Jump to content

smokenfog

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hey! First of all i really appreciate u guys for helping us out about dealing with these viruses and malware problems ... Am here because recently my PC got infected with some virus that randomly deleted many media files on my PC, it disabled my Task manager and Regedit, My PC is running very slow and CPU fan is always running at its full speed ... I tried scanning my PC with Avg and NOD32 anti Virus, both showed nothing ... I ll really appreciate if someone help me out here by telling me how to get rid of this virus ... Here is my Highjack This Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:56:58 AM, on 12/17/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\RTHDCPL.EXE D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\config\winlogon.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe D:\Program Files\DU Meter\DUMeter.exe D:\Program Files\uTorrent\utorrent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\wuauclt.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - d:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - d:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "d:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [services] C:\WINDOWS\system32\config\winlogon.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Nokia.PCSync] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\utorrent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [L09AXLRD_19446687] "D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Append to existing PDF - res://d:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://d:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://d:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://d:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://d:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://d:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://d:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://d:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9713 bytes Thanks in advance ...
  2. Hey! Panda Active Scan Result Incident Status Location Adware:Adware/WinAntiVirus2007 Not disinfected C:\WINDOWS\system32\vtutu.dll Adware:adware/whenusearch Not disinfected Windows Registry Adware:adware/sbsoft Not disinfected Windows Registry Spyware:Cookie/Go Not disinfected C:\Documents and Settings\shahzad\Cookies\shahzad@go[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\shahzad\Cookies\shahzad@statcounter[1].txt Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\shahzad\Desktop\spynomore[1].v2.36.full\ComboFix.exe[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\shahzad\Desktop\spynomore[1].v2.36.full\ComboFix.exe[nircmd.cfexe] Virus:Generic Malware Not disinfected C:\Documents and Settings\shahzad\Desktop\spynomore[1].v2.36.full\spynomore.v2.36.full\spynomore.exe[snmIeGuard.dll] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\shahzad\Desktop\spynomore[1].v2.36.full\VirtumundoBeGone.exe Virus:Generic Malware Disinfected C:\Documents and Settings\shahzad\My Documents\201e32c1360d7583a32bcd97e796c97001d\SpyHunter_v2.9_Patch_by_AT4RE\SpyHunter.2.9\Patch After Upgarding\spyhunter.2.9_Patch2.exe Virus:Generic Malware Disinfected C:\Documents and Settings\shahzad\My Documents\201e32c1360d7583a32bcd97e796c97001d\SpyHunter_v2.9_Patch_by_AT4RE\SpyHunter.2.9\SpyHunter.2.9_Patch1.exe Virus:Generic Malware Not disinfected C:\Documents and Settings\shahzad\My Documents\Vundo_Trojan_Removal_Tools_and_Removal_Procedures\Vundo Trojan Removal Tools and Removal Procedures\spynomore[1].v2.36.full.rar[spynomore.v2.36.full\spynomore.exe][snmIeGuard.dll] Adware:Adware/WhenUSearch Not disinfected C:\Program Files\DAEMON Tools SearchBar\search.dll Virus:Generic Malware Disinfected C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.2.9_Patch1.exe Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLER\S-1-5-21-1085031214-823518204-725345543-1003\Dc31.exe[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLER\S-1-5-21-1085031214-823518204-725345543-1003\Dc31.exe[nircmd.cfexe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe Potentially unwanted tool:Application/ErrorSafe Not disinfected D:\Program Files\DAP\DAP.EXE Virus:Trj/Multidropper.RGN Not disinfected D:\Softwares\mpp-800-full.exe[darkenginex.dll] Hacktool:HackTool/Zapgon.A Not disinfected D:\Softwares\mpp-800-full.exe[stdio.dll] Latest Hijackthis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:01:57 AM, on 12/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Bonjour\mDNSResponder.exe E:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DU Meter\DUMeterSvc.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KOCOM KMC-90 Web Camera O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] E:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121307 serial=dr12wef-5646037-wec lang=EN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\uuarjycd.exe O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - d:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{46DDB60D-705F-46FD-88CF-9BCB2A2231EE}: NameServer = 203.135.0.70,203.135.1.117 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 10559 bytes I did everything u said ... installed and deleted internet files with ccleaner as well. am waiting for further instructions.
