Kindly help.
1)My internet is going slower and slower.
2)My dvdrom wont recognise any disk - cd or dvd. It shows up correctly during boot up and also windows exlorer.
Thanks
Newbie
Kindly help.
1)My internet is going slower and slower.
2)My dvdrom wont recognise any disk - cd or dvd. It shows up correctly during boot up and also windows exlorer.
Thanks
Newbie
Kindly help.
1)My internet is going slower and slower.
2)My dvdrom wont recognise any disk - cd or dvd. It shows up correctly during boot up and also windows exlorer.
Thanks
Log follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:18, on 25/12/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\igfxtray.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
I:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
I:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
E:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
I:\Program Files\VMware\VMware Player\hqtray.exe
I:\Comodo\Firewall\CPF.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
E:\Program Files\TaskZip\TaskZip.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\Program Files\WordWeb\wweb32.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
I:\Program Files\stickies\stickies.exe
I:\Comodo\Firewall\cmdagent.exe
I:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\WINDOWS\system32\slmdmsr.exe
E:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Airtel\Virtual Engineer\bin\tgsrvc.exe
E:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
E:\WINDOWS\System32\vmnat.exe
E:\WINDOWS\System32\vmnetdhcp.exe
i:\Program Files\HealthMonitor\HealthMonitor.exe
i:\PROGRA~1\FREEDO~1\fdm.exe
E:\Program Files\Mozilla Firefox\firefox.exe
i:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\Program Files\JGsoft\EditPadLite\EditPadLite.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/ig?hl=en
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - E:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - E:\WINDOWS\System32\s1940.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - E:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] I:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] I:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "E:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [VMware hqtray] "I:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "I:\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Stickies.lnk = I:\Program Files\stickies\stickies.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = E:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: TaskZip.lnk = E:\Program Files\TaskZip\TaskZip.exe
O4 - Global Startup: WinKey.lnk.disabled
O4 - Global Startup: WordWeb.lnk = E:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &WordWeb... - res://E:\WINDOWS\System32\wweb32.dll/lookup.html
O8 - Extra context menu item: Download all with Free Download Manager - file://i:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://i:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://i:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://i:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to Restricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - E:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - E:\WINDOWS\System32\webzone.dll
O9 - Extra button: Add to Trusted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - E:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - E:\WINDOWS\System32\webzone.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://scan.driverguide.com
O15 - Trusted Zone: http://infinite.indiatimes.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://www.mozilla.com
O15 - Trusted Zone: *.stumbleupon.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://nxpchat.airtelbroadband.in/sd...ad/tgctlcm.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} -
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) -
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...nner371100.cab
O16 - DPF: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} (Java Plug-in 1.3.1_01) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14A597AE-A3C9-42A7-87CB-C40E86D4C419}: NameServer = 202.56.215.6 202.56.230.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{643A3C20-9C13-406B-B074-0376EFDD6338}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D3C91E5-3995-402A-9B4E-020F46AE0AA6}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1F467C9-EE31-4839-A410-749BBB743E6D}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CS3\Services\Tcpip\..\{14A597AE-A3C9-42A7-87CB-C40E86D4C419}: NameServer = 202.56.215.6 202.56.230.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - E:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - I:\Comodo\Firewall\cmdagent.exe
O23 - Service: GhostStartService - Symantec Corporation - I:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: HealthMonitor - Vittorio Pavesi - i:\Program Files\HealthMonitor\HealthMonitor.exe
O23 - Service: SmartLinkService (SLService) - - E:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - E:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - E:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (biliasprodpid) (tgsrvc_biliasprodpid) - SupportSoft, Inc. - E:\Program Files\Airtel\Virtual Engineer\bin\tgsrvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - I:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - E:\WINDOWS\System32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - E:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - E:\WINDOWS\System32\vmnat.exe
O23 - Service: Windows Network Log (Windows Network Log Manage) - Unknown owner - E:\Program Files\Common Files\Microsoft Shared\MSINFO\Netlog.exe (file missing)
--
End of file - 10986 bytes
Dedicated Member
Your PC is seriously out of date on microsoft security updates, you really need to do that after you are clean!!
I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:You can reenable TeaTimer once your system is clean.
- Run Spybot-S&D
- Go to the Mode menu, and make sure "Advanced Mode" is selected
- On the left hand side, choose Tools -> Resident
- Uncheck "Resident TeaTimer" and OK any prompts
If you have previously downloaded ComboFix,please delete that version now.
Now download http://download.bleepingcomputer.com/sUBs/ComboFix.exe and save to your desktop:
Note:
It is IMPORTANT that it is saved directly to your desktop
Close any open browsers.
Disconnect from the Internet.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.
New hijackthis log and...
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Last edited by Neal; 26-12-2007 at 08:40 PM.
Newbie
Hi,
Thanks for all your efforts.
My combofix.txt log follows:
-------------------------------------------------------------------
ComboFix 07-12-31.4 - SK Goel 2007-12-31 18:09:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.179 [GMT 5.5:30]
Running from: E:\Documents and Settings\SK Goel\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Documents and Settings\SK Goel\Application Data\inst.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-31 )))))))))))))))))))))))))))))))
.
