neal,
after along time now i'm back again... to continue supporting you people..
here is my hijackthis log and i would like u to check if there is any virus proplems or do i need to remove or do something. thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:16 AM, on 10/8/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\s3trayp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Speed+\Configurator\ventcfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Integrator.exe
C:\Program Files\EpiValley\TATA Indicom Dialer\TATA Indicom Dialer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe -chkautorun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Venturi Configurator] C:\Program Files\Speed+\Configurator\ventcfg.exe -nomsgbox
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "D:\desktop items\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Battery Doubler.lnk = C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B6B5531-6AEE-484D-A4A6-A1868BC4F8D1}: NameServer = 203.197.12.30 202.54.1.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B6B5531-6AEE-484D-A4A6-A1868BC4F8D1}: NameServer = 203.197.12.30 202.54.1.18
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_ 3dsmax8server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Speed+\Client\ventc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5156 bytes

Yeah it has been quite awhile, hope all is going well.

What problems are you haveing?

Please download ATF Cleaner by Atribune to desktop.
http://www.atribune.org/public-beta/ATF-Cleaner.exe

Double-click ATF-Cleaner.exe to run the program.

If you would like to keep your cookies don't check that item

* Under Main "Select Files to Delete" choose: Select All.
* Click the Empty Selected button.
* If you use Firefox browser click Firefox at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
* If you use Opera browser click Opera at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


I see Windows Defender running but don't see an anti-virus program.

Free anti-virus programs

Free antivirus - Avira AntiVir

Download FREE antivirus software - avast! Home Edition

PC Tools - Free Download Anti Spyware, Antivirus, Firewall, Internet Security, Registry, Disk Repair software

Download, update and run a scan removeing anything if anything it finds.

What about a firewall? Are you useing Vista firewall?

the link u gave me for atribute cleaner i downloaded it and my antivirus detected as a virus file. bytheway, i have been using avast antivirus for long time already. but i dont knoe why it didnt show. and yes i am using vista's firewall.. isnt that enough?? just for yr info i have already downloaded version 3 for the atribute cleaner and deleted the cokkies and stuffs already

What is going on with your pc then?

sometimes when the computer is oned, it will get hangged and says explorar is closing if i choose cancle, my start menu and dekstop menu disappers so i enter the task manager and re add the explorar.exe again. this happends quite offten. why is that? btw, how is windows 7 going on?
are there virus issues as i wanted to try but i didnt get the setup file

Visit this page below to familiarize yourself to the tool below and download from one of the links provided.

A guide and tutorial on using ComboFix




If you have previously downloaded ComboFix,please delete that version now.



It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Please do not re-connect your machine back to the Internet until Combofix has completely finished.

Disable your antivirus program and any realtime malware scanners and script blockers now


How To Disable



Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Re-enable your anti-virus and re-connect back to the internet and post the combofix log.



*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

ComboFix SHOULD NOT be used unless requested by a forum helper.

ComboFix 09-04-25.A3 - ramesh 04/27/2009 23:38.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.957.377 [GMT 5.5:30]
Running from: c:\users\ramesh\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090321-0] *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\ramesh\AppData\Roaming\inst.exe
c:\windows\jestertb.dll
c:\windows\system32\gaopdxcounter
c:\windows\system32\Pncrt.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 )))))))))))))))))))))))))))))))
.

