Trojan - Please Help

creative

Hi, I am having a problem with virus alert svchest.exe . When i login it says that avast detect an virus svchest.exe and when i move it in to chest it says the file is not found . i done a Kaspersky online scan and found 1 virus and 29 obect infectd . please help me to resolve the probelm . Many thanks in advance

Hijack this report

Logfile of HijackThis v1.99.1
Scan saved at 6:50:38 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Zonealarm\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Zonealarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [xydzyh] C:\WINDOWS\system32\xydzyh.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BF18E48-E9F1-417C-9F3E-D03CA06BB183}: NameServer = 84.203.254.34,84.203.255.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BF18E48-E9F1-417C-9F3E-D03CA06BB183}: NameServer = 84.203.254.34,84.203.255.34
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Indexing Helps (Indexingbox) - Unknown owner - %WINDIR%\system\svchest.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Kaspersky Online scan report

---

KASPERSKY ONLINE SCANNER REPORT
Saturday, February 16, 2008 6:46:12 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/02/2008
Kaspersky Anti-Virus database records: 569028

---

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 69985
Number of viruses found: 1
Number of infected objects: 29
Number of suspicious objects: 0
Duration of the scan process: 02:08:46
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP255\A0152074.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP256\A0152249.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP257\A0152392.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP257\A0152534.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP258\A0152643.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP259\A0152998.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP262\A0153635.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP263\A0153728.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP263\A0153769.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP263\A0154768.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP265\A0155238.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP265\A0156239.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP265\A0157238.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP265\A0157289.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP266\A0159291.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP267\A0160291.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP268\A0161291.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP272\A0162017.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP272\A0163007.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP274\A0163374.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\WINDOWS\system\svchest.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\WINDOWS\system\svchest.exe/data.rar Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\WINDOWS\system\svchest.exe RarSFX: infected - 2 skipped
C:\WINDOWS\system32\dd.exe/data.rar/svchest.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\WINDOWS\system32\dd.exe/data.rar/svchest.exe/data.rar Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\WINDOWS\system32\dd.exe/data.rar/svchest.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\WINDOWS\system32\dd.exe/data.rar Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\WINDOWS\system32\dd.exe RarSFX: infected - 4 skipped
C:\WINDOWS\system32\xydzyh.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped

I took only the infected Objects from the report

creative

I coudnt find the files to delete .Can you please let me know how can i remove these viruses ?

creative

Hi , Can anyone help me here to solve the issues ??

Trogan

The computer has been infected by a variant of the SDbot Trojan. This Trojan can give intruders complete control of your computer, logging key strokes, stealing information, etc.

You are strongly advised to do the following immediately!:

• Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned.
• Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
• From a clean computer, change *all* of your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

Because of its backdoor functionality, your PC is very likely compromised and there is no way to be sure it can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you make a more informed decision, please read the following articles:

• Danger: Remote Access Trojans.
• When should I re-format? How should I reinstall?
• How Do I Handle Possible Identify Theft, Internet Fraud and Credit Card Fraud?

Should you have any questions, please feel free to ask

Please let me know your decision and we'll get started with clean up if that's what you choose.

creative

Shockeing news!!!! totally upset . I dont have the resource to do a reinstall . can you hel p me out?

Trogan

Please download Combofix from Bleeping Computer.

If you can't download it from there, please try these 2 alternative sites:

Forospyware
Geeks to Go

• Save it to your Desktop.
• Disconnect from the Internet, than disable your anti-virus and any real-time anti-spyware monitors that are running.
• When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.

Note 1: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note 2: Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

creative

Thanks for your instant help . Appologies for send PM's not getting on replies. I Was confused the reply i got initially thats the reason for sending PM's.

Here is the Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 3:24:26 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Zonealarm\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Zonealarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BF18E48-E9F1-417C-9F3E-D03CA06BB183}: NameServer = 84.203.254.34,84.203.255.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BF18E48-E9F1-417C-9F3E-D03CA06BB183}: NameServer = 84.203.254.34,84.203.255.34
O17 - HKLM\System\CS3\Services\Tcpip\..\{1BF18E48-E9F1-417C-9F3E-D03CA06BB183}: NameServer = 84.203.254.34,84.203.255.34
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Cobofix Log
ComboFix 08-02-17.2 - ABC 2008-02-17 15:05:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.432 [GMT 0:00]
Running from: C:\Documents and Settings\ABC\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\ABC\Application Data\macromedia\Flash Player\#SharedObjects\JSVGS9KF\www.broadcaster.com
C:\Documents and Settings\ABC\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\ABC\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system\svchest.reg
C:\WINDOWS\system32\dd.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