2007-12-31 18:08 . 2000-08-31 08:00 51,200 --a--c--- E:\WINDOWS\NirCmd.exe
2007-12-10 19:29 . 2007-12-10 19:29 552 --a--c--- E:\WINDOWS\system32\d3d8caps.dat
2007-12-07 21:35 . 2007-12-10 06:11 <DIR> d-------- E:\Documents and Settings\SK Goel\icicibank
2007-11-21 20:22 . 2001-01-09 09:58 8,811 --a--c--- E:\WINDOWS\system32\drivers\SetupSys.sys
2007-11-09 16:21 . 2007-12-10 20:42 <DIR> d----c--- E:\WINDOWS\LastGood
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-29 07:26 --------- d-----w E:\Documents and Settings\SK Goel\Application Data\Vso
2009-07-29 07:12 392,320 -c--a-w E:\WINDOWS\system32\drivers\timntr.sys
2009-07-29 07:12 32,768 -c--a-w E:\WINDOWS\system32\drivers\tifsfilt.sys
2009-07-29 07:11 120,992 -c--a-w E:\WINDOWS\system32\drivers\snapman.sys
2007-12-31 12:43 --------- d-----w E:\Documents and Settings\SK Goel\Application Data\Free Download Manager
2007-12-31 10:10 --------- dc----w E:\Documents and Settings\All Users\Application Data\VMware
2007-12-31 10:10 --------- d-----w E:\Documents and Settings\LocalService\Application Data\VMware
2007-12-31 03:26 --------- d-----w E:\Documents and Settings\SK Goel\Application Data\uTorrent
2007-12-30 15:35 --------- d-----w E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-18 04:08 --------- d-----w E:\Documents and Settings\SK Goel\Application Data\Skype
2007-12-14 10:05 --------- d-----w E:\Documents and Settings\SK Goel\Application Data\VMware
2007-12-13 15:10 --------- d-----w E:\Program Files\SpywareBlaster
2007-11-28 09:24 --------- dc----w E:\Program Files\WinZix
2007-11-25 09:53 --------- d-----w E:\Documents and Settings\SK Goel\Application Data\dvdcss
2007-11-25 06:24 --------- dc----w E:\Program Files\Mozilla Thunderbird
2007-11-23 15:46 --------- d-----w E:\Documents and Settings\SK Goel\Application Data\AVG7
2007-10-28 06:51 --------- d-----w E:\Documents and Settings\SK Goel\Application Data\stickies
2007-09-16 12:13 92,064 -c--a-w E:\Documents and Settings\SK Goel\mqdmmdm.sys
2007-09-16 12:13 9,232 -c--a-w E:\Documents and Settings\SK Goel\mqdmmdfl.sys
2007-09-16 12:13 79,328 -c--a-w E:\Documents and Settings\SK Goel\mqdmserd.sys
2007-09-16 12:13 66,656 ----a-w E:\Documents and Settings\SK Goel\mqdmbus.sys
2007-09-16 12:13 6,208 -c--a-w E:\Documents and Settings\SK Goel\mqdmcmnt.sys
2007-09-16 12:13 5,936 -c--a-w E:\Documents and Settings\SK Goel\mqdmwhnt.sys
2007-09-16 12:13 4,048 -c--a-w E:\Documents and Settings\SK Goel\mqdmcr.sys
2007-09-16 12:13 25,600 ----a-w E:\Documents and Settings\SK Goel\usbsermptxp.sys
2007-09-16 12:13 22,768 -c--a-w E:\Documents and Settings\SK Goel\usbsermpt.sys
2007-06-30 10:18 47,360 -c--a-w E:\Documents and Settings\SK Goel\Application Data\pcouffin.sys
2007-05-14 06:59 105,039 -c--a-w E:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_14_03_09_57_small.dmp.zip
2007-05-01 11:58 96,404 -c--a-w E:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_01_11_38_10_small.dmp.zip
2007-04-24 15:42 59,305 -c--a-w E:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_24_20_52_38_small.dmp.zip
2007-04-22 05:31 76,439 -c--a-w E:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_22_09_59_26_small.dmp.zip
2007-04-22 05:31 100,444 -c--a-w E:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_22_04_43_27_small.dmp.zip
2007-04-19 14:09 101,433 -c--a-w E:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_19_14_02_36_small.dmp.zip
2007-04-19 14:09 100,022 -c--a-w E:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_19_14_23_12_small.dmp.zip
2007-04-16 12:01 98,441 -c--a-w E:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_16_13_03_22_small.dmp.zip
2007-04-15 12:09 17,193,439 -c--a-w E:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_15_12_01_06_full.dmp.zip
2007-04-10 12:51 99,373 -c--a-w E:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_10_13_42_44_small.dmp.zip
2003-03-15 21:30 7,216 -c--a-w E:\WINDOWS\inf\RAMDISK.SYS
2001-11-23 04:08 712,704 -c--a-w E:\WINDOWS\inf\OTHER\AUDIO3D.DLL
1997-06-23 06:36 287,504 -csha-w E:\WINDOWS\system32\Msxbse35.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="E:\WINDOWS\System32\ctfmon.exe" [2001-08-18 11:30 13312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="E:\WINDOWS\System32\igfxtray.exe" [2004-02-10 08:25 155648]
"SoundMan"="SOUNDMAN.EXE" [2002-06-18 16:14 46592 E:\WINDOWS\SOUNDMAN.EXE]
"AVG7_CC"="E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc. exe" [2007-12-22 12:43 579072]
"DiscWizardMonitor.exe"="I:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-19 21:24 1169744]
"AcronisTimounterMonitor"="I:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-19 21:38 1945688]
"Acronis Scheduler2 Service"="E:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 21:29 149024]
"VMware hqtray"="I:\Program Files\VMware\VMware Player\hqtray.exe" [2007-08-21 19:56 55856]
"COMODO Firewall Pro"="I:\Comodo\Firewall\CPF.exe" [2007-12-08 16:26 1115728]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\System32\CTFMON.EXE" [2001-08-18 11:30 13312]
"AVG7_Run"="E:\PROGRA~1\Grisoft\AVGFRE~1\avgw. exe" [2007-10-25 22:00 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2001-08-18 11:30 51200 E:\WINDOWS\system32\narrator.exe]
E:\Documents and Settings\Default User\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - E:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2006-08-19 19:03:28]
TaskZip.lnk - E:\Program Files\TaskZip\TaskZip.exe [2005-12-17 20:12:29]
WordWeb.lnk - E:\Program Files\WordWeb\wweb32.exe [2004-07-10 18:43:31]
E:\Documents and Settings\SK Goel\Start Menu\Programs\Startup\
Stickies.lnk - I:\Program Files\stickies\stickies.exe [2006-03-29 21:03:55]
E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - E:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2006-08-19 19:03:28]