2009-04-25 23:58 . 2009-04-25 23:58 -------- d-----w c:\users\ramesh\AppData\Local\PC_Drivers_Headquart ers
2009-04-25 23:56 . 2009-04-25 23:56 -------- d-----w c:\users\All Users\PC Drivers HeadQuarters
2009-04-25 23:56 . 2009-04-25 23:56 -------- d-----w c:\programdata\PC Drivers HeadQuarters
2009-04-25 23:56 . 2009-04-25 23:56 -------- d-----w c:\program files\PC Drivers HeadQuarters
2009-04-25 23:55 . 2009-04-25 23:55 -------- d-----w c:\users\ramesh\AppData\Local\Downloaded Installations
2009-04-25 13:59 . 2009-04-25 16:51 -------- d-----w c:\users\ramesh\AppData\Local\Adobe
2009-04-25 06:28 . 2003-03-14 06:54 24576 ----a-w c:\windows\system32\ZyDelReg.exe
2009-04-25 06:28 . 2003-10-29 13:25 86016 ----a-w c:\windows\system32\ZDN50.dll
2009-04-25 06:28 . 2009-04-25 06:28 -------- d-----w c:\program files\ZyDAS Technology Corporation
2009-04-25 06:28 . 2004-04-29 11:10 28672 ----a-w c:\windows\system32\InsDrvZD.dll
2009-04-25 06:28 . 2004-03-15 09:19 57344 ----a-w c:\windows\system32\ZD12APP.dll
2009-04-25 06:28 . 2003-09-01 08:04 61440 ----a-w c:\windows\system32\ZDTRLib.DLL
2009-04-24 11:58 . 2009-04-24 11:58 -------- d-----w c:\users\ramesh\AppData\Local\Google
2009-04-24 11:58 . 2009-04-24 11:58 -------- d-----w c:\program files\Google
2009-04-23 10:52 . 2009-04-23 10:52 -------- d-----w c:\program files\MIKSOFT
2009-04-18 10:58 . 2009-04-18 10:58 -------- d-----w c:\users\ramesh\AppData\Local\MagicSoftware
2009-04-18 10:58 . 2009-04-18 10:58 -------- d-----w c:\program files\MagicDVDRipper
2009-04-11 08:16 . 2009-04-11 08:16 -------- d-----w c:\users\All Users\DigitalChocolate
2009-04-11 08:16 . 2009-04-11 08:16 -------- d-----w c:\programdata\DigitalChocolate
2009-04-11 08:15 . 2009-04-11 08:15 -------- d-----w c:\program files\Tower Bloxx Deluxe
2009-04-11 08:15 . 2009-04-11 08:15 -------- d-----w c:\windows\Tower Bloxx Deluxe
2009-04-09 15:00 . 2009-04-09 15:00 -------- d-----w C:\Team17
2009-04-09 02:25 . 2009-04-09 02:26 -------- d-----w c:\users\ramesh\AppData\Roaming\ICAClient
2009-04-09 02:24 . 2009-04-09 02:24 -------- d-----w c:\users\ramesh\AppData\Roaming\Runaware
2009-04-07 17:07 . 2009-04-07 17:12 -------- d-----w c:\users\ramesh\AppData\Roaming\vlc
2009-04-07 10:34 . 2009-04-07 10:40 -------- d-----w c:\program files\Mobiola Web Camera for S60
2009-04-07 08:58 . 2009-04-07 08:59 73 ----a-w c:\windows\EurekaLog.ini
2009-04-06 12:20 . 2009-04-06 12:20 -------- d-----w C:\ReimageUndo
2009-04-06 12:20 . 2009-04-06 12:20 -------- d-----w C:\rei
2009-04-06 12:20 . 2009-04-10 13:01 -------- d-----w c:\program files\Reimage
2009-04-06 11:36 . 2009-04-06 11:38 -------- d-----w c:\program files\Java
2009-04-06 11:36 . 2009-04-06 11:36 -------- d-----w c:\program files\Common Files\Java
2009-04-05 05:15 . 2009-04-05 05:22 -------- d-----w c:\users\ramesh\AppData\Roaming\Download Manager
2009-04-04 23:14 . 2009-04-04 23:14 -------- d-----w c:\users\ramesh\AppData\Local\DFX
2009-04-04 23:09 . 2009-04-04 23:10 -------- d-----w c:\users\All Users\DFX
2009-04-04 23:09 . 2009-04-04 23:10 -------- d-----w c:\programdata\DFX
2009-04-04 23:09 . 2009-04-04 23:09 -------- d-----w c:\program files\Common Files\DFX
2009-04-04 23:09 . 2009-04-06 09:06 -------- d-----w c:\program files\DFX
2009-04-04 19:38 . 2009-04-04 19:38 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-04 19:38 . 2009-04-04 19:38 47360 ----a-w c:\users\ramesh\AppData\Roaming\pcouffin.sys
