Posts by gerbil

Try deleting this file:
C:\DOCUME~1\ASD\LOCALS~1\Temp\{0AA6B961-21D9-4FBB-A265-816E5A696479}\sidebar.exe
If it resists use this tool:
==This one is a general purpose deleter, Unlocker 1.8.5: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.
Say how it goes... and how things are...

hbk wished you to fix certain entries with hijackthis...
Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {EEB97AC3-B47A-A0D9-7438-BAA93FEB5B93} - (no file)
O2 - BHO: (no name) - {F2566B36-A3DC-ED7B-8045-FD1D84354597} - (no file)
O4 - HKLM\..\Run: [system32KLGK Agent] C:\WINDOWS\system32KLGK.exe
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)

Good, now delete this file:
C:\WINDOWS\system32KLGK.exe
Finally, because of a couple of traces you have in that log I would like you to rename hijackthis.exe to imabunny.exe [important step] and then make another log for us to look at.
Weirdontheweb? I assume you removed it via CP > add/remove pgms?

justlookin, if you run that batchfile I posted way earlier we will be able to see the settings which most likely are blocking you; the script only reads, it does not change or damage anything...
Or instead, you can run this line which will give a more complete listing...
Go Start, run, type cmd -press Enter, and paste this line into the black cmd window that opens and press Enter; close the window:

reg query HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies /s > C:\showkey.txt

...and post that file, C:\showkey.txt

Glad you're rolling again... the simplest things..? cos we tend to overlook them? must be a societal failing, in that we like to consider the things that do us down as tough n powerful, cos that implies that we may be not so weak?
One day i'll get onto net protocols and communications. One day. Maybe. For the mo the basics are getting me thru.
Cheers.

Yep, it is safe to delete it as hbk says [that is what the ccleaner run was for, to rid your sys of files which would have cluttered the panda scan log..].
If the freezing happens when you use IE7 then I cannot help - I have neither upgraded? my sys nor my head to IE7.

Doug, HiJackThis:
==download hijackthis: http://www.majorgeeks.com/download5554.html
-install it to a new folder alongside your program files and then... rename hijackthis .exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log in the VIRUSES etc forum, not here.

Could you try swapping, even reseating, your RAM sticks? If you have more than one, try running with just one in slot #1, then the other....

Ah, well thank you for that info, I did not realise... I'm afraid that all my fixes/knowledge pertain to IE6 cos I do not use IE7 personally. I do not even have a list of all IE7 dll's.
Sorry.

:)
There is nothing wrong showing in that log... just wondering if it is something to do with your router and tcp/ip network settings for DHCP. But sorry, that stuff is out of my area.

To save time can I just send you here:
-use the MVPS pgm, IEFix from:
http://windowsxp.mvps.org/IEFIX.htm -which includes dll registration as well as the ie.inf installation.
You will need your installation CD.

C'mon, fess up, what was it..?

Haven't a clue; best post a log... apart from it just sitting there, browsing has gotta be the least load you can put on a sys.
And that's not a teddybear, that looks like Ee-ore!

Try this first - it may give a hint:
Reg keys/batch file text
==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as showkey.bat, as type "all files", to your desktop; dclick it to run, then post the file C:\showkey.txt
__________________________________________________________
reg query HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies >C:\showkey.txt
reg query HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop >>C:\showkey.txt
__________________________________________________________

==Download fixwareout from http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe - and save it to your desktop.
Double click Fixwareout.exe to start the Fixwareout Setup Wizard, click next and then install. Ensure that Run fixit is checked, and click on Finish. After the fix follow the prompts. You will be asked to reboot your computer, and it may take longer than usual to load - this is normal.

Next check some settings....In control panel select the Network and Internet Connections , rclick on your default connection, usually local area connection for cable and dsl, and lclick on properties. Click the Networking tab. Dclick on the Internet Protocol (TCP/IP) item and select Obtain DNS servers automatically. Press OK twice to get out of the properties screen and reboot if it asks.

Now flush the DNS cache: Go Start > Run, type cmd and click OK.
In the command screen, type in cd\ and then press Enter. Now type in ipconfig /flushdns and then Enter. [space after ipconfig]. Type Exit.