TaskZip.lnk - E:\Program Files\TaskZip\TaskZip.exe [2005-12-17 20:12:29]
WinKey.lnk.disabled [2007-06-30 15:34:50]
WordWeb.lnk - E:\Program Files\WordWeb\wweb32.exe [2004-07-10 18:43:31]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"StartMenuLogOff"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=E:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=E:\WINDOWS\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^MacroMaker.lnk.disabled]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\MacroMaker.lnk.disabled
backup=E:\WINDOWS\pss\MacroMaker.lnk.disabledCommo n Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^SK Goel^Start Menu^Programs^Startup^Back2zip.lnk]
backup=E:\WINDOWS\pss\Back2zip.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^SK Goel^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=E:\Documents and Settings\SK Goel\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=E:\WINDOWS\pss\PowerReg Scheduler.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^SK Goel^Start Menu^Programs^Startup^WinKey.lnk]
backup=E:\WINDOWS\pss\WinKey.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^SK Goel^Start Menu^Programs^Startup^WordWeb.lnk]
backup=E:\WINDOWS\pss\WordWeb.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bargains]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2001-08-18 11:30 13312 --a------ E:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2006-05-22 13:26 694272 --a--c--- E:\Program Files\dvd43\dvd43_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E:\Program Files]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E:\Program Files\NetMeter]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E:\Program Files\NetMeter\NetMeter.exe]
E:\Program Files\NetMeter\NetMeter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
1995-03-16 00:00 92896 --a------ c:\quickenw\BILLMNDW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
E:\Program Files\QuickTime\QTTask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
E:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
E:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"µTorrent"="G:\Downloads\software\utorrent.exe "
"MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" /background
"TransTask"=
"pdfSaver3"="C:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
"Yahoo! Pager"="E:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"HotKeysCmds"=E:\WINDOWS\System32\hkcmd.exe
"pdfSaver3"=
"Gta San Andreas"=gta.exe
"InCD"=E:\Program Files\Ahead\InCD\InCD.exe
"Iusage"=E:\PROGRA~1\INTERN~1.7\netdet.exe
"MBM 5"="E:\Program Files\Motherboard Monitor 5\MBM5.EXE"
"NeroCheck"=E:\WINDOWS\System32\\NeroCheck.exe
"PLoader"=e:\program files\tcl usb stick tools2.33\tclstick.exe sys_auto_run E:\Program Files\TCL USB STICK Tools2.33
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" -atboottime
"RegKillElbyCheck"="E:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
"SunJavaUpdateSched"=E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
"webHancer Agent"="E:\Program Files\webHancer\Programs\whAgent.exe"
"GhostStartTrayApp"=I:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
"PWRISOVM.EXE"=i:\Program Files\PowerISO\PWRISOVM.EXE
"LVCOMS"=E:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
"DAEMON Tools"="i:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
R0 iviVD;iviVD;E:\WINDOWS\System32\DRIVERS\iviVD.sys [2005-11-16 16:42]
R1 GhPciScan;GhostPciScanner;I:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 15:11]
R1 VBoxDrv;VirtualBox Service;E:\WINDOWS\System32\DRIVERS\VBoxDrv.sys [2007-09-03 17:19]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;E:\WINDOWS\System32\DRIVERS\VBoxUSBMon.sys [2007-09-03 17:19]
R2 Sentry;Sentry;E:\WINDOWS\System32\drivers\sentry.s ys [2001-11-24 08:54]
R2 sprtlisten;SupportSoft Listener Service;E:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe [2007-09-20 16:05]
R2 SVKP;SVKP;E:\WINDOWS\System32\SVKP.sys [2004-08-03 22:31]
R2 tgsrvc_biliasprodpid;SupportSoft Repair Service (biliasprodpid);E:\Program Files\Airtel\Virtual Engineer\bin\tgsrvc.exe [2007-09-20 16:05]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);E:\WINDOWS\System32\DRIVERS\RMSPPPOE.SYS [2005-04-22 06:57]
R3 vmkbd;VMware kbd;E:\WINDOWS\System32\drivers\VMkbd.sys [2007-08-21 19:57]
S2 Windows Network Log Manage;Windows Network Log;E:\Program Files\Common Files\Microsoft Shared\MSINFO\Netlog.exe []
S3 MTK;Media Technology Kernel Driver;E:\WINDOWS\System32\Drivers\fide.sys [2005-12-03 22:49]
S3 OEMSTOR;USB Mass Storage;E:\WINDOWS\System32\DRIVERS\USBMSDk.SYS [2002-07-03 21:35]
S3 SetupSys;Conexant Setup API;E:\WINDOWS\System32\drivers\SetupSys.sys [2001-01-09 09:58]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;E:\WINDOWS\System32\DRIVERS\sisnicxp.sys [2004-11-05 16:43]
S3 slnt;Realtek Rtl-8139d PCI Fast Ethernet Adapter;E:\WINDOWS\System32\DRIVERS\slnt.sys [2004-11-11 19:28]
S3 Slnt7554;USB Soft Modem Driver;E:\WINDOWS\System32\DRIVERS\SLDRV\slnt7554. sys [2005-05-10 19:28]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist;E:\Program Files\Common Files\supportsoft\bin\ssrc.exe [2007-09-20 16:05]
S3 USB_NDIS_51;USB NDIS DSL Router Network Device Driver;E:\WINDOWS\System32\DRIVERS\bcmndis.sys [2006-04-11 11:32]
Start Pending2 HealthMonitor;HealthMonitor;i:\Program Files\HealthMonitor\HealthMonitor.exe [2006-04-27 15:16]
.
Contents of the 'Scheduled Tasks' folder
"2007-10-02 05:51:42 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- E:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 18:15:46
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
disk error: E:\WINDOWS\
************************************************** ************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\c atchme]
"ImagePath"="\??\E:\DOCUME~1\SKGOEL~1\LOCALS~1\Tem p\catchme.sys"
.