2009-04-04 19:37 . 2009-04-04 19:53 -------- d-----w c:\users\ramesh\AppData\Roaming\Vso
2009-04-04 19:37 . 2007-03-18 16:07 65602 ----a-w c:\windows\system32\cook3260.dll
2009-04-04 19:37 . 2006-09-29 07:56 176165 ----a-w c:\windows\system32\drv23260.dll
2009-04-04 19:37 . 2006-09-29 07:55 208935 ----a-w c:\windows\system32\drv33260.dll
2009-04-04 19:37 . 2006-09-29 07:54 217127 ----a-w c:\windows\system32\drv43260.dll
2009-04-04 19:37 . 2002-12-09 21:50 102439 ----a-w c:\windows\system32\sipr3260.dll
2009-04-04 19:37 . 2006-05-20 11:46 1184984 ----a-w c:\windows\system32\wvc1dmod.dll
2009-04-04 19:37 . 2006-05-11 14:51 626688 ----a-w c:\windows\system32\vp7vfw.dll
2009-04-04 19:37 . 2009-04-04 19:37 -------- d-----w c:\program files\VSO
2009-04-03 04:26 . 2009-04-03 04:26 -------- d-----w c:\program files\EpiValley
2009-04-03 03:14 . 2009-04-03 03:14 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2009-04-02 22:40 . 2009-04-02 22:40 0 ---ha-w c:\windows\SwSys2.bmp
2009-04-02 22:40 . 2009-04-02 22:40 0 ---ha-w c:\windows\SwSys1.bmp
2009-04-02 22:38 . 2007-07-03 04:25 1368064 ----a-w c:\windows\system32\vistaundo.exe
2009-04-02 16:10 . 2009-04-02 16:19 -------- d-----w c:\program files\Common Files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-27 17:32 . 2009-01-08 04:00 -------- d-----w c:\users\ramesh\AppData\Roaming\Skype
2009-04-27 12:38 . 2009-01-08 04:04 -------- d-----w c:\users\ramesh\AppData\Roaming\skypePM
2009-04-26 00:12 . 2008-11-04 04:25 -------- d-----w c:\program files\Your Uninstaller 2008
2009-04-26 00:11 . 2008-11-04 04:25 -------- d---a-w c:\programdata\TEMP
2009-04-25 23:58 . 2008-10-04 05:29 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-25 22:44 . 2009-01-16 19:02 -------- d-----w c:\users\ramesh\AppData\Roaming\uTorrent
2009-04-25 06:53 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-25 06:53 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-25 06:53 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-25 06:52 . 2009-03-25 07:44 -------- d-----w c:\program files\Realtek
2009-04-25 06:51 . 2008-10-04 16:33 -------- d-----w c:\users\ramesh\AppData\Roaming\InstallShield
2009-04-24 11:02 . 2008-10-18 14:56 -------- d-----w c:\users\ramesh\AppData\Roaming\dvdcss
2009-04-23 01:56 . 2008-10-08 04:47 -------- d-----w c:\program files\Windows Live
2009-04-11 17:37 . 2009-03-28 11:51 -------- d-----w c:\users\ramesh\AppData\Roaming\DVD Flick
2009-04-10 12:36 . 2008-10-04 12:07 -------- d-----w c:\program files\Common Files\Adobe
2009-04-09 15:00 . 2008-10-04 05:29 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-07 10:06 . 2008-10-04 16:04 -------- d-----w c:\program files\Elaborate Bytes
2009-04-07 09:28 . 2009-03-22 02:43 -------- d-----w c:\program files\Free Download Manager
2009-04-07 09:12 . 2008-10-04 09:53 -------- d-----w c:\program files\Autodesk
2009-04-07 08:53 . 2008-10-04 10:21 -------- d-----w c:\programdata\Autodesk
2009-04-07 08:53 . 2008-10-04 10:18 -------- d-----w c:\program files\Common Files\Autodesk Shared
2009-04-07 01:31 . 2008-10-04 05:18 100936 ----a-w c:\users\ramesh\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-02 16:10 . 2008-10-04 06:19 -------- d-----w c:\programdata\Nero
2009-03-28 11:50 . 2009-03-28 11:50 -------- d-----w c:\program files\DVD Flick
2009-03-28 01:45 . 2009-03-28 01:17 -------- d-----w c:\users\ramesh\AppData\Roaming\Ketarin