---

\Indexingbox

((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.
2008-02-09 14:56 . 2008-02-16 18:11 <DIR> d

---

C:\Program Files\Spybot - Search & Destroy
2008-02-09 14:55 . 2008-02-09 14:53 691,545 --a

---

C:\WINDOWS\unins000.exe
2008-02-09 14:55 . 2008-02-09 14:55 3,455 --a

---

C:\WINDOWS\unins000.dat
2008-01-26 14:54 . 2008-02-09 09:00 <DIR> d

---

C:\Documents and Settings\BCD\Contacts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 15:11 16,242,720 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-17 15:10 191,372 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-16 18:02

---

d

---

w C:\Program Files\Google
2008-02-16 16:45

---

d

---

w C:\Documents and Settings\BCD\Application Data\Azureus
2008-02-16 16:43

---

d

---

w C:\Documents and Settings\ABC\Application Data\uTorrent
2008-02-16 16:41

---

d

---

w C:\Documents and Settings\ABC\Application Data\McAfee.com Personal Firewall
2008-02-09 15:01

---

d

---

w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-01 22:02

---

d

---

w C:\Documents and Settings\ABC\Application Data\dvdcss
2008-01-14 20:39

---

d

---

w C:\Program Files\MSN Messenger
2008-01-01 20:55

---

d

---

w C:\Documents and Settings\BCD\Application Data\Teleca
2008-01-01 20:53

---

d

---

w C:\Documents and Settings\BCD\Application Data\Sony Ericsson
2008-01-01 18:01

---

d

---

w C:\Documents and Settings\ABC\Application Data\Teleca
2008-01-01 18:00

---

d

---

w C:\Documents and Settings\ABC\Application Data\Sony Ericsson
2008-01-01 17:53

---

d

---

w C:\Program Files\Common Files\Teleca Shared
2008-01-01 17:53

---

d

---

w C:\Program Files\Common Files\Sony Ericsson Shared
2008-01-01 17:53

---

d

---

w C:\Documents and Settings\All Users\Application Data\Teleca
2008-01-01 17:53

---

d

---

w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-01-01 17:52

---

d

---

w C:\Program Files\Sony Ericsson
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2006-12-11 06:49 88 --sh--r C:\WINDOWS\system32\B26A6EC657.sys
2006-12-11 06:49 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-14 13:56 171448]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42 1404928]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36 114688]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"ZoneAlarm Client"="C:\Zonealarm\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2chkdsk]
C:\WINDOWS\system32\nnxhnyoc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\VCD Rip\Free Download Manager\fdm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a

---

2005-07-12 18:05 1117184 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a

---

2004-10-13 16:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
-ra

---

2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a

---

2007-02-14 13:56 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a

---

2007-08-30 16:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"STI Simulator"=2 (0x2)
S3 PAC7311;VGA SoC [EMAIL="PC-Camer@;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS"]PC-Camer@;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS[/EMAIL] [2005-09-16 13:34]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0648d07e-f8b0-11da-89a8-001676087236}]
\Shell\AutoRun\command - E:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e863206-44fa-11db-8a88-001676087236}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 15:11:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

---

Other Running Processes

---

.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-02-17 15:16:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 15:16:44
.
2008-02-13 22:08:59 --- E O F ---

Trogan

Please do the following...

1. Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis

2. Open Notepad and copy/paste the text in the Quote Box below into it:

File::
C:\WINDOWS\system32\xydzyh.exe
C:\WINDOWS\system32\B26A6EC657.sys
C:\WINDOWS\system32\nnxhnyoc.dll

Save this as CFScript.txt to your Desktop



Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

creative

Trogan , I done exactly what you said above post

Here is the Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 1:09:02 PM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Zonealarm\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Zonealarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BF18E48-E9F1-417C-9F3E-D03CA06BB183}: NameServer = 84.203.254.34,84.203.255.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BF18E48-E9F1-417C-9F3E-D03CA06BB183}: NameServer = 84.203.254.34,84.203.255.34
O17 - HKLM\System\CS3\Services\Tcpip\..\{1BF18E48-E9F1-417C-9F3E-D03CA06BB183}: NameServer = 84.203.254.34,84.203.255.34
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Combofix Log