Completion time: 2007-12-31 18:19:06 - machine was rebooted
E:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 12:48:15
====================================
My HijackThis "uninstall manager" list follows::
===================================
AC3Filter (remove only)
Acronis True Image
Ad-Aware SE Personal
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Reader 8.1.1
Airtel Virtual Engineer 2
Apple Software Update
AQURA, Version 8
ASAP Utilities
Ashampoo WinOptimizer 2007
AutoCAD 2000
AutoCAD 2006 - English
Autodesk Architectural Desktop 3.3
Autodesk DWF Viewer
Avanquest update
AVG Free Edition
Belarc Advisor 7.1
Calculator Powertoy for Windows XP
Canon ScanGear Toolbox CS 2.2
CCleaner (remove only)
character studio 4.2
cladDVD .NET v3.5.6
ClearType Tuning Control Panel Applet
CmdHere Powertoy For Windows XP
C-Media 3D Audio
C-Media WDM Audio Driver
COMODO Firewall Pro
ConvertXtoDVD 2.2.2.256
CutePDF Writer 2.7
Driver Genius Professional Edition 2006 6.1.2518
DVD Decrypter (Remove Only)
DVD43 v3.9.0
Easy Uninstaller
EasyCleaner
ForeWord
Free Download Manager 2.0
Freecorder 2.3 (with Skype Call Recording)
getPlus(R)_dll
getPlus(R)_ocx
Google Talk (remove only)
Google Video Player
HealthMonitor 3.1
Hidden Utilities XP
HijackThis 2.0.2
Image Resizer Powertoy for Windows XP
innotek VirtualBox
Intel(R) Processor ID Utility
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment Standard Edition v1.3.1_01
JGsoft EditPad Lite 6.3.1
K-Lite Mega Codec Pack 2.2.5
LiveUpdate 1.80 (Symantec Corporation)
Logitech QuickCam
Macromedia Flash 5
Macromedia Flash Player 8
Macromedia Shockwave Player
Magic DVD Ripper V4.2.4
Magic RM RAM to MP3 Converter 2.55
Magnifier Powertoy for Windows XP
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Bootvis
Microsoft Internet Explorer 5 PowerTweaks WebZone Accessory
Microsoft Internet Explorer 6 SP1
Microsoft Office Excel Viewer 2003
Microsoft Office Professional Edition 2003
Microsoft Organization Chart 2.0
Mini Golf Pro 1.1
Miro 0.9.8.1
Motherboard Monitor 5
Motorola Phone Tools
Mozilla Firefox (2.0.0.11)
Mozilla Thunderbird (1.5.0.8)
Nero - Burning Rom
Norton Ghost
Opera 9.20
PDF4Free 2.0
PowerDVD
PowerISO
PrimoPDF
PrimoPDF Redistribution Package
PrintFolder 1.2
QuickTime
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Registry Mechanic 5.1
Revo Uninstaller 1.30
RM MP3 Converter v1.10
Scan Manager 5.2
Seagate DiscWizard
SiS 900 PCI Fast Ethernet Adapter Driver
Skype™ 3.2
SnadBoy's Revelation v2
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Stickies 5.2b
StumbleUpon IE Toolbar
StumbleUpon Toolbar for IE
TaskZip
TVUPlayer 2.3.3.2
TweakNow RegCleaner Standard
Uniblue Quick Access
VideoLAN VLC media player 0.8.6c
VidSplitter
Virtual Desktop Manager Powertoy for Windows XP
VMware Player
Vodei Multimedia Processor 2.00
Windows Installer 3.0 (KB884016)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
WinKey
WinRAR archiver
WinZip
WordWeb
Yahoo! Internet Mail
Yahoo! Messenger
=====================================
My hijackthis log follows
====================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:32, on 31/12/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\igfxtray.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
I:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
E:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
I:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
E:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
I:\Program Files\VMware\VMware Player\hqtray.exe
E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
I:\Comodo\Firewall\CPF.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\WINDOWS\System32\ctfmon.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
I:\Comodo\Firewall\cmdagent.exe
I:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\WINDOWS\system32\slmdmsr.exe
E:\Program Files\TaskZip\TaskZip.exe
E:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\WordWeb\wweb32.exe
E:\Program Files\Airtel\Virtual Engineer\bin\tgsrvc.exe
E:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
E:\WINDOWS\System32\vmnat.exe
E:\WINDOWS\System32\vmnetdhcp.exe
i:\Program Files\HealthMonitor\HealthMonitor.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/ig?hl=en
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - E:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - E:\WINDOWS\System32\s1940.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - E:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] I:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] I:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "E:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [VMware hqtray] "I:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "I:\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Stickies.lnk = I:\Program Files\stickies\stickies.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = E:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: TaskZip.lnk = E:\Program Files\TaskZip\TaskZip.exe
O4 - Global Startup: WinKey.lnk.disabled
O4 - Global Startup: WordWeb.lnk = E:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &WordWeb... - res://E:\WINDOWS\System32\wweb32.dll/lookup.html
O8 - Extra context menu item: Download all with Free Download Manager - file://i:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://i:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://i:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://i:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to Restricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - E:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - E:\WINDOWS\System32\webzone.dll
O9 - Extra button: Add to Trusted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - E:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - E:\WINDOWS\System32\webzone.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://scan.driverguide.com
O15 - Trusted Zone: http://infinite.indiatimes.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://www.mozilla.com
O15 - Trusted Zone: *.stumbleupon.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://nxpchat.airtelbroadband.in/sd...ad/tgctlcm.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} -
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) -
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...nner371100.cab
O16 - DPF: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} (Java Plug-in 1.3.1_01) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14A597AE-A3C9-42A7-87CB-C40E86D4C419}: NameServer = 202.56.215.6 202.56.230.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{643A3C20-9C13-406B-B074-0376EFDD6338}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D3C91E5-3995-402A-9B4E-020F46AE0AA6}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1F467C9-EE31-4839-A410-749BBB743E6D}: NameServer = 202.56.215.6,202.56.230.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - E:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - I:\Comodo\Firewall\cmdagent.exe
O23 - Service: GhostStartService - Symantec Corporation - I:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: HealthMonitor - Vittorio Pavesi - i:\Program Files\HealthMonitor\HealthMonitor.exe
O23 - Service: SmartLinkService (SLService) - - E:\WINDOWS\system32\slmdmsr.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - E:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - E:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (biliasprodpid) (tgsrvc_biliasprodpid) - SupportSoft, Inc. - E:\Program Files\Airtel\Virtual Engineer\bin\tgsrvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - I:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - E:\WINDOWS\System32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - E:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - E:\WINDOWS\System32\vmnat.exe
O23 - Service: Windows Network Log (Windows Network Log Manage) - Unknown owner - E:\Program Files\Common Files\Microsoft Shared\MSINFO\Netlog.exe (file missing)
--
End of file - 10591 bytes
===================================
Best wishes for a very happy New Year
Mytor
Dedicated Member
Thanks and happy new year to you and yours
Open notepad and copy/paste the text in the quotebox below into it:Not the word quote
Folder::
E:\Program Files\WinZix
E:\Program Files\webHancer
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bargains]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
Save this as CFScript
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
And...