  3. The problem why i am here is that when my PC starts, my antivirus NOD32 detects a threat and suggests me to delete the file ... threat is c:\windows\system32\opnljge.dll .... i deleted it many times but it came back again n again n i got this error after every 2 sec if NOD32 is running. You asked me to provide 3 reports ... i provided all, am thankful that u r helpin me and waitin for further instructions.
  4. AVG Anti-Spyware - Scan Report--------------------------------------------------------- + Created at: 7:59:23 AM 11/29/2007 + Scan result: C:\Documents and Settings\shahzad\Cookies\shahzad@pandasoftware.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\shahzad\Cookies\shahzad@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. ::Report end {Took action and deleted both as u said n program suggested} PandaActive Scan Incident Status Location Potentially unwanted tool:Application/ErrorSafe Not disinfected D:\Program Files\DAP\DAP.EXE Adware:adware/fastlook Not disinfected Windows Registry Adware:adware/whenusearch Not disinfected Windows Registry Adware:adware/sbsoft Not disinfected Windows Registry Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\shahzad\Desktop\ComboFix.exe[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\shahzad\Desktop\ComboFix.exe[nircmd.cfexe] Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\shahzad\My Documents\Download_Accelerator_Plus_v8.5.5.5_Premium___Crack\Download_Accelerator_Plus_v8.5.5.5_Premium___Crack\CRACK\DAP.exe Adware:Adware/WhenUSearch Not disinfected C:\Program Files\DAEMON Tools SearchBar\search.dll Virus:Trj/Downloader.RHX Disinfected C:\WINDOWS\17PHolmes1061.exe Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe Virus:Trj/Multidropper.RGN Not disinfected D:\Softwares\mpp-800-full.exe[darkenginex.dll] Hacktool:HackTool/Zapgon.A Not disinfected D:\Softwares\mpp-800-full.exe[stdio.dll] Virus:Trj/Multidropper.RGN Disinfected D:\MPP\SYSTEM\darkengine\darkenginex.dll Hacktool:HackTool/Zapgon.A Not disinfected D:\MPP\SYSTEM\VOICE\STDIO.DLL HiJack This scan Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:50:46 AM, on 11/29/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\DU Meter\DUMeterSvc.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Eset\nod32krn.exe E:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DU Meter\DUMeter.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe D:\Program Files\DAP\DAP.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KOCOM KMC-90 Web Camera O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] E:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121307 serial=dr12wef-5646037-wec lang=EN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [AAWTray] D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - d:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{46DDB60D-705F-46FD-88CF-9BCB2A2231EE}: NameServer = 203.135.0.70,203.135.1.117 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 10842 bytes i posted all three reports ... waiting for your further instructions ...
  5. Hey! I've this virus( Win32/Adware.Virtumonde application ) and its alwalys poping up even i press delete in NOD32 it come out again. I visited some threads and downloaded "Combo Fix" here is its log report ... i really need urgent help, i ll really appreciate ur time. Thanks in Advance ComboFix 07-11-29.2 - shahzad 2007-11-29 3:18:28.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.600 [GMT 5:00] Running from: C:\Documents and Settings\shahzad\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\drsmartload.exe C:\WINDOWS\system32\hgjlm.bak1 C:\WINDOWS\system32\hgjlm.bak2 C:\WINDOWS\system32\hgjlm.ini C:\WINDOWS\system32\hgjlm.ini2 C:\WINDOWS\system32\hgjlm.tmp C:\WINDOWS\system32\mljgh.dll C:\WINDOWS\system32\winsys.exe . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))) . 2007-11-29 03:11 . 2007-11-29 03:11 <DIR> d-------- C:\VundoFix Backups 2007-11-28 01:46 . 2007-11-28 01:46 <DIR> d-------- C:\Program Files\MegauploadToolbar 2007-11-28 01:46 . 2007-11-28 01:56 <DIR> d-------- C:\Documents and Settings\shahzad\Application Data\MegauploadToolbar 2007-11-28 01:11 . 