2009-03-25 07:49 . 2009-03-25 02:08 -------- d--h--w c:\program files\Temp
2009-03-25 07:44 . 2008-10-04 05:32 319456 ----a-w c:\windows\DIFxAPI.dll
2009-03-25 07:42 . 2009-03-25 07:42 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2009-03-25 01:36 . 2009-01-31 01:34 -------- d-----w c:\program files\AviSynth 2.5
2009-03-25 01:31 . 2009-03-25 01:31 -------- d-----w c:\users\ramesh\AppData\Roaming\com.adobe.mauby.48 75E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-03-25 01:06 . 2009-03-22 02:44 -------- d-----w c:\users\ramesh\AppData\Roaming\Software Informer
2009-03-25 00:53 . 2009-03-25 00:53 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-24 21:59 . 2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini
2009-03-24 21:46 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
2009-03-24 21:46 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
2009-03-24 21:46 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-24 21:46 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery
2009-03-24 21:46 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Journal
2009-03-24 21:46 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration
2009-03-24 21:46 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
2009-03-24 21:44 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat
2009-03-24 19:00 . 2006-11-02 10:32 101888 ----a-w c:\windows\System32\ifxcardm.dll
2009-03-24 19:00 . 2006-11-02 10:32 82432 ----a-w c:\windows\System32\axaltocm.dll
2009-03-24 17:18 . 2009-03-24 17:18 1380403 ----a-w c:\windows\System32\avgsdk.dll
2009-03-22 02:43 . 2009-03-22 02:43 -------- d-----w c:\program files\Software Informer
2009-03-18 16:03 . 2009-03-18 16:03 -------- d-----w c:\program files\VeryPDF PDF2Word v3.0
2009-03-17 10:41 . 2008-10-04 16:13 -------- d-----w c:\programdata\Microsoft Help
2009-03-17 10:40 . 2009-03-17 10:40 268288 ----a-w c:\windows\System32\schannel.dll
2009-03-17 10:38 . 2009-03-17 10:38 2033152 ----a-w c:\windows\System32\win32k.sys
2009-03-15 13:18 . 2009-03-15 13:18 -------- d-----w c:\program files\Almeza
2009-03-13 14:26 . 2009-03-13 14:26 -------- d-----w c:\program files\Acoustica MP3 Audio Mixer
2009-03-12 18:43 . 2009-03-12 18:43 -------- d-----w c:\program files\Dart Karaoke Studio CDG
2009-03-12 12:41 . 2009-03-25 07:44 1003040 ----a-w c:\windows\System32\RtkPgExt.dll
2009-03-12 12:41 . 2009-03-25 07:44 49184 ----a-w c:\windows\System32\RtkCoInst.dll
2009-03-12 12:41 . 2009-03-25 07:44 326176 ----a-w c:\windows\System32\RtkApoApi.dll
2009-03-12 12:41 . 2009-03-25 07:44 2523680 ----a-w c:\windows\System32\RtkAPO.dll
2009-03-12 12:00 . 2009-03-25 07:44 2342688 ----a-w c:\windows\system32\drivers\RTKVHDA.sys
2009-03-10 14:03 . 2009-01-16 19:20 -------- d-----w c:\program files\SpeedBit Video Accelerator
2009-03-09 12:51 . 2008-10-11 12:27 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-03-09 12:51 . 2008-10-11 12:25 -------- d-----w c:\programdata\Roxio
2009-03-09 12:51 . 2008-10-11 12:25 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-03-07 15:51 . 2009-03-06 16:56 -------- d-----w c:\users\ramesh\AppData\Roaming\mIRC
2009-03-04 13:22 . 2009-03-04 13:21 -------- d-----w c:\users\ramesh\AppData\Roaming\Nokia
2009-03-04 13:22 . 2009-03-04 13:17 -------- d-----w c:\users\ramesh\AppData\Roaming\PC Suite
2009-03-04 13:22 . 2009-03-04 13:22 -------- d-----w c:\programdata\PC Suite
2009-03-04 13:19 . 2009-03-04 13:19 -------- d-----w c:\program files\DIFX