Please download and install SUPERAntiSpyware Trial Pro Edition http://www.superantispyware.com/superantispyware.html
* Load SUPERAntiSpyware and click the Check for Updates button.
* Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!
IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
* Open SUPERAntiSpyware and click the Scan your Computer button.
* Check Perform Complete Scan and then click Next.
* SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
* Make sure that they all have a check next to them, and then click Next.
* Click Finish and you will be taken back to the main interface.
* It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
* I'll need a log afterwards of what has been found.
* To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
* Please post the results of the [color=blue]SUPERAntiSpyware[/b] log in your next reply.
New hijackthis log please.
Newbie
Thank You for your efforts.
I did as you recommended.
My Combofix test follows:
ComboFix 07-12-31.4 - SK Goel 2008-01-04 23:15:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.227 [GMT 5.5:30]
Running from: E:\Documents and Settings\SK Goel\Desktop\ComboFix.exe
Command switches used :: E:\Documents and Settings\SK Goel\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Program Files\WinZix
E:\Program Files\WinZix\unins000.dat
E:\Program Files\WinZix\unins000.exe
E:\Program Files\WinZix\WinZix.exe
E:\Program Files\WinZix\WinZixManager.dll_tobedeleted_old
.
((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))
.
2007-12-31 18:08 . 2000-08-31 08:00 51,200 --a--c--- E:\WINDOWS\NirCmd.exe
2007-12-10 19:29 . 2007-12-10 19:29 552 --a--c--- E:\WINDOWS\system32\d3d8caps.dat
2007-12-07 21:35 . 2007-12-10 06:11 <DIR> d-------- E:\Documents and Settings\SK Goel\icicibank
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-29 07:26 --------- d-----w E:\Documents and Settings\SK Goel\Application Data\Vso
2009-07-29 07:12 392,320 -c--a-w E:\WINDOWS\system32\drivers\timntr.sys
2009-07-29 07:12 32,768 -c--a-w E:\WINDOWS\system32\drivers\tifsfilt.sys
2009-07-29 07:11 120,992 -c--a-w E:\WINDOWS\system32\drivers\snapman.sys
2008-01-04 17:48 --------- d-----w E:\Documents and Settings\SK Goel\Application Data\Free Download Manager
2008-01-04 15:04 --------- dc----w E:\Documents and Settings\All Users\Application Data\VMware
2008-01-04 15:04 --------- d-----w E:\Documents and Settings\LocalService\Application Data\VMware
2008-01-03 16:10 --------- d-----w E:\Documents and Settings\SK Goel\Application Data\uTorrent
2008-01-01 17:23 --------- d-----w E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-01 16:38 --------- d-----w E:\Documents and Settings\SK Goel\Application Data\stickies
2007-12-18 04:08 --------- d-----w E:\Documents and Settings\SK Goel\Application Data\Skype
2007-12-14 10:05 --------- d-----w E:\Documents and Settings\SK Goel\Application Data\VMware
2007-12-13 15:10 --------- d-----w E:\Program Files\SpywareBlaster
2007-11-25 09:53 --------- d-----w E:\Documents and Settings\SK Goel\Application Data\dvdcss
2007-11-25 06:24 --------- dc----w E:\Program Files\Mozilla Thunderbird
2007-11-23 15:46 --------- d-----w E:\Documents and Settings\SK Goel\Application Data\AVG7
2007-09-16 12:13 92,064 -c--a-w E:\Documents and Settings\SK Goel\mqdmmdm.sys
2007-09-16 12:13 9,232 -c--a-w E:\Documents and Settings\SK Goel\mqdmmdfl.sys
2007-09-16 12:13 79,328 -c--a-w E:\Documents and Settings\SK Goel\mqdmserd.sys
2007-09-16 12:13 66,656 ----a-w E:\Documents and Settings\SK Goel\mqdmbus.sys
2007-09-16 12:13 6,208 -c--a-w E:\Documents and Settings\SK Goel\mqdmcmnt.sys
2007-09-16 12:13 5,936 -c--a-w E:\Documents and Settings\SK Goel\mqdmwhnt.sys
2007-09-16 12:13 4,048 -c--a-w E:\Documents and Settings\SK Goel\mqdmcr.sys
2007-09-16 12:13 25,600 ----a-w E:\Documents and Settings\SK Goel\usbsermptxp.sys
2007-09-16 12:13 22,768 -c--a-w E:\Documents and Settings\SK Goel\usbsermpt.sys
2007-06-30 10:18 47,360 -c--a-w E:\Documents and Settings\SK Goel\Application Data\pcouffin.sys
2007-05-14 06:59 105,039 -c--a-w E:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_14_03_09_57_small.dmp.zip
2007-05-01 11:58 96,404 -c--a-w E:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_01_11_38_10_small.dmp.zip
2007-04-24 15:42 59,305 -c--a-w E:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_24_20_52_38_small.dmp.zip
2007-04-22 05:31 76,439 -c--a-w E:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_22_09_59_26_small.dmp.zip
2007-04-22 05:31 100,444 -c--a-w E:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_22_04_43_27_small.dmp.zip
2007-04-19 14:09 101,433 -c--a-w E:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_19_14_02_36_small.dmp.zip
2007-04-19 14:09 100,022 -c--a-w E:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_19_14_23_12_small.dmp.zip
2007-04-16 12:01 98,441 -c--a-w E:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_16_13_03_22_small.dmp.zip
2007-04-15 12:09 17,193,439 -c--a-w E:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_15_12_01_06_full.dmp.zip
2007-04-10 12:51 99,373 -c--a-w E:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_10_13_42_44_small.dmp.zip
2003-03-15 21:30 7,216 -c--a-w E:\WINDOWS\inf\RAMDISK.SYS
2001-11-23 04:08 712,704 -c--a-w E:\WINDOWS\inf\OTHER\AUDIO3D.DLL
1997-06-23 06:36 287,504 -csha-w E:\WINDOWS\system32\Msxbse35.dll
.