2007-11-28 01:11 <DIR> d--h----- C:\WINDOWS\PIF 2007-11-27 07:38 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-11-27 07:38 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-11-27 07:38 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-11-27 07:32 . 2007-11-28 15:10 <DIR> d-------- C:\Program Files\DAEMON Tools SearchBar 2007-11-27 07:31 . 2007-11-27 07:31 <DIR> d-------- C:\Program Files\DAEMON Tools 2007-11-27 07:27 . 2007-11-27 07:27 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-11-27 06:47 . 2007-11-27 06:47 <DIR> d-------- C:\Program Files\Symantec 2007-11-27 05:26 . 2007-11-27 05:26 <DIR> d--hs---- C:\FOUND.019 2007-11-27 03:24 . 2007-11-27 03:24 38,400 --a------ C:\WINDOWS\system32\opnljge.dll 2007-11-26 22:37 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2007-11-26 22:37 . 2007-11-26 22:37 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2007-11-26 22:37 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2007-11-26 22:37 . 2007-11-26 22:37 22,328 --a------ C:\Documents and Settings\shahzad\Application Data\PnkBstrK.sys 2007-11-26 22:36 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2007-11-26 22:36 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-11-26 22:36 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2007-11-26 22:36 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2007-11-24 03:53 . 2007-11-24 03:53 <DIR> d-------- C:\Documents and Settings\shahzad\Incomplete 2007-11-24 03:53 . 2007-11-24 03:53 <DIR> d-------- C:\Documents and Settings\shahzad\Application Data\LimeWire 2007-11-24 03:52 . 2007-11-24 03:52 <DIR> d-------- C:\Documents and Settings\shahzad\Application Data\MSNInstaller 2007-11-20 04:20 . 2007-11-20 04:20 <DIR> d--hs---- C:\FOUND.018 2007-11-15 04:06 . 2007-11-15 04:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies 2007-11-14 16:32 . 2007-11-14 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-14 03:29 . 2007-11-14 03:29 <DIR> d--hs---- C:\FOUND.017 2007-11-13 18:50 . 2007-11-28 17:56 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-11-13 18:49 . 2007-11-28 17:56 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-11-13 18:49 . 2007-11-27 07:58 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-11-12 23:46 . 2007-11-12 23:46 <DIR> d-------- C:\Documents and Settings\shahzad\Application Data\IGN_DLM 2007-11-10 20:15 . 2007-11-10 20:15 <DIR> d-------- C:\Documents and Settings\shahzad\Application Data\Palo Alto Software 2007-11-10 20:14 . 2007-11-10 20:14 <DIR> d-------- C:\Program Files\Common Files\Palo Alto Software 2007-11-10 20:14 . 2007-11-10 20:14 <DIR> d-------- C:\Program Files\Common Files\Intuit 2007-11-10 20:13 . 2007-11-10 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Palo Alto Software 2007-11-10 00:03 . 2007-11-10 00:03 <DIR> d-------- C:\Documents and Settings\shahzad\Application Data\AdobeUM 2007-11-10 00:01 . 2007-11-10 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2007-11-09 23:59 . 2007-11-09 23:59 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-11-09 21:35 . 2007-11-09 21:35 <DIR> d--hs---- C:\FOUND.016 2007-11-09 06:04 . 2007-11-09 06:04 <DIR> d-------- C:\Program Files\Common Files\Palo Alto Software Inc 2007-11-09 06:04 . 2007-11-09 06:04 <DIR> d-------- C:\Documents and Settings\shahzad\Application Data\Palo Alto Software Inc 2007-11-09 06:04 . 2007-11-09 06:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Palo Alto Software Inc 2007-11-08 19:48 . 2007-11-08 19:48 <DIR> d-------- C:\Program Files\Hamachi 2007-11-05 18:19 . 2007-11-05 18:19 <DIR> d-------- C:\Program Files\Java 2007-11-05 18:19 . 2007-11-05 18:19 <DIR> d-------- C:\Program Files\Common Files\Java 2007-11-05 18:19 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-11-04 19:54 . 2007-11-04 19:54 <DIR> d-------- C:\Program Files\Reallusion 2007-11-04 19:54 . 2007-11-04 19:54 <DIR> d-------- C:\Documents and Settings\shahzad\Application Data\Reallusion 2007-11-04 19:54 . 2007-11-04 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2007-11-04 19:54 . 2007-05-23 18:28 5,627,904 --a------ C:\WINDOWS\system32\RLVirDev.ocx 2007-11-04 19:54 . 2006-05-16 11:58 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl 2007-11-04 19:53 . 