FIX CHECKED ENTRIES....!!
Start Hijackthis, do a Scan Only and place checkmarks against all of the following that exist, and then press Fix Checked:

O17 - HKLM\System\CCS\Services\Tcpip\..\{0D2396B9-2736-4FAF-B07E-F222C05C3075}: NameServer = 85.255.116.35,85.255.112.65
O17 - HKLM\System\CCS\Services\Tcpip\..\{655BE115-8A4E-460A-849D-4C0770D3EEB8}: NameServer = 85.255.116.35,85.255.112.65
O17 - HKLM\System\CCS\Services\Tcpip\..\{65EDDEDA-0C4E-4A37-BF6E-B65C24DF516A}: NameServer = 85.255.116.35,85.255.112.65
O17 - HKLM\System\CCS\Services\Tcpip\..\{D827AB6E-9147-4172-80C2-2961FE58E10A}: NameServer = 85.255.116.35,85.255.112.65
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.35 85.255.112.65

I see nothing there, yogi... you could do these things for a more in depth check:
Clean up first:
==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs ..]
Then this scan... you may try it from Safe Mode with Networking:
Panda Online Scan:
==Please use IE to do an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.

If you rclick the sys clock in your tray, select Adjust date/time and the clock window opens then rundll32.exe is working okay.. [this is just the simplest action I can think of that invokes rundll32.exe]

Heya, soldier, this should start sorting things out for you...

==Download SmitfraudFix (by S!Ri) from http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.
- Restart your computer in Safe Mode
- Open the SmitfraudFix folder and double-click SmitfraudFix.cmd, select option #2 - Clean [type 2 and Enter]
You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer Y and Enter [which will remove the desktop background and clean registry keys associated with the infection].
The tool will next check if wininet.dll is infected- if it is you will be prompted to replace the file ; type Y and press "Enter".
It will also create a log named rapport.txt in the root of your drive, eg: Local Disk C:\
Restart in normal Windows. Please post C:\rapport.txt
[You may also have to restore your desktop background...
If so, go Start >run, type regedit and <enter>. Navigate to this key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Please export that key: in the left pane highlight system with a lclick, go File, export... , save as bluewall with file type .txt. Close regedit and post that txt file.]

Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isadd.dll (file missing)
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O21 - SSODL: …

In your log 3 entries show with file missing, use HT to fix those [one O2 and two O3's] -tht just tidies stuff up, won't speed up stuff.
Lose the Compete toolbar and ALL the Google desktop aids and toolbars - say what happens.

AVG AS would clean it also...

The O22 entry shown below is your problem's source, I think - it is a Smitfraud variant, but the normal and best tool for removing it won't work with Vista....
Your Superantispyware should have detected n removed some of its keys, but it appears to have left this one plus the file itself - could I see the log of your most recent scan, please?
Meanwhile, let's try this:
Download Unlocker 1.8.5
==This one is a general purpose deleter, Unlocker 1.8.5: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.
Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O22 - SharedTaskScheduler: heterotroph - {de5ede53-9db0-422d-b32d-5c41c96d6f52} - C:\Windows\system32\iklqcx.dll
Now navigate to the file and use Unlocker to delete it.
Post another hijackthis scan made after a restart with your comments pls [plus that Super log].

Beauty! Thanks, jb. If i'd fully absorbed his boot.ini detail Ida known we were dealing with WINNT in minesz's case [slight twinge of shame....], but now I know the scheme of things.

"It fitted in my bin" Yep, okay, it's just that I have shrunken my bins to a pretty small size - if I don't want stuff, I mostly don't want it hanging around somewhere else.... mostly.. :)
And your WINNT = my WINDOWS[0] ... I was not sure what it would be named, I have seen both.
Skip the info in the last post to you [#10] re partitions and formatting - that was just a recap of a method to use when installing a fresh OS to avoid your problem in the first place; if your sys is working now all is fine.
Cheers.

I do not have Outlook... but is there any chance you have set the font colour to match the background colour?
Sorry if this seems to be a trivial answer... ;)

Okay. Dima put it simply, I didn't. It was going to be simple....