((((((((((((((((((((((((((((( snapshot@2007-12-31_18.18.00.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-31 12:39:02 516,096 ----a-w E:\WINDOWS\system32\config\systemprofile\ntuser.da t
+ 2008-01-04 17:45:52 516,096 ----a-w E:\WINDOWS\system32\config\systemprofile\ntuser.da t
+ 2007-07-30 13:49:46 203,096 -c--a-w E:\WINDOWS\system32\wuweb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="E:\WINDOWS\System32\ctfmon.exe" [2001-08-18 11:30 13312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="E:\WINDOWS\System32\igfxtray.exe" [2004-02-10 08:25 155648]
"SoundMan"="SOUNDMAN.EXE" [2002-06-18 16:14 46592 E:\WINDOWS\SOUNDMAN.EXE]
"AVG7_CC"="E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc. exe" [2007-12-22 12:43 579072]
"DiscWizardMonitor.exe"="I:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-19 21:24 1169744]
"AcronisTimounterMonitor"="I:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-19 21:38 1945688]
"Acronis Scheduler2 Service"="E:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 21:29 149024]
"VMware hqtray"="I:\Program Files\VMware\VMware Player\hqtray.exe" [2007-08-21 19:56 55856]
"COMODO Firewall Pro"="I:\Comodo\Firewall\CPF.exe" [2007-12-08 16:26 1115728]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\System32\CTFMON.EXE" [2001-08-18 11:30 13312]
"AVG7_Run"="E:\PROGRA~1\Grisoft\AVGFRE~1\avgw. exe" [2007-10-25 22:00 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2001-08-18 11:30 51200 E:\WINDOWS\system32\narrator.exe]
E:\Documents and Settings\Default User\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - E:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2006-08-19 19:03:28]
TaskZip.lnk - E:\Program Files\TaskZip\TaskZip.exe [2005-12-17 20:12:29]
WordWeb.lnk - E:\Program Files\WordWeb\wweb32.exe [2004-07-10 18:43:31]
E:\Documents and Settings\SK Goel\Start Menu\Programs\Startup\
Stickies.lnk - I:\Program Files\stickies\stickies.exe [2006-03-29 21:03:55]
E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - E:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2006-08-19 19:03:28]
TaskZip.lnk - E:\Program Files\TaskZip\TaskZip.exe [2005-12-17 20:12:29]
WinKey.lnk.disabled [2007-06-30 15:34:50]
WordWeb.lnk - E:\Program Files\WordWeb\wweb32.exe [2004-07-10 18:43:31]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"StartMenuLogOff"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=E:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=E:\WINDOWS\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^MacroMaker.lnk.disabled]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\MacroMaker.lnk.disabled
backup=E:\WINDOWS\pss\MacroMaker.lnk.disabledCommo n Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^SK Goel^Start Menu^Programs^Startup^Back2zip.lnk]
backup=E:\WINDOWS\pss\Back2zip.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^SK Goel^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=E:\Documents and Settings\SK Goel\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=E:\WINDOWS\pss\PowerReg Scheduler.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^SK Goel^Start Menu^Programs^Startup^WinKey.lnk]
backup=E:\WINDOWS\pss\WinKey.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^SK Goel^Start Menu^Programs^Startup^WordWeb.lnk]
backup=E:\WINDOWS\pss\WordWeb.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2001-08-18 11:30 13312 --a------ E:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2006-05-22 13:26 694272 --a--c--- E:\Program Files\dvd43\dvd43_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E:\Program Files]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E:\Program Files\NetMeter]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E:\Program Files\NetMeter\NetMeter.exe]
E:\Program Files\NetMeter\NetMeter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
1995-03-16 00:00 92896 --a------ c:\quickenw\BILLMNDW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
E:\Program Files\QuickTime\QTTask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
E:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
E:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"µTorrent"="G:\Downloads\software\utorrent.exe "
"MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" /background
"TransTask"=
"pdfSaver3"="C:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
"Yahoo! Pager"="E:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"HotKeysCmds"=E:\WINDOWS\System32\hkcmd.exe
"pdfSaver3"=
"Gta San Andreas"=gta.exe
"InCD"=E:\Program Files\Ahead\InCD\InCD.exe
"Iusage"=E:\PROGRA~1\INTERN~1.7\netdet.exe
"MBM 5"="E:\Program Files\Motherboard Monitor 5\MBM5.EXE"
"NeroCheck"=E:\WINDOWS\System32\\NeroCheck.exe
"PLoader"=e:\program files\tcl usb stick tools2.33\tclstick.exe sys_auto_run E:\Program Files\TCL USB STICK Tools2.33
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" -atboottime
"RegKillElbyCheck"="E:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
"SunJavaUpdateSched"=E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
"webHancer Agent"="E:\Program Files\webHancer\Programs\whAgent.exe"
"GhostStartTrayApp"=I:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
"PWRISOVM.EXE"=i:\Program Files\PowerISO\PWRISOVM.EXE
"LVCOMS"=E:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
"DAEMON Tools"="i:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
R0 iviVD;iviVD;E:\WINDOWS\System32\DRIVERS\iviVD.sys [2005-11-16 16:42]
R1 GhPciScan;GhostPciScanner;I:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 15:11]
R1 VBoxDrv;VirtualBox Service;E:\WINDOWS\System32\DRIVERS\VBoxDrv.sys [2007-09-03 17:19]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;E:\WINDOWS\System32\DRIVERS\VBoxUSBMon.sys [2007-09-03 17:19]
R2 Sentry;Sentry;E:\WINDOWS\System32\drivers\sentry.s ys [2001-11-24 08:54]
R2 sprtlisten;SupportSoft Listener Service;E:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe [2007-09-20 16:05]
R2 SVKP;SVKP;E:\WINDOWS\System32\SVKP.sys [2004-08-03 22:31]
R2 tgsrvc_biliasprodpid;SupportSoft Repair Service (biliasprodpid);E:\Program Files\Airtel\Virtual Engineer\bin\tgsrvc.exe [2007-09-20 16:05]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);E:\WINDOWS\System32\DRIVERS\RMSPPPOE.SYS [2005-04-22 06:57]
R3 vmkbd;VMware kbd;E:\WINDOWS\System32\drivers\VMkbd.sys [2007-08-21 19:57]
S2 Windows Network Log Manage;Windows Network Log;E:\Program Files\Common Files\Microsoft Shared\MSINFO\Netlog.exe []
S3 MTK;Media Technology Kernel Driver;E:\WINDOWS\System32\Drivers\fide.sys [2005-12-03 22:49]
S3 OEMSTOR;USB Mass Storage;E:\WINDOWS\System32\DRIVERS\USBMSDk.SYS [2002-07-03 21:35]
S3 SetupSys;Conexant Setup API;E:\WINDOWS\System32\drivers\SetupSys.sys [2001-01-09 09:58]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;E:\WINDOWS\System32\DRIVERS\sisnicxp.sys [2004-11-05 16:43]
S3 slnt;Realtek Rtl-8139d PCI Fast Ethernet Adapter;E:\WINDOWS\System32\DRIVERS\slnt.sys [2004-11-11 19:28]