2007-11-04 19:53 <DIR> d-------- C:\Documents and Settings\shahzad\Application Data\InstallShield 2007-11-03 05:44 . 2007-11-03 05:44 <DIR> d--hs---- C:\FOUND.015 2007-11-02 23:46 . 2007-11-02 23:46 <DIR> d--hs---- C:\FOUND.014 2007-11-01 13:17 . 2007-11-01 13:17 <DIR> d-------- C:\Documents and Settings\shahzad\Application Data\Camfrog 2007-11-01 13:16 . 2007-11-01 13:16 <DIR> d-------- C:\Program Files\Camfrog 2007-10-29 17:54 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-26 22:24 32,764 ----a-w C:\WINDOWS\17PHolmes1061.exe 2007-11-12 00:31 5,755 ----a-w C:\Program Files\install.log 2007-11-08 14:48 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-10-26 00:45 --------- d-----w C:\Program Files\IE7Pro 2007-10-26 00:45 --------- d-----w C:\Documents and Settings\shahzad\Application Data\IE7Pro 2007-10-26 00:40 --------- d-----w C:\Documents and Settings\shahzad\Application Data\Skype 2007-10-26 00:39 --------- d-----w C:\Program Files\Skype 2007-10-26 00:39 --------- d-----w C:\Program Files\Common Files\Skype 2007-10-26 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-10-25 15:12 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-25 15:12 --------- d--h--r C:\Documents and Settings\shahzad\Application Data\SecuROM 2007-10-24 11:44 --------- d-----w C:\Documents and Settings\shahzad\Application Data\Move Networks 2007-10-22 12:08 --------- d-----w C:\Documents and Settings\shahzad\Application Data\Hamachi 2007-10-21 20:26 --------- d-----w C:\Documents and Settings\shahzad\Application Data\Paltalk 2007-10-21 19:51 --------- d-----w C:\Documents and Settings\shahzad\Application Data\Media Player Classic 2007-10-19 10:03 --------- d-----w C:\Program Files\D-Link 2007-10-15 23:54 --------- d-----w C:\Documents and Settings\shahzad\Application Data\ImTOO Software Studio 2007-10-15 23:51 --------- d-----w C:\Program Files\ImTOO 2007-10-02 02:54 --------- d-----w C:\Program Files\Google 2007-10-02 02:53 --------- d-----w C:\Program Files\DivX . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17B88DF7-95AB-44DA-8ECD-5FF0B6CAEC67}] 2007-11-27 03:24 38400 --a------ C:\WINDOWS\system32\opnljge.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2007-11-15 04:08] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2006-06-01 01:22 C:\WINDOWS\system32\nwiz.exe] "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-17 17:15] "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-16 18:37] "NvMediaCenter"="RunDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe] "PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10] "BigDogPath"="C:\WINDOWS\VM_STI.exe" [2002-08-22 11:51] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-28 01:01] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-28 01:15] "CorelDRAW Graphics Suite 11b"="E:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24] "iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "Acrobat Assistant 7.0"="D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12] "AAWTray"="D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shell executehooks] "{17B88DF7-95AB-44DA-8ECD-5FF0B6CAEC67}"= C:\WINDOWS\system32\opnljge.dll [2007-11-27 03:24 38400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnljge] opnljge.dll 2007-11-27 03:24 38400 C:\WINDOWS\system32\opnljge.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljgh.dll R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService S3 SetupNTGLM7X;SetupNTGLM7X;\??\G:\NTGLM7X.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{f9d737cd-00b6-11d6-9242-cd0025804551}] \Shell\AutoRun\command - RavMon.exe \Shell\explore\Command - RavMon.exe -e \Shell\open\Command - RavMon.exe . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-29 03:26:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\DUMeterSvc] "ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\CrystalSysInfo] "ImagePath"="\??\C:\WINDOWS\system32\SysInfo.sys" . Completion time: 2007-11-29 3:29:25 - machine was rebooted . --- E O F --- i need instructions abt what to do next, coz problem is still there. Am waiting for ur kind replies.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.