of attack on specific problems.
Copy this text into Avenger and see if it deletes the file:
______________________________
Files to delete:
C:\WINDOWS\system32\kniqopid.exe
______________________________
-then remove the service.
This is another good file deleter, but you have to browse to the file and select it for deletion.
==This one is a general purpose deleter, Unlocker 1.8.5: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.

please help

Recommended Answers Collapse Answers

All 12 Replies

Recommended Answers