ComboFix 08-02-17.2 - ABC 2008-02-18 12:56:01.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.425 [GMT 0:00]
Running from: C:\Documents and Settings\ABC\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ABC\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\B26A6EC657.sys
C:\WINDOWS\system32\nnxhnyoc.dll
C:\WINDOWS\system32\xydzyh.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\B26A6EC657.sys
.
((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.
2008-02-09 14:56 . 2008-02-16 18:11 <DIR> d

---

C:\Program Files\Spybot - Search & Destroy
2008-02-09 14:55 . 2008-02-09 14:53 691,545 --a

---

C:\WINDOWS\unins000.exe
2008-02-09 14:55 . 2008-02-09 14:55 3,455 --a

---

C:\WINDOWS\unins000.dat
2008-01-26 14:54 . 2008-02-09 09:00 <DIR> d

---

C:\Documents and Settings\BCD\Contacts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 12:59 16,955,424 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-17 23:31 199,532 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-16 18:02

---

d

---

w C:\Program Files\Google
2008-02-16 16:45

---

d

---

w C:\Documents and Settings\BCD\Application Data\Azureus
2008-02-16 16:43

---

d

---

w C:\Documents and Settings\ABC\Application Data\uTorrent
2008-02-16 16:41

---

d

---

w C:\Documents and Settings\ABC\Application Data\McAfee.com Personal Firewall
2008-02-09 15:01

---

d

---

w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-07 18:48 9,914,907 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-07 02:28 2,099,200 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2008-02-01 22:02

---

d

---

w C:\Documents and Settings\ABC\Application Data\dvdcss
2008-01-29 08:15 3,127,808 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-01-27 10:14 2,084,864 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2008-01-14 20:39

---

d

---

w C:\Program Files\MSN Messenger
2008-01-09 03:09 4,728,320 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2008-01-09 03:09 2,074,112 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2008-01-01 20:55

---

d

---

w C:\Documents and Settings\BCD\Application Data\Teleca
2008-01-01 20:53

---

d

---

w C:\Documents and Settings\BCD\Application Data\Sony Ericsson
2008-01-01 18:01

---

d

---

w C:\Documents and Settings\ABC\Application Data\Teleca
2008-01-01 18:00

---

d

---

w C:\Documents and Settings\ABC\Application Data\Sony Ericsson
2008-01-01 17:53

---

d

---

w C:\Program Files\Common Files\Teleca Shared
2008-01-01 17:53

---

d

---

w C:\Program Files\Common Files\Sony Ericsson Shared
2008-01-01 17:53

---

d

---

w C:\Documents and Settings\All Users\Application Data\Teleca
2008-01-01 17:53

---

d

---

w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-01-01 17:52

---

d

---

w C:\Program Files\Sony Ericsson
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584

---

w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 16:36 2,012,672 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2007-12-06 10:05 18,432

---

w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-04 18:38 550,912

---

w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912

---

w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-26 09:20 2,646,016 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2007-11-14 09:29 3,266,048 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2007-11-01 17:04 242,176 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2007-10-18 12:58 1,930,240 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2007-10-04 20:09 46,592 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2007-10-04 14:37 23,552 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2007-10-04 14:26 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2007-10-04 14:26 1,874,432 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2007-10-04 14:23 1,874,432 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2007-10-04 14:16 22,016 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2007-10-04 14:03 19,968 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2007-10-04 13:53 27,648 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2007-10-04 13:53 1,873,408 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2007-10-04 13:40 1,871,872 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2007-10-04 13:25 2,229,760 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2007-10-04 13:25 1,870,848 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2007-10-03 15:38 1,868,800 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2007-09-13 08:16 2,747,904 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2007-09-13 08:16 1,697,280 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2007-09-06 15:22 16,371,005 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_09_06_04_54_22_full.dmp.zip
2007-09-06 15:21 16,245,717 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_09_05_22_30_58_full.dmp.zip
2007-09-06 15:21 112,543 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_09_06_04_48_54_small.dmp.zip
2007-08-04 04:12 2,771,968 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2007-07-18 14:54 1,563,648 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2007-06-30 12:12 1,528,320 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2007-06-14 11:41 398,336 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2007-06-10 11:55 69,120 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2007-06-09 10:12 2,648,576 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2007-06-09 10:12 1,464,832 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2007-06-04 11:44 1,457,152 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2007-05-10 07:27 773,632 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2007-05-09 13:36 1,427,456 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-05-09 13:36 1,407,488 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2007-05-02 08:16 1,928,704 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-04-18 15:22 1,346,560 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-04-14 20:08 1,330,688 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-04-14 20:08 1,313,792 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-03-31 12:28 813,056 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-03-31 12:28 1,345,536 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-03-31 12:26 1,345,024 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2006-12-11 06:49 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-14 13:56 171448]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42 1404928]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36 114688]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"ZoneAlarm Client"="C:\Zonealarm\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2chkdsk]
C:\WINDOWS\system32\nnxhnyoc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\VCD Rip\Free Download Manager\fdm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a