The system idle process...to put it simply the figures in that column you are looking at, CPU time, represents the time being allocated to a process and are expressed in parts per 100, where 100 represents full CPU utilisation. A process is assigned a portion of total CPU time in order according to its interrupt level which represents that process' priority [the interrupt level is continually adjusted so that all requests are handled in a timely manner, the portion of time allotted may also be adjusted according to demand]. It stands to reason that if your CPU is not much occupied dealing with the tasks at hand then to make that sum equal 100 the unused CPU processing potential must equate to the balance - that is the system idle process' share of CPU time.
If your system idle process share is say 97, then not much processing is being done. It is not a real process.
If your system is crashing when sys idle is high, it is cos something else [everything else] stopped working..... some process is waiting for input.
In spite of the descriptions like multi-tasking a processor can only do one thing at a time ie, handle one thread at a time; it switches between threads according to the priority handed to them by the scheduler. A thread deemed urgent is given a high priority. The processor handles the thread which has the highest priority, the more time it devotes to a thread …

mistyped in prev post.. meant msi.dll vsn 3.1.4000.4039.
nothing here helps? It applies to 3.1 which they mention at bottom....
http://support.microsoft.com/kb/555175

Line 4, in my first post... I don't actually care what you call it, as long as I can recognise it, and vundo cannot.

Surely [re]making any partition forces the rewrite of the MBR? It holds partition information.... as an example if you delete the boot partition which is active, then then MBR must record the new active partition when it is created to pass to BIOS... perhaps I should have said "modify"...
But please don't test me on LINUX, jb.... all I know is that it exists.... so I cannot comment on that aspect of your post.

Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O3 - Toolbar: Protection Bar - {F06E2ABE-3A50-4079-BE25-FC100D9EAA25} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00C6209.dat

JAVA Update:
==Finally: Java update!!! This is for security reasons. Go control panel > java > update, & press update now. Restart after installing the update, and then go into control panel again, add/remove pgms and remove all old versions of java. Vsn 1.6.0.2 is current....

Good, now please do the imabunny rename bit I referred to earlier, and post a fresh hijackthis scan.

By the way, if you do not use some third party software to wipe your HD before an installation then during Setup you must remove the old OS [boot] partition and then remake and fast-format it. Remaking the boot partition [C:] rewrites the master boot record for the disk, and creates a new partition boot sector and master file table in C: so all file info is lost. Result is the old OS is toast.

Heh!, sorry, it was actually kb.net's instructions, not Dortz's that I wanted you to follow, but you got it right anyway... :)
Okay, your current boot.ini file is correct, your earlier version tells me that you actually installed your second OS onto the same partition as the first.
Now you wish to lose the first installation to which you do not have the admin password - all you need to do is delete the WINDOWS folder [it will not fit in your bin]; the folder you are using will be designated as WINDOW[0]. Am I correct? Creation dates will tell.... To be rid of that [0] in WINDOWS[0] would be nigh impossible, I think, cos it would be deeply embedded in registry entries.
WINDOWS[0] will be using your original Program Files folder, but some of your document folders may be duplicated so copy out of the old into the new and remove the old. You should be able to work out which is which from creation dates etc, if not from the contents.

Can you not copy this and other missing files from the CD i386 folder?
c:/windows/system32/msiexec.exe
And you could always rename msiexec.old to msiexec.exe... mine is vsn 3.1.4000.1823.
mis.dll vsn is 3.1.4000.4039

Hello, andy, you have something with the appearance of a vundo infection. For your next hijackthis scan please delete your copy of hijackthis.exe and download this: http://www.majorgeeks.com/download5554.html
Please then rename hijackthis.exe to imabunny.exe - this is important.
==Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4
=Restart your system in Safe Mode.
Double-click VundoFix.exe to start it. Click the Scan for Vundo button.
When the scan completes click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will restart your computer - click OK.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
!!! Check the Vundofix log for any found files that were not deleted - if present rerun Vundofix !!!
Post the contents of C:\vundofix.txt plus a new HijackThis log.
That scan/fixer is to catch any other files which may not show in your log.... I do know this next will fix what I can see there:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it[ normal …

Go back to that repair store, tell them that they loaded your pc from an XP CD that is more up-to-date than yours, and reasonably demand that they burn you a copy of the CD they used. For no charge, or pretty much just the cost of a CD blank. Then you can use it to do a Windows Repair [via Setup, not Recovery console]

Grab your installation CD, go Start, run, type or paste in:
sfc /scannow -and press Enter. Follow the instructions, when finished the window will just close, no fanfare.
Actually, I don't know if that will copy in those files because they may not be listed as protected [but it won't hurt to try it]. If it does not you could then just copy those files off your CD [in i386 folder] into system32.
msi.dll has been updated recently. Windows update will pick that up though if you request it [the update website] to scan your system.

minesz, follow dortz' instructions to th Edit button and put up a copy of the notepad that opens, cos what you folks are discussing is clear as mud. Pretty much.