S3 Slnt7554;USB Soft Modem Driver;E:\WINDOWS\System32\DRIVERS\SLDRV\slnt7554. sys [2005-05-10 19:28]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist;E:\Program Files\Common Files\supportsoft\bin\ssrc.exe [2007-09-20 16:05]
S3 USB_NDIS_51;USB NDIS DSL Router Network Device Driver;E:\WINDOWS\System32\DRIVERS\bcmndis.sys [2006-04-11 11:32]
Start Pending2 HealthMonitor;HealthMonitor;i:\Program Files\HealthMonitor\HealthMonitor.exe [2006-04-27 15:16]
.
Contents of the 'Scheduled Tasks' folder
"2007-10-02 05:51:42 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- E:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 23:20:55
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
disk error: E:\WINDOWS\
************************************************** ************************
.
Completion time: 2008-01-04 23:24:13 - machine was rebooted
E:\qoobox\ComboFix-quarantined-files.txt 2008-01-04 17:53:20
E:\qoobox\ComboFix2.txt 2007-12-31 12:49:06
==================================
My Super Anti Spyware Pro Log follows:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/06/2008 at 01:41 PM
Application Version : 3.9.1008
Core Rules Database Version : 3259
Trace Rules Database Version: 1270
Scan type : Quick Scan
Total Scan Time : 00:42:32
Memory items scanned : 402
Memory threats detected : 0
Registry items scanned : 998
Registry threats detected : 0
File items scanned : 33382
File threats detected : 8
Adware.Tracking Cookie
E:\Documents and Settings\SK Goel\Cookies\sk goel@tacoda[1].txt
E:\Documents and Settings\SK Goel\Cookies\sk goel@mediacoder.sourceforge[2].txt
E:\Documents and Settings\SK Goel\Cookies\sk goel@rambler[1].txt
E:\Documents and Settings\SK Goel\Cookies\sk goel@st[2].txt
E:\Documents and Settings\SK Goel\Cookies\sk goel@adfarm1.adition[1].txt
E:\Documents and Settings\SK Goel\Cookies\sk goel@stat.onestat[1].txt
Adware.Spyware Labs
E:\WINDOWS\SYSTEM32\BO2810040510.EXE
Adware.WhenU
I:\PROGRAM FILES\DAEMON TOOLS\SETUPDTSB.EXE
=========================================
My New HijackThis Log follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31, on 2008-01-06
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\WINDOWS\System32\igfxtray.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
I:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
I:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
E:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
I:\Program Files\VMware\VMware Player\hqtray.exe
I:\Comodo\Firewall\CPF.exe
E:\WINDOWS\System32\ctfmon.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
I:\Comodo\Firewall\cmdagent.exe
I:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\TaskZip\TaskZip.exe
E:\WINDOWS\system32\slmdmsr.exe
E:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\WordWeb\wweb32.exe
I:\Program Files\stickies\stickies.exe
E:\Program Files\Airtel\Virtual Engineer\bin\tgsrvc.exe
E:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
E:\WINDOWS\System32\vmnat.exe
E:\WINDOWS\System32\vmnetdhcp.exe
i:\Program Files\HealthMonitor\HealthMonitor.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\WINDOWS\System32\DllHost.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/ig?hl=en
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - E:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - E:\WINDOWS\System32\s1940.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - E:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] I:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] I:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "E:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [VMware hqtray] "I:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "I:\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Stickies.lnk = I:\Program Files\stickies\stickies.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = E:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: TaskZip.lnk = E:\Program Files\TaskZip\TaskZip.exe
O4 - Global Startup: WinKey.lnk.disabled
O4 - Global Startup: WordWeb.lnk = E:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &WordWeb... - res://E:\WINDOWS\System32\wweb32.dll/lookup.html
O8 - Extra context menu item: Download all with Free Download Manager - file://i:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://i:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://i:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://i:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to Restricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - E:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - E:\WINDOWS\System32\webzone.dll
O9 - Extra button: Add to Trusted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - E:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - E:\WINDOWS\System32\webzone.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://scan.driverguide.com
O15 - Trusted Zone: http://www.iciciprulife.com
O15 - Trusted Zone: http://infinite.indiatimes.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://www.mozilla.com
O15 - Trusted Zone: *.stumbleupon.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://nxpchat.airtelbroadband.in/sd...ad/tgctlcm.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} -
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1199165980247
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...nner371100.cab
O16 - DPF: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} (Java Plug-in 1.3.1_01) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{643A3C20-9C13-406B-B074-0376EFDD6338}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D3C91E5-3995-402A-9B4E-020F46AE0AA6}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1F467C9-EE31-4839-A410-749BBB743E6D}: NameServer = 202.56.215.6,202.56.230.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - E:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - I:\Comodo\Firewall\cmdagent.exe
O23 - Service: GhostStartService - Symantec Corporation - I:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: HealthMonitor - Vittorio Pavesi - i:\Program Files\HealthMonitor\HealthMonitor.exe
O23 - Service: SmartLinkService (SLService) - - E:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - E:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - E:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (biliasprodpid) (tgsrvc_biliasprodpid) - SupportSoft, Inc. - E:\Program Files\Airtel\Virtual Engineer\bin\tgsrvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - I:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - E:\WINDOWS\System32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - E:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - E:\WINDOWS\System32\vmnat.exe
O23 - Service: Windows Network Log (Windows Network Log Manage) - Unknown owner - E:\Program Files\Common Files\Microsoft Shared\MSINFO\Netlog.exe (file missing)
--
End of file - 10863 bytes
==============================
I think this may have solved the problem.