---

2005-07-12 18:05 1117184 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a

---

2004-10-13 16:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
-ra

---

2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a

---

2007-02-14 13:56 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a

---

2007-08-30 16:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"STI Simulator"=2 (0x2)
S3 PAC7311;VGA SoC [EMAIL="PC-Camer@;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS"]PC-Camer@;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS[/EMAIL] [2005-09-16 13:34]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0648d07e-f8b0-11da-89a8-001676087236}]
\Shell\AutoRun\command - E:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e863206-44fa-11db-8a88-001676087236}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 13:00:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-18 13:01:21
ComboFix-quarantined-files.txt 2008-02-18 13:01:09
ComboFix2.txt 2008-02-17 15:16:53
.
2008-02-13 22:08:59 --- E O F ---

Trogan

Sorry for the delay. I'll reply with further instructions as soon as possible.

Trogan

Apologies for the delay.

We need to disable SpyBots TeaTimer as it may interfere with the fix.

• Open Spybot Search & Destroy
• Go to the Mode menu, and make sure "Advanced Mode" is selected
• On the left hand side, choose Tools -> Resident
• Uncheck "Resident TeaTimer" and OK any prompts
• Exit SpyBot

Please do the following...

1. I need to see another log from HijackThis.

• Run Hijackthis.
• Click on Open the Misc Tools section.
• Next click on Open uninstall manager.
• Press the Save list button.
• Save the file to your desktop, with the default name of uninstall_list
• Copy & Paste the entire contents of that file in your in your next post.

2. Open Notepad and copy/paste the text in the Quote Box below into it:

File::
C:\WINDOWS\system32\nnxhnyoc.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2chkdsk]

Save this as CFScript.txt to your Desktop



Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with the Uninstall list and a new HijackThis log.

creative

Togan, Dont say any appology . You peeople are doing an excellant job and it need to be appreciated . I am here in this site for the 3rd time with some issues . everytime you people providing solution for issues in a timely manner . This need to be appreciated !

here the new Reports

Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 9:00:12 AM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Zonealarm\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Zonealarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BF18E48-E9F1-417C-9F3E-D03CA06BB183}: NameServer = 84.203.254.34,84.203.255.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BF18E48-E9F1-417C-9F3E-D03CA06BB183}: NameServer = 84.203.254.34,84.203.255.34
O17 - HKLM\System\CS3\Services\Tcpip\..\{1BF18E48-E9F1-417C-9F3E-D03CA06BB183}: NameServer = 84.203.254.34,84.203.255.34
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Unlistall_list
Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Photoshop Album 2.0
Adobe Photoshop Elements 2.0
Adobe Reader 7.0.9
Adobe Shockwave Player
Any DWG to PDF Converter 2005.5.5
avast! Antivirus
BitTornado 0.3.7
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Classic PhoneTools
Dell Driver Reset Tool
Dell Support 5.0.0 (630)
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Google Toolbar for Internet Explorer
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
ImageMixer for HDD Camcorder
Intel(R) 537EP V9x DFV PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
K-Lite Codec Pack 2.77 Full
McAfee Uninstaller
MCU
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Video 9 VCM
Microsoft Works 7.0
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (2.0.0.3)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero OEM
Panda ActiveScan
PC VGA Camer@
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Sonic Activation Module
Sony Ericsson PC Suite
SopCast 1.1.2
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster v3.5.1
TVUPlayer 2.3.2.19
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
VideoLAN VLC media player 0.8.6c
Virtools 3D Life Player
VoipBuster
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinRAR archiver
Yahoo! Browser Services
Yahoo! Browser Services
Yahoo! Messenger
ZoneAlarm