2009-03-04 13:10 . 2009-03-04 13:10 -------- d-----w c:\programdata\Installations
2009-03-01 06:14 . 2009-03-01 06:14 -------- d-----w c:\program files\filehippo.com
2009-02-28 17:47 . 2008-12-20 03:12 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-28 17:05 . 2009-02-28 17:05 233888 ----a-w c:\windows\System32\DreamScene.dll
2009-02-28 17:01 . 2009-02-28 17:01 8147456 ----a-w c:\windows\System32\wmploc.DLL
2009-02-28 17:01 . 2009-02-28 17:01 7680 ----a-w c:\windows\System32\spwmp.dll
2009-02-28 17:01 . 2009-02-28 17:01 4096 ----a-w c:\windows\System32\dxmasf.dll
2009-02-28 16:51 . 2009-02-28 16:51 97800 ----a-w c:\windows\System32\infocardapi.dll
2009-02-28 16:51 . 2009-02-28 16:51 622080 ----a-w c:\windows\System32\icardagt.exe
2009-02-28 16:51 . 2009-02-28 16:51 11264 ----a-w c:\windows\System32\icardres.dll
2009-02-28 16:51 . 2009-02-28 16:51 105016 ----a-w c:\windows\System32\PresentationCFFRasterizerNativ e_v0300.dll
2009-02-28 16:51 . 2009-02-28 16:51 326160 ----a-w c:\windows\System32\PresentationHost.exe
2009-02-28 16:51 . 2009-02-28 16:51 781344 ----a-w c:\windows\System32\PresentationNative_v0300.dll
2009-02-28 16:51 . 2009-02-28 16:51 43544 ----a-w c:\windows\System32\PresentationHostProxy.dll
2009-02-28 16:08 . 2009-02-28 16:08 96760 ----a-w c:\windows\System32\dfshim.dll
2009-02-28 16:08 . 2009-02-28 16:08 41984 ----a-w c:\windows\System32\netfxperf.dll
2009-02-28 16:08 . 2009-02-28 16:08 282112 ----a-w c:\windows\System32\mscoree.dll
2009-02-28 16:08 . 2009-02-28 16:08 158720 ----a-w c:\windows\System32\mscorier.dll
2009-02-28 16:08 . 2009-02-28 16:08 83968 ----a-w c:\windows\System32\mscories.dll
2009-02-12 14:54 . 2009-03-25 07:44 282112 ----a-w c:\windows\System32\RTPCEE32.dll
2009-02-12 11:22 . 2009-03-25 07:44 159232 ----a-w c:\windows\System32\FMAPO.dll
2009-02-12 07:55 . 2009-02-12 07:55 827392 ----a-w c:\windows\System32\wininet.dll
2009-02-12 07:51 . 2009-02-12 07:51 428544 ----a-w c:\windows\System32\EncDec.dll
2009-02-12 07:51 . 2009-02-12 07:51 293376 ----a-w c:\windows\System32\psisdecd.dll
2009-02-10 12:29 . 2009-02-10 12:29 3982 ----a-w c:\windows\87t98.sys
2009-02-06 13:22 . 2009-02-06 13:22 49504 ----a-w c:\windows\System32\sirenacm.dll
2008-12-31 22:07 . 2008-11-30 03:43 1867823 ----a-w c:\users\ramesh\AppData\Roaming\Windows Speed Secrets.exe
2008-12-20 02:59 . 2008-12-20 02:58 30256 ----a-w c:\users\ramesh\AppData\Roaming\Patcher.exe
2008-10-27 05:28 . 2008-10-27 05:28 46 ----a-w c:\users\ramesh\AppData\Roaming\svighost.dll
2008-10-04 05:31 . 2008-10-04 05:16 680 ----a-w c:\users\ramesh\AppData\Local\d3d9caps.dat
2008-10-04 16:05 . 2008-10-04 16:05 0 --sh--w c:\windows\S764DEF32.tmp
2006-11-22 14:58 . 2006-11-22 14:58 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-12 6965792]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-12 1833504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-09 1025320]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-02-05 81000]
