malware problem on my laptop

pankaj phull · October 15, 2009

Dear Experts,

i am new to this forum and tried browsing to find the way to remove any infection onn my laptop, I would really appreciate if some expert could advice me the the solution asit had slowed down my laptop.

the log file is uploaded for your considerateion.....desperate to get some solution..thanks in advance.

pankaj

log file is as below....

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:20:04 PM, on 10/15/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

C:\Program Files\Wave Systems Corp\Common\DataServer.exe

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe

C:\WINDOWS\system32\winvnc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

C:\WINDOWS\vsnpstd3.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\ppl01207\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedit.myway.com/samisc/dellsidebar.jhtml

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.hybis.info/Pages/default.aspx

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.160.20.14:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;*.hybis.info;hybis.info;*.ukr.local;<local>

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [vusajojon] Rundll32.exe "c:\windows\system32\halihupe.dll",a

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ppl01207\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AbacastDistributedOnDemand:11] C:\Documents and Settings\ppl01207\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe -r:11 -x:0

O4 - HKCU\..\Policies\Explorer\Run: [1] iexplore home.hybis.info

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} (RSClientPrint 2005 Class) - http://reports.hybis.info/Reports/Reserved...OpType=PrintCab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - https://customers.salik.ae/app/Reserved.Rep...OpType=PrintCab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mer.local

O17 - HKLM\Software\..\Telephony: DomainName = mer.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mer.local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mer.local

O20 - AppInit_DLLs: wxvault.dll C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll c:\windows\system32\kimulizi.dll c:\windows\system32\halihupe.dll,norefose.dll

O21 - SSODL: watajitiy - {151345d4-112e-4972-83f9-fde5f466b92c} - (no file)

O21 - SSODL: wozedeliz - {e6824a04-22b7-41cc-81b6-281f75d1e98b} - c:\windows\system32\halihupe.dll

O22 - SharedTaskScheduler: tokatiluy - {151345d4-112e-4972-83f9-fde5f466b92c} - (no file)

O22 - SharedTaskScheduler: jugezatag - {e6824a04-22b7-41cc-81b6-281f75d1e98b} - c:\windows\system32\halihupe.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Update Service (gupdate1c9ddc559b2b9ef) (gupdate1c9ddc559b2b9ef) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe

O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE

O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kaspersky Network Agent (klnagent) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TridiaVNC Server (winvnc) - Tridia Corporation - C:\WINDOWS\system32\winvnc.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

O24 - Desktop Component 1: (no name) - http://home.hybis.info/ADT/ActDesktop.aspx

--

End of file - 10881 bytes

sUBs · October 15, 2009

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that.

pankaj phull · October 18, 2009

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Post the log from ComboFix when you've accomplished that.

Dear Elite,

please find below the log of combofix and advice further waiting for your help, thanx

ComboFix 09-10-16.09 - ppl01207 10/18/2009 10:55.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.501.1033.18.1526.849 [GMT 4:00]

Running from: c:\documents and settings\ppl01207\Desktop\ComboFix.exe

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Anti-Virus *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\ppl01207\Local Settings\Temporary Internet Files\plot.log