Use hijackthis to fix this entry:
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
Say how it goes.

:) "copy the text between the lines to a notepad" - you didn't include the header, did you? Tsk tsk....

The log appears clean. It could be your shell32.dll with problems - try going Start, run, type:
sfc /scannow -and press Enter, you will probably need your installation CD. If that does not do the job then a windows Repair using that CD would be my next call [you bypass Recovery Console and enter Setup, identify the OS installation and select to repair it]. Your files are not touched.

Heh... glad you're flying again.....
Google desktop? I don't know if it is any better or worse than others, but personally speaking, Google is just a search engine website to me, I can go there with a button press when I wish, apart from that simplicity rules and I don't want any part of it or other helpers in my sys. I know where my stuff is, I don't need another search tool to find files.
I DO know that a corrupted BHO can present seemingly weird symptoms..... like yours for example. And yes, that was the root cause in your case.
Google is big, monolithic, sometimes immovable. -their web accelerator for example works by caching on their servers copies of a multitude of webpages that are commonly used, the software you install issues you with a URL to one of their servers. It once was a case that one of those links was broken or incorrect, but G would not budge in fixing it. Result was many ppl had ....umm... less-accelerated web experiences.
But it's a great search engine.

And if still will not work, then IEFIX from this site will reregister IE [fix the relevant entries in your registry] as well as replace all the IE sys files using those from your installation CD [you will need that CD for a successful run]...

Hi, dragonflei, if you used that SDFix link in FF it should have prompted you immediately if you wished to accept the download - that is the actual dl site, button pressed, ready to go URL. You won't find SDFix on any other link in that site.
But now, having seen your hijackthis log at last, there is no need to run it, so please don't - the log shows clean. I do not know how you removed Winantispyware but it is not running; if you still have traces of it in your sys tha you wish to remove then one of the best tools for it is this one:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
I suspect that something with your IE browser is corrupted, if the problem was merely something like a security setting you would be prompted when you attempted a something which was blocked. May I suggest this: go start, run, type:
sfc /scannow -and press Enter. You may be prompted to insert your installation CD - this runs …

Iexplore won't run, huh? Okay, cos you have an active desktop I would remove that [O24], remove all the Google BHO's [uninstall google desktop and fix the google O2's and O3]].
I'm just guessing tht one of your browser addons has killed your browser and hence your active desktop.
Clean up these entries while you are at it:

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - blank (file missing)
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxdm824DOUS
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Actually, of all your O2 and O3 entries, this is the only one I would keep:
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

Say how you get on...

Okay, thank you, abhi, I noted your comments on following the procedure... CCleaner should have deleted all your cookies from Firefox and IE, plus the temp inet files.... that is why I request it to be run before an AS or AV scan - it removes the log clutter.
You might check its settings to see that the relevant boxes are checked.
I really would like to see the results from Vundofix, Avenger, AVG and the final Panda scan, please - besides checking if the procedure has worked for you I use them to learn, to advance my methods of attack on specific problems.
Copy this text into Avenger and see if it deletes the file:
______________________________
Files to delete:
C:\WINDOWS\system32\kniqopid.exe
______________________________
-then remove the service.
This is another good file deleter, but you have to browse to the file and select it for deletion.
==This one is a general purpose deleter, Unlocker 1.8.5: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.

I may be able to help you with the flash drive problem... copy the text between the lines to a notepad, save it as nodrives.reg to your desktop, dclick it to run it - tell me what happpens [you may need to restart..]
___________________________________________
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=dword:0
___________________________________________

It's late, I'm going to just try a guess...
Copy this download into the pc. It fits on a floppy. Or use Safe mode with Networking to go directly.