After the last round, there are two important things that I noticed, 1 good, and 1 which I cannot explain.
I have a Hitachi 40 gb as main disk with C:\ as win98se and dual boot with E:\ as main winxp pro and i:\ contaning majority of my Programs.
I also have a 160 gb seagate as secondary slave and a dvd rom as secondary master. Till a few days ago there was major problem as intermittenly either the seagate or the dvdrom would get picked up by the system and would function - but not both. the dvdrom would show up in bios and explorer but would not play anything -dvd or cd.
Now it has started playing!!!! In continuation to the second point - my seagate 160 gb does not show up by the BIOS while booting up but works allright in windows. Strange!!!
Any pointers to this mystery??
Thank You once again
Mytor
Dedicated Member
Don't know on the strange thing you mentioned.
Delete this folder if still present:
E:\Program Files\webHancer
I see remnents of symantec on your PC, running the symantec uninstaller should remove any left overs:
Symantec uninstaller:
http://service1.symantec.com/SUPPORT...05033108162039
Run hijackthis and click on "scan system only" button and put checks next to these:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} -
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O23 - Service: GhostStartService - Symantec Corporation - I:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
Everything closed out but hijackthis and click on "fix checked"
Reboot your PC
How are things doing now?
Newbie
Thank you for all your help. I think this should solve the problem for now.
In the intial response you ahd mentioned about updating my PC with the missing security updates. Can you please lead me in the righr direction on where to get these and which is the safest way to update.
I will be very thankful for your advice.
Regards,
Mytor
Dedicated Member
updates:
http://www.update.microsoft.com/wind....aspx?ln=en-us
I will mark this as resolved if you have further issues some day start a new topic please.
If you are no longer having any more trouble here is some preventative measures for you.
Be sure to re-hide hidden files/folders if you were asked to unhide them
Here are some preventive measures you can take to keep your computer from getting infected again. also keep all these and Ad-awareSE and SpybotS&D updated.
http://www.d-a-l.com/help/showthread.php?t=32403
Flush your restore points in ME and XP, by turning System Restore off and then back on.
This will create a fresh restore point.
Explained Here:
Windows XP: http://vil.nai.com/vil/SystemHelpDoc...ysRestore.aspx
Explained Here
Microsoft ME:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam
Please download ATF Cleaner by Atribune to desktop.
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Double-click ATF-Cleaner.exe to run the program, to clean junk files off your PC.
If you would like to keep your cookies don't check that item
* Under Main "Select Files to Delete" choose: Select All.
* Click the Empty Selected button.
* If you use Firefox browser click Firefox at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
* If you use Opera browser click Opera at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
RegProtect
This small registry protection tool will save you hours of heartache by notifying you when some program good or bad is trying to access your registry.
You have the option of allowing(good) items or blocking(bad)items.
http://www.diamondcs.com.au/index.php?page=regprot
To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:
1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
http://v5.windowsupdate.microsoft.co....aspx?ln=en-us
http://www.microsoft.com/windows/ie/default.asp
2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1
Avast: http://www.avast.com/eng/avast_4_home.html
3. In addtion to using Ad-aware consider using another free malware scanning/removal program:
Windows Defender
http://www.microsoft.com/athome/secu...e/default.mspx
4. Consider using a free firewall if you are not already using one. Some good free ones are:
Kerio
Sunbelt
Comodo Personal Firewall:
Comodo
5. Consider using an alternate free browser for general web surfing but you must use IE for windows update.
Mozilla Firefox: www.mozilla.org/products/firefox/
6. Consider increasing your browser security by using these programs:
SpywareGuard will protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
SpywareBlaster will increase browser protection by blocking Thousands of known malware sites by adding them to IE's restricted sites zone. Download it here:
http://www.javacoolsoftware.com/spywareblaster.html
If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/
IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
https://netfiles.uiuc.edu/ehowes/www/resource.htm
Block access to Untrustworthy Sites
You can prevent your computer from visiting a myriad of untrustworthy sites and ad-servers by installing a customised hosts file. One of the best available is the: MVPS Hosts File. Simply follow the instructions to install the file in the correct location. This will not only make surfing safer but will improve website load times and block popups from many of the large ad-servers.
*Remember just like your primary anti-virus software, it is important to keep all of these programs up-to-date and use them on a regular basis. It's Free