c:\program files\WinPCap

c:\program files\WinPCap\INSTALL.LOG

c:\program files\WinPCap\Uninstall.exe

c:\windows\Installer\2119b01.msp

c:\windows\Installer\cae1.msi

c:\windows\Installer\cafb.msi

c:\windows\Installer\dbb18.msi

c:\windows\system32\axaltocm.dll

c:\windows\system32\balifeze.dll

c:\windows\system32\bekozije.dll

c:\windows\system32\bijapeka.dll

c:\windows\system32\drivers\npf.sys

c:\windows\system32\gedogeye.dll

c:\windows\system32\hamobaku.exe

c:\windows\system32\Ijl11.dll

c:\windows\system32\jisagade.dll

c:\windows\system32\koyagahu.dll

c:\windows\system32\lokubaja.exe

c:\windows\system32\ludizibi.exe

c:\windows\system32\mssrv32.exe

c:\windows\system32\norefose.dll

c:\windows\system32\nunuluna.dll

c:\windows\system32\oledb32.dll

c:\windows\system32\Packet.dll

c:\windows\system32\pawebehe.dll

c:\windows\system32\peyedibe.dll

c:\windows\system32\pimufowi.exe

c:\windows\system32\relugane.exe

c:\windows\system32\ronihuni.dll

c:\windows\system32\ruziveki.exe

c:\windows\system32\satevowa.dll

c:\windows\system32\seduvumo.dll

c:\windows\system32\sejuvoma.exe

c:\windows\system32\setup.ini

c:\windows\system32\sinebewa.dll

c:\windows\system32\vawokiwe.dll

c:\windows\system32\winword.exe

c:\windows\system32\wiwijadu.exe

c:\windows\system32\wpcap.dll

c:\windows\system32\yopareza.exe

c:\windows\system32\yopufuju.exe

c:\windows\system32\zufanuwo.dll

c:\windows\system32\zupikure.dll

----- BITS: Possible infected sites -----

hxxp://esupport.contactcentre.ae

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MSUPDATE

-------\Service_msupdate

((((((((((((((((((((((((( Files Created from 2009-09-18 to 2009-10-18 )))))))))))))))))))))))))))))))

.

2009-10-15 12:21 . 2009-10-15 12:21 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2009-10-15 12:19 . 2009-10-15 12:19 -------- d-----w- c:\documents and settings\gll01377a\Application Data\Malwarebytes

2009-10-15 12:19 . 2009-09-10 10:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-15 12:19 . 2009-09-10 10:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-15 12:15 . 2009-10-15 12:15 -------- d-----w- c:\documents and settings\gll01377a\Local Settings\Application Data\Google

2009-10-09 06:09 . 2009-10-09 06:09 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE

2009-10-06 02:57 . 2009-10-06 02:57 -------- d-----w- c:\program files\avsysinfo

2009-10-06 02:44 . 2005-11-07 05:42 3624960 ----a-w- c:\windows\system32\mkgpmp.exe

2009-10-06 02:44 . 2002-01-05 08:48 974848 ----a-w- c:\windows\system32\mfc70.dll

2009-10-06 02:44 . 2002-01-05 07:40 487424 ----a-w- c:\windows\system32\msvcp70.dll

2009-10-06 02:44 . 2005-07-09 07:27 61440 ----a-w- c:\windows\system32\cygz.dll

2009-10-06 02:44 . 2005-07-03 05:30 1295582 ----a-w- c:\windows\system32\cygwin1.dll

2009-10-06 02:32 . 2009-10-06 02:44 87 ----a-w- c:\windows\system32\buyurl0502.dat

2009-10-05 02:48 . 2009-10-05 02:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-10-01 07:30 . 2009-10-01 07:30 -------- d-----w- c:\documents and settings\ppl01207\Application Data\Malwarebytes

2009-10-01 06:53 . 2009-10-01 06:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-10-01 06:53 . 2009-10-01 06:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-01 06:53 . 2009-10-15 16:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-01 06:51 . 2009-10-01 06:51 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-09-26 15:59 . 2009-09-26 15:59 -------- d-----w- c:\documents and settings\ppl01207\Local Settings\Application Data\AbacastDistributedOnDemand

2009-09-26 15:58 . 2009-09-26 15:59 -------- d-----w- c:\documents and settings\ppl01207\Local Settings\Application Data\Abacast

2009-09-18 12:36 . 2009-09-18 12:36 -------- d-----w- c:\documents and settings\ppl01207\Application Data\Office Genuine Advantage

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-18 07:09 . 2007-11-21 09:29 5915424 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-10-18 07:08 . 2007-11-21 09:30 108433952 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-10-18 07:05 . 2007-11-21 09:30 1497944 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-10-18 07:05 . 2007-11-21 09:29 597284 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-10-18 07:05 . 2008-06-26 08:23 2484 ----a-w- c:\windows\bthservsdp.dat