==Download SDFix from here: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
and save it to your desktop. Dclick SDFix.exe and choose Run to extract it to %systemdrive%, which commonly will be C:\
==Restart your computer in Safe Mode:- press F8 several times while POST is running and before IDE detection completes.
- On the Windows Advanced Options Menu, select Safe Mode and press Enter.
- When the Boot Menu appears again, select Microsoft Windows XP and press Enter.
- Log in by using the Administrator account and password. NOTE: The password is blank by default unless you set a password.
==Open the extracted SDFix folder, C:\SDFix and double click RunThis.bat to start the script. Type Y to begin the cleanup.
You will be prompted to press any key to Reboot - the pc will then restart.
The tool will run again and complete the removal process then display Finished; press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Restart the pc in normal mode. Post the contents of the file Report.txt here, along with the log of a fresh hijackthis scan run in normal mode.

cathe, I've looked around as I guess you have; it seems that if you cannot do an F8 at boot to get to LKGF you are pretty much stuck with doing a windows Repair [which will restore your registry, but not interfer with your apps n data].
A parallel installation as per M$ instructions [they talk about NT but that is true for XP also] would not help cos you don't know exactly [ no event log access] what the problem is that caused the stop.
Sorry

C:\WINDOWS\TEMP\SI5CB5.EXE
What is this file? I am always suspicious of pgms that execute from a temp directory. I do not see what started it...
You may wish to submit your services.exe for a scan at http://virusscan.jotti.org/
Either browse to the file or paste in the pathname above.

And more... :)
Please go to CP, add/remove pgms and uninstall any of these:
WinPop, Network Monitor, Web Buying.

==Download Avenger from http://swandog46.geekstogo.com/avenger.zip
You must be in an Administrator-privileged account to run this procedure...
-unzip it to your desktop and start it; select “Input script manually” and then click the magnifying glass icon. Paste into the box as one block ALL the text between the lines:-
_____________________________________
Files to delete:
C:\Program Files\WinPop\winpop.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Web Buying\v1.8.2\wbuninst.exe
C:\WINDOWS\system32\txvhogjc.dll
c:\docume~1\abhilash\locals~1\temp\thinksnet.exe
C:\WINDOWS\system32\ifustlnh.dll
C:\WINDOWS\QUJISUxBU0ggU0hJVkFTSEFOS0FSQSBQSUxMQQ\command.exe
C:\WINDOWS\QUJISUxBU0ggU0hJVkFTSEFOS0FSQSBQSUxMQQ\asappsrv.dll
C:\WINDOWS\system32\jkkkjji.dll
c:\windows\system32\atmtd.dll
C:\Documents and Settings\ABHILASH\Local Settings\Temp\cmdinst.exe
C:\Documents and Settings\ABHILASH\Local Settings\Temp\thinksnet.exe
C:\Program Files\Messenger\mezepod22011.exe
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\CC1\mon123bcz.exe
C:\WINDOWS\system32\cfig32\icm33oc.exe
C:\WINDOWS\system32\drvr2\bbc002nws.exe
C:\WINDOWS\system32\fdnqxkev.dll.ren
C:\WINDOWS\system32\iifcbyw.dll.ren
C:\WINDOWS\system32\tuvtrpn.dll.ren
C:\WINDOWS\tk58.exe

Folders to delete:
C:\Program Files\WinPop
C:\Program Files\Network Monitor
C:\Program Files\Web Buying

Registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsUpdate

_____________________________________
...and click Done, and finally the green light.
Follow promps to reboot your machine.
[The files, etc., that you asked Avenger to delete are zipped to C:\avenger\backup.zip.]
Avenger creates a log file that should open with the results of its actions. This file is located at C:\avenger.txt

Please post that log file.

O23 - Service: DomainService - - C:\WINDOWS\system32\kniqopid.exe
This service has to be stopped and removed, follow this procedure:
==Go Start, run, type services.msc -and press Enter. Maximise the window and at foot …

just posted to you re vundofix... :} - pls do it now.. and this:

O23 - Service: DomainService - - C:\WINDOWS\system32\kniqopid.exe
This service has to be stopped and removed, follow this procedure:
==Go Start, run, type services.msc -and press Enter. Maximise the window and at foot select Extended tab, scroll to the specific service [DomainService], rclick it, select properties. Write down the exact Service Name. Press Stop if it is highlighted [you may have to set the service to Disable first]. Close Services, now type this line into the run text box and press Enter:
sc delete "exact Service Name" - don't be silly now....
Browse to and ensure this file is deleted:
C:\WINDOWS\system32\kniqopid.exe

By the way, the order of doing those things in my posts I considered important - I did not wish your sys to be virus-infected when you installed AVG FRE AV.... Pls follow the order of things.. you were supposed to run CCleaner just before the panda scan.

abhi, please delete C:\vundofix.txt, delete Vundofix.exe, download a fresh [updated] copy from the same link as in my first post :
http://www.atribune.org/ccount/click.php?id=4 -and rerun Vundofix as before.