Cobofix Log
ComboFix 08-02-17.2 - ABC 2008-02-20 8:50:59.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.462 [GMT 0:00]
Running from: C:\Documents and Settings\ABC\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ABC\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\nnxhnyoc.dll
.
((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.
2008-02-09 14:56 . 2008-02-16 18:11 <DIR> d

---

C:\Program Files\Spybot - Search & Destroy
2008-02-09 14:55 . 2008-02-09 14:53 691,545 --a

---

C:\WINDOWS\unins000.exe
2008-02-09 14:55 . 2008-02-09 14:55 3,455 --a

---

C:\WINDOWS\unins000.dat
2008-01-26 14:54 . 2008-02-09 09:00 <DIR> d

---

C:\Documents and Settings\BCD\Contacts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 08:56 17,369,120 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-20 08:41

---

d

---

w C:\Documents and Settings\ABC\Application Data\uTorrent
2008-02-18 21:56 200,732 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-16 18:02

---

d

---

w C:\Program Files\Google
2008-02-16 16:45

---

d

---

w C:\Documents and Settings\BCD\Application Data\Azureus
2008-02-16 16:41

---

d

---

w C:\Documents and Settings\ABC\Application Data\McAfee.com Personal Firewall
2008-02-09 15:01

---

d

---

w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-07 18:48 9,914,907 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-07 02:28 2,099,200 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2008-02-01 22:02

---

d

---

w C:\Documents and Settings\ABC\Application Data\dvdcss
2008-01-29 08:15 3,127,808 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-01-27 10:14 2,084,864 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2008-01-14 20:39

---

d

---

w C:\Program Files\MSN Messenger
2008-01-09 03:09 4,728,320 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2008-01-09 03:09 2,074,112 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2008-01-01 20:55

---

d

---

w C:\Documents and Settings\BCD\Application Data\Teleca
2008-01-01 20:53

---

d

---

w C:\Documents and Settings\BCD\Application Data\Sony Ericsson
2008-01-01 18:01

---

d

---

w C:\Documents and Settings\ABC\Application Data\Teleca
2008-01-01 18:00

---

d

---

w C:\Documents and Settings\ABC\Application Data\Sony Ericsson
2008-01-01 17:53

---

d

---

w C:\Program Files\Common Files\Teleca Shared
2008-01-01 17:53

---

d

---

w C:\Program Files\Common Files\Sony Ericsson Shared
2008-01-01 17:53

---

d

---

w C:\Documents and Settings\All Users\Application Data\Teleca
2008-01-01 17:53

---

d

---

w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-01-01 17:52

---

d

---

w C:\Program Files\Sony Ericsson
2007-12-18 09:51 179,584

---

w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 16:36 2,012,672 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2007-12-06 10:05 18,432

---

w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-04 18:38 550,912

---

w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912

---

w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-26 09:20 2,646,016 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2007-11-14 09:29 3,266,048 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2007-11-01 17:04 242,176 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2007-10-18 12:58 1,930,240 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2007-10-04 20:09 46,592 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2007-10-04 14:37 23,552 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2007-10-04 14:26 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2007-10-04 14:26 1,874,432 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2007-10-04 14:23 1,874,432 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2007-10-04 14:16 22,016 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2007-10-04 14:03 19,968 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2007-10-04 13:53 27,648 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2007-10-04 13:53 1,873,408 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2007-10-04 13:40 1,871,872 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2007-10-04 13:25 2,229,760 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2007-10-04 13:25 1,870,848 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2007-10-03 15:38 1,868,800 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2007-09-13 08:16 2,747,904 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2007-09-13 08:16 1,697,280 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2007-09-06 15:22 16,371,005 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_09_06_04_54_22_full.dmp.zip
2007-09-06 15:21 16,245,717 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_09_05_22_30_58_full.dmp.zip
2007-09-06 15:21 112,543 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_09_06_04_48_54_small.dmp.zip
2007-08-04 04:12 2,771,968 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2007-07-18 14:54 1,563,648 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2007-06-30 12:12 1,528,320 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2007-06-14 11:41 398,336 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2007-06-10 11:55 69,120 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2007-06-09 10:12 2,648,576 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2007-06-09 10:12 1,464,832 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2007-06-04 11:44 1,457,152 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2007-05-10 07:27 773,632 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2007-05-09 13:36 1,427,456 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-05-09 13:36 1,407,488 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2007-05-02 08:16 1,928,704 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-04-18 15:22 1,346,560 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-04-14 20:08 1,330,688 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-04-14 20:08 1,313,792 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-03-31 12:28 813,056 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-03-31 12:28 1,345,536 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-03-31 12:26 1,345,024 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2006-12-11 06:49 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-14 13:56 171448]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42 1404928]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36 114688]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"ZoneAlarm Client"="C:\Zonealarm\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\VCD Rip\Free Download Manager\fdm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a