2009-10-18 02:28 . 2007-11-21 09:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-10-17 09:48 . 2008-12-21 05:18 -------- d-----w- c:\documents and settings\ppl01207\Application Data\Wave Systems Corp

2009-10-15 12:32 . 2006-05-24 06:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Wave Systems Corp

2009-10-14 13:21 . 2007-11-21 09:30 95259 ----a-w- c:\windows\system32\drivers\klick.dat

2009-10-14 13:21 . 2007-11-21 09:30 108059 ----a-w- c:\windows\system32\drivers\klin.dat

2009-10-13 06:43 . 2006-11-13 08:24 -------- d-----w- c:\program files\CapdetWorks

2009-10-13 06:43 . 2006-04-11 18:07 -------- d-----w- c:\program files\Apoint

2009-10-13 06:38 . 2008-12-21 06:39 124456 ----a-w- c:\documents and settings\ppl01207\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-11 15:08 . 2008-05-17 07:12 -------- d-----w- c:\program files\Hotspot Shield

2009-10-06 02:57 . 2006-04-11 18:23 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-10-06 02:18 . 2008-06-13 13:00 -------- d-----w- c:\program files\K-Lite Codec Pack

2009-10-05 17:13 . 2009-02-04 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995

2009-09-21 03:36 . 2008-12-21 05:20 -------- d-----w- c:\documents and settings\ppl01207\Application Data\InterVoip

2009-09-18 06:44 . 2008-06-18 03:58 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-15 20:04 . 2009-09-15 20:04 32768 ----a-w- c:\windows\system32\drivers\taphss.sys

2009-09-15 20:04 . 2009-04-10 05:46 37376 ----a-w- c:\windows\system32\drivers\hssdrv.sys

2009-09-05 01:46 . 2008-12-21 05:20 -------- d-----w- c:\documents and settings\ppl01207\Application Data\Azureus

2009-09-04 17:59 . 2008-08-31 18:03 -------- d-----w- c:\program files\Vuze

2009-08-23 16:28 . 2009-08-23 16:28 -------- d-----w- c:\documents and settings\ppl01207\Application Data\ALK Technologies

2009-08-13 10:36 . 2006-04-11 18:28 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys

2009-08-05 09:01 . 2004-08-11 16:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-03 11:07 . 2009-08-03 11:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll

2009-08-03 11:07 . 2009-08-03 11:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll

2009-08-03 11:07 . 2009-08-03 11:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

2009-08-02 05:00 . 2009-08-02 05:00 0 ----a-w- c:\windows\system32\cd.dat

2009-07-22 19:13 . 2009-07-15 00:01 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

2009-10-11 15:08 218160 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\ppl01207\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-26 133104]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"AbacastDistributedOnDemand:11"="c:\documents and settings\ppl01207\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" [2009-04-15 54712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]

"1"="iexplore home.hybis.info" [X]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ppl01207^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]

path=c:\documents and settings\ppl01207\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk

backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ModemOnHold"=c:\program files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"

"Apoint"=c:\program files\Apoint\Apoint.exe

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=

"c:\\Program Files\\ActionVoip.com\\ActionVoip\\ActionVoip.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Documents and Settings\\ppl01207\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\ppl01207\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"=

"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"15000:UDP"= 15000:UDP:Kaspersky Administration Kit

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [9/16/2009 12:04 AM 331824]

R2 klnagent;Kaspersky Network Agent;c:\program files\Kaspersky Lab\NetworkAgent\klnagent.exe [10/2/2007 1:50 PM 95120]

R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [4/10/2009 9:46 AM 37376]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/30/2007 6:49 PM 24344]

R3 taphss;Anchorfree HSS Adapter;c:\windows\system32\drivers\taphss.sys [9/16/2009 12:04 AM 32768]

S2 gupdate1c9ddc559b2b9ef;Google Update Service (gupdate1c9ddc559b2b9ef);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2009 9:46 AM 133104]