"USBScan.exe"="c:\program files\USBScan\USBScan.exe" [2008-11-03 455168]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-09 102400]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"S3Trayp"="S3trayp.exe" - c:\windows\System32\s3trayp.exe [2007-06-26 176128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ZDConfig.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.exe [2009-4-25 466944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoStartMenuMyGames"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2742868963-988146608-1310837689-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"TCP Query User{9F62BA50-4759-49B7-A0E4-9D2C33B8AFFF}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"UDP Query User{227375AB-98C6-478F-9ECA-ABE6196C8313}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"{7D66EF01-7ED3-4006-9CB8-6794F3C581FC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{EA176CFE-1AA8-475D-80FF-4BFD3771B110}i:\\new folder\\latestpmsg.exe"= UDP:i:\new folder\latestpmsg.exe:IPMsg English
"UDP Query User{6091473D-E239-408A-8AC5-DF50064419E6}i:\\new folder\\latestpmsg.exe"= TCP:i:\new folder\latestpmsg.exe:IPMsg English
"{FEE81A2A-4892-4EE8-8F59-2CD8B59E4F0B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{A0B2FDD9-98B7-47F3-AAFB-28D7EA073E70}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{11715F84-C523-41D8-A41E-631707878754}"= UDP:12289:Utorrent
"TCP Query User{CAF17B2A-1DAE-4831-925F-21E4EB7CAA0E}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{A65EF386-33F9-48E0-ADDA-0B420096F714}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{CEBAF152-E7CB-4109-9040-4EF5A7ADC3AB}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{199BDC97-A57E-4FCE-8631-4745CA96916C}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{A3B165CE-7761-4C85-8F08-C456D91FA3D5}c:\\users\\ramesh\\desktop\\utorrent_ turbo_booster_v2.0.3.0.freesoftzone\\utorrent.exe" = UDP:c:\users\ramesh\desktop\utorrent_turbo_booster _v2.0.3.0.freesoftzone\utorrent.exe:utorrent.exe
"UDP Query User{6FF78DDD-3A2D-4E50-9B27-EAD60103143B}c:\\users\\ramesh\\desktop\\utorrent_ turbo_booster_v2.0.3.0.freesoftzone\\utorrent.exe" = TCP:c:\users\ramesh\desktop\utorrent_turbo_booster _v2.0.3.0.freesoftzone\utorrent.exe:utorrent.exe
"{8BAA0435-BE28-4848-83EE-0DB16103E8F5}"= UDP:990:LocalSubnet:LocalSubnet|IF={A9A1569A-715C-4FD1-BC9E-B10F723D4D2E}|%SystemRoot%\system32\svchost.exe|Sv c=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{A0E16684-8A21-42EB-BB3A-6C9B495A1A6A}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{9C4D7F9D-20F0-4818-A109-F1D396960FF5}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{C63646C9-AF9C-45DB-8D7B-707D218BD354}c:\\users\\ramesh\\desktop\\sro_l4_fu ll_client_downloader.exe"= UDP:c:\users\ramesh\desktop\sro_l4_full_client_dow nloader.exe:sro_l4_full_client_downloader.exe
"UDP Query User{F18554DA-E9D5-40BE-9A3A-49DDC226F448}c:\\users\\ramesh\\desktop\\sro_l4_fu ll_client_downloader.exe"= TCP:c:\users\ramesh\desktop\sro_l4_full_client_dow nloader.exe:sro_l4_full_client_downloader.exe
"TCP Query User{4DE74629-654A-40A1-B51B-E0E009940855}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{9E508770-E8C6-4775-BD4D-ED5750E1E004}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"{43AC52F1-5A5C-49ED-9683-7C0490E78D7D}"= UDP:990:LocalSubnet:LocalSubnet|IF={A9A1569A-715C-4FD1-BC9E-B10F723D4D2E}|%SystemRoot%\system32\svchost.exe|Sv c=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{FBB834D7-0951-4CF5-8DFC-5170E785E98E}"= UDP:990:LocalSubnet:LocalSubnet|IF={A9A1569A-715C-4FD1-BC9E-B10F723D4D2E}|%SystemRoot%\system32\svchost.exe|Sv c=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{061F9938-AABC-450F-93C7-96FC2930864F}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{5A93967B-04C4-4473-89EF-FF64EC2979D7}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk

R3 CD-Lock;CD-Lock;c:\program files\CD-Lock\cdm.sys [2007-03-06 29056]
S1 aswSP;avast! Self Protection; [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\el rawdsk.sys [2008-12-09 20392]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswF sBlk.sys [2009-02-05 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\as wMonFlt.sys [2009-02-05 51792]
S2 HsfXAudioService;HsfXAudioService;c:\windows\syste m32\svchost.exe [2008-01-19 21504]
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\DRIVERS\fetnd6v.sys [2008-12-04 43520]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-10-20 497152]
S3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\VTGKMode DX32.sys [2007-07-20 791040]
S3 sit_bus;SIT_1x_usbmodem Device;c:\windows\system32\Drivers\sit_bus.sys [2007-04-17 22144]
S3 sit_flt;SUNGIL USB Filter Service;c:\windows\system32\DRIVERS\sit_flt.sys [2007-04-18 4352]
S3 sit_mdm;SIT_1x_usbmodem ;c:\windows\system32\Drivers\sit_mdm.sys [2007-04-17 39680]
S3 sit_prt;SIT_1x_usbmodem Port;c:\windows\system32\Drivers\sit_prt.sys [2007-04-17 38656]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{252ac873-91f2-11dd-a5e4-0040d0d4b17c}]
\shell\AutoRun\command - H:\rs.cmd
\shell\explore\Command - H:\rs.cmd
\shell\open\Command - H:\rs.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{786199df-142d-11de-b269-00106092d6de}]
\shell\AutoRun\command - i:\windows\usbv.exe
\shell\open\command - i:\windows\usbv.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{89249dba-d93c-11dd-a305-00106092d6de}]
\shell\AutoRun\command - i:\autorun\AutoStart.exe
\shell\Explore\Command - i:\autorun\AutoStart.exe
\shell\Open\Command - i:\autorun\AutoStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9ae8d427-9292-11dd-8472-0040d0d4b17c}]
\shell\AutoRun\command - I:\a1.bat
\shell\explore\Command - I:\a1.bat
\shell\open\Command - I:\a1.bat

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2009-04-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 03:39]
.
.
------- Supplementary Scan -------
.
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\ramesh\AppData\Roaming\Mozilla\Firefox\Pr ofiles\dydod3w5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 23:45
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000053

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-04-27 23:48
ComboFix-quarantined-files.txt 2009-04-27 18:18

Pre-Run: 3,841,667,072 bytes free
Post-Run: 3,729,514,496 bytes free

344 --- E O F --- 2009-03-27 02:07

Two scans please:


Download SDFIX and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

• In Safe Mode, right click the SDFix.zip folder and choose Extract All,
• Open the extracted folder and double click RunThis.bat to start the script.
• Type Y to begin the script.
• It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• Your system will take longer that normal to restart as the fixtool will be running and removing files.
• When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
• Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

* Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and zLaunch Malwarebytes Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

there was a problem with the links you gave me to download so i downloaded it from another site. you had asked me to follow the procedure but there were some problem.i did up to the procedure what i pasted here because the file runthis could not be opened. so i ran the catchme file and it deleted as show bellow
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode, right click the SDFix.zip folder and choose Extract All,
* Open the extracted folder and double click RunThis.bat to start the script(catchme)



catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 10:25:15
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Shell Extensions\Approved\{A1E2759E-4C7B-DBB2-4C8C-EAF6F4D4C5AD}]
"bbkmikhhlagjenaenbfohnobjldkalbjfmhk"=hex:61,62,6 4,6e,6f,6c,6e,65,6a,68,63,6f,6d,69,6e,70,66,66,62, 68,67,..
"abkmikhhlagjenaenbibomlkgpojkkpgce"=hex:61,62,69, 70,6d,66,67,63,6d,6c,6c,67,64,6f,6a,66,65,70,6d,6c ,6c,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


this is the Malwarebytes' Anti-Malware. this went on perfect


Malwarebytes' Anti-Malware 1.36
Database version: 2072
Windows 6.0.6001 Service Pack 1

5/4/2009 12:23:41 PM
mbam-log-2009-05-04 (12-23-41).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 285421
Time elapsed: 2 hour(s), 41 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m sncache (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s opidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\m sncache (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s opidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\msncache (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ReimageUndo\PostReboot\PostRebootExecuter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\ramesh\AppData\Local\Temp\MSAGNT32.DLL (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\ramesh\AppData\Local\Temp\rtjsrjsrst40.lo g (Trojan.Refpron) -> Quarantined and deleted successfully.
C:\Users\ramesh\AppData\Local\Temp\rtjsrjsrst48.ex e (Trojan.Refpron) -> Quarantined and deleted successfully.
C:\Users\ramesh\AppData\Roaming\Windows Speed Secrets.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.
C:\Users\ramesh\AppData\Roaming\svighost.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\464ELODF\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\9HAYSAZR\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\dncyool64.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\dpcxool64.sys (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Windows\System32\msncache.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\sopidkc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\tpszxyd.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\w.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\personal\Personal\cracks\Crack Serials\ACDSee 9.0 Photo Manager Keygen Rus\Keygen\Keygen 9.0.108 Std.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\personal\Personal\cracks\WavePad_3.05___Keygen\ Keygen.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\personal\Personal\cracks\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\personal\virus file\PhotoShop CS3 Extended Keygen + Activation.exe (Trojan.Horst) -> Quarantined and deleted successfully.
E:\zango Setup.exe (Adware.Zango) -> Quarantined and deleted successfully.

this is the new hijackthislog

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:16 AM, on 10/8/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\s3trayp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Speed+\Configurator\ventcfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Integrator.exe
C:\Program Files\EpiValley\TATA Indicom Dialer\TATA Indicom Dialer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe -chkautorun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Venturi Configurator] C:\Program Files\Speed+\Configurator\ventcfg.exe -nomsgbox
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "D:\desktop items\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Battery Doubler.lnk = C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B6B5531-6AEE-484D-A4A6-A1868BC4F8D1}: NameServer = 203.197.12.30 202.54.1.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B6B5531-6AEE-484D-A4A6-A1868BC4F8D1}: NameServer = 203.197.12.30 202.54.1.18
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_ 3dsmax8server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Speed+\Client\ventc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5156 bytes