---

2005-07-12 18:05 1117184 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a

---

2004-10-13 16:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
-ra

---

2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a

---

2007-02-14 13:56 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a

---

2007-08-30 16:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"STI Simulator"=2 (0x2)
S3 PAC7311;VGA SoC [EMAIL="PC-Camer@;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS"]PC-Camer@;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS[/EMAIL] [2005-09-16 13:34]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0648d07e-f8b0-11da-89a8-001676087236}]
\Shell\AutoRun\command - E:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e863206-44fa-11db-8a88-001676087236}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 08:56:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-20 8:58:12
ComboFix-quarantined-files.txt 2008-02-20 08:57:59
ComboFix2.txt 2008-02-18 13:01:23
ComboFix3.txt 2008-02-17 15:16:53
.
2008-02-13 22:08:59 --- E O F ---

Trogan

Hi,

Please do the following...

1. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

• Download the latest version of Java(TM) SE Runtime Environment 6 update4.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.

2. Please uninstall Adobe Reader 7.0.9 from Add/Remove programs. Then, install the latest version of Adober Reader.

3. Please run a new scan with Kaspersky and post the report here.

creative

Trogan , Please find New Kaspersky Report

---

KASPERSKY ONLINE SCANNER REPORT
Thursday, February 21, 2008 10:55:16 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/02/2008
Kaspersky Anti-Virus database records: 574778

---

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 62224
Number of viruses found: 1
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 01:12:03
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\ABC\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\ABC\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\ABC\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\ABC\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ABC\Local Settings\History\History.IE5\MSHist012008022120080222\index.dat Object is locked skipped
C:\Documents and Settings\ABC\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ABC\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\ABC\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dd.exe.vir/data.rar/svchest.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dd.exe.vir/data.rar/svchest.exe/data.rar Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dd.exe.vir/data.rar/svchest.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dd.exe.vir/data.rar Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dd.exe.vir RarSFX: infected - 4 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP276\A0163502.exe/data.rar/svchest.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP276\A0163502.exe/data.rar/svchest.exe/data.rar Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP276\A0163502.exe/data.rar/svchest.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP276\A0163502.exe/data.rar Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP276\A0163502.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP288\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\PASSAT.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8174BA8D-7763-46A4-9453-8E8674968D37}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_6ec.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT00a8d.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT067ee.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

Hijackthis Report

Logfile of HijackThis v1.99.1
Scan saved at 10:58:57 PM, on 2/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Zonealarm\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Zonealarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O8 - Extra context menu item: &Yahoo! Search - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BF18E48-E9F1-417C-9F3E-D03CA06BB183}: NameServer = 84.203.254.34,84.203.255.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BF18E48-E9F1-417C-9F3E-D03CA06BB183}: NameServer = 84.203.254.34,84.203.255.34
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Trogan

Hi,

Everything looks good.

How is the computer?

creative

Computer is fine . you rescued from a disaster . Thanks for your help
couple query's

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP276\A0163502.exe/data.rar/svchest.exe/data.rar Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP276\A0163502.exe/data.rar/svchest.exe Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP276\A0163502.exe/data.rar Infected: Trojan-Downloader.Win32.Small.hrb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP276\A0163502.exe RarSFX: infected - 4 skipped

is this any Trojan ? how can i remove these? in Kalspersky report 10 objects reported as infected . can you please shed some light here?

Trogan

Hi,

Those are infected System Restore points. We will clean them in a few minutes, but first click Start > Run > type: combofix /u > Press OK. This will uninstall ComboFix.

CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
Go to Start > Run > type control sysdm.cpl,,4 & press Enter

• Tick on the checkbox - Turn off System Restore on all drives
• Click Apply

Turn it back 'On' by unticking the same checkbox & click OK

Let me know if there is anything I can help with, or if we can mark this resolved.

creative

Thanks Trogan . Everything looks fine . Computer working fine ... :Rocker:Please mark this as resolved!

Trogan

You're welcome!

This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own Thread instead (grin)