S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [9/16/2009 12:29 AM 57640]

S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [7/15/2009 4:01 AM 28592]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-10-09 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 11:17]

2009-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 05:46]

2009-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 05:46]

2009-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-334388043-4023017856-1301403235-13890Core.job

- c:\documents and settings\ppl01207\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-15 05:46]

2009-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-334388043-4023017856-1301403235-13890UA.job

- c:\documents and settings\ppl01207\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-15 05:46]

2009-10-18 c:\windows\Tasks\User_Feed_Synchronization-{CDF6DF62-C459-4BB3-A2C6-77C753716834}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 00:31]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://home.hybis.info/Pages/default.aspx

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = 10.*;*.hybis.info;hybis.info;*.ukr.local;<local>

uInternet Settings,ProxyServer = 10.160.20.14:8080

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll

DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxp://reports.hybis.info/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=fnx5smadeqddzgfymt0ysl55&ControlID=686a8f0e7dc34d5c9f7b2d874fab9050&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab

.

- - - - ORPHANS REMOVED - - - -

BHO-{f58cc31d-c0e6-4542-8e53-172acbdaa556} - seduvumo.dll

Toolbar-Locked - (no file)

HKLM-Run-vusajojon - c:\windows\system32\zufanuwo.dll

HKLM-Run-fikatotuja - satevowa.dll

SharedTaskScheduler-{151345d4-112e-4972-83f9-fde5f466b92c} - (no file)

SharedTaskScheduler-{448a0f21-1b21-46ff-a92c-1bbbb4543ca9} - c:\windows\system32\zufanuwo.dll

SSODL-watajitiy-{151345d4-112e-4972-83f9-fde5f466b92c} - (no file)

SSODL-webefadoh-{448a0f21-1b21-46ff-a92c-1bbbb4543ca9} - c:\windows\system32\zufanuwo.dll

AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-18 11:09

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,ea,8c,43,13,56,68,42,bb,68,4f,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,ea,8c,43,13,56,68,42,bb,68,4f,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1084)

c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1140)

c:\windows\system32\wvauth.dll

c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(3740)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKEEPER.exe

c:\windows\system32\scardsvr.exe

c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

c:\program files\Wave Systems Corp\common\DataServer.exe

c:\program files\Hotspot Shield\bin\openvpnas.exe

c:\program files\Dell\OpenManage\Client\Iap.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe

c:\windows\system32\WinVNC.exe

c:\windows\system32\searchindexer.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

.

**************************************************************************

.

Completion time: 2009-10-18 11:13 - machine was rebooted

ComboFix-quarantined-files.txt 2009-10-18 07:13

Pre-Run: 14,390,251,520 bytes free

Post-Run: 21,266,808,832 bytes free

289 --- E O F --- 2009-03-20 18:28

sUBs · October 18, 2009

Open NOTEPAD.exe and copy/paste the text in the codebox below:

(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"1"=-

Save this as fix.reg Choose to "Save type as - All Files"

It should look like this:

Double click on fix.reg & allow it to merge into the registry

---------------

ESET Online Scanner

Please go to the following link ESET Online Scanner Link
Tick the box YES, I accept the Terms Of Use
Click the Start button
Now click the Install button
Click Start
The scanner engine will initialise and update
Do Not tick the box Remove found threats
Click the Scan button
The scan will now run, please be patient
When the scan finishes click the Details tab
Copy and paste the contents of the C:\Program Files\EsetOnlineScanner\log.txt back here.

pankaj phull · October 20, 2009

Open NOTEPAD.exe and copy/paste the text in the codebox below:
(don't forget to copy and paste REGEDIT4)
REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"1"=-
Save this as fix.reg Choose to "Save type as - All Files"
It should look like this:
Double click on fix.reg & allow it to merge into the registry
---------------
ESET Online Scanner
Please go to the following link ESET Online Scanner Link
Tick the box YES, I accept the Terms Of Use
Click the Start button
Now click the Install button
Click Start
The scanner engine will initialise and update
Do Not tick the box Remove found threats
Click the Scan button
The scan will now run, please be patient
When the scan finishes click the Details tab
Copy and paste the contents of the C:\Program Files\EsetOnlineScanner\log.txt back here.

sUBs · October 20, 2009

Was there something you wished to convey ?

pankaj phull · October 20, 2009

dear elite,

the log .txt file are as below for your expert advice regards,

pankaj

the log.txt contents are as :

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=6

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6050

# api_version=3.0.2

# EOSSerial=b6c9125d2a4d254fa5f41f734dbe950b

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-10-20 06:42:40

# local_time=2009-10-20 10:42:40 (+0400, Arabian Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# scanned=110611

# found=19

# cleaned=0

# scan_time=4180

C:\Hyder DETAIL projects\INSTALLERS\PowerISO 4.2\Keygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

C:\Hyder DETAIL projects\PK Personal\My Documents from toshiba\general folder\TEEN\vOxS3Dsxv2el folder\Oxin's Style! 3D Sexvilla 2 2.053.001.exe a variant of Win32/Packed.Themida application 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\balifeze.dll.vir a variant of Win32/Kryptik.AWO trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\bekozije.dll.vir a variant of Win32/Kryptik.AWO trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\bijapeka.dll.vir a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\gedogeye.dll.vir a variant of Win32/Kryptik.AWO trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\jisagade.dll.vir a variant of Win32/Kryptik.AWO trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\koyagahu.dll.vir a variant of Win32/Kryptik.AWO trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\norefose.dll.vir a variant of Win32/Kryptik.AWO trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\nunuluna.dll.vir a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\pawebehe.dll.vir a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\peyedibe.dll.vir a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\ronihuni.dll.vir a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\satevowa.dll.vir a variant of Win32/Kryptik.AWO trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\seduvumo.dll.vir a variant of Win32/Kryptik.AWO trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\sinebewa.dll.vir a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\vawokiwe.dll.vir a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\zufanuwo.dll.vir a variant of Win32/Kryptik.AWO trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\zupikure.dll.vir a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I

sUBs · October 20, 2009

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
"C:\Hyder DETAIL projects\INSTALLERS\PowerISO 4.2\Keygen.exe"
"C:\Hyder DETAIL projects\PK Personal\My Documents from toshiba\general folder\TEEN\vOxS3Dsxv2el folder\Oxin's Style! 3D Sexvilla 2 2.053.001.exe"
) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
for %%g in (
"%systemdrive%\VundoFix Backups"
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else Nircmd infobox "Deleted Successfully !!" ""
del %0

Save this as fix.bat Choose to "Save type as - All Files"

It should look like this:

Double click on fix.bat & allow it to run

Post back to tell me what it says

pankaj phull · October 21, 2009

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
"C:\Hyder DETAIL projects\INSTALLERS\PowerISO 4.2\Keygen.exe"
"C:\Hyder DETAIL projects\PK Personal\My Documents from toshiba\general folder\TEEN\vOxS3Dsxv2el folder\Oxin's Style! 3D Sexvilla 2 2.053.001.exe"
) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
for %%g in (
"%systemdrive%\VundoFix Backups"
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else Nircmd infobox "Deleted Successfully !!" ""
del %0

Save this as fix.bat Choose to "Save type as - All Files"

It should look like this:

Double click on fix.bat & allow it to run

Post back to tell me what it says

Dear Elite,

After the process described above it showd me CMD (black color) window and window named "ERROR"

which says "deleted Successfully" with "OK " button.

I clicked "OK" button.

Hope i did it in right way, and all well that ends well.....

really very thankful to YOU & this forum for their extreme help and support.

please guide me further if any thing required....

Best regards,

Pankaj

sUBs · October 21, 2009

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

Uninstall ComboFix ... do not skip this step
This process will perform some post cleanup measures.
Do this by going to to Start > Run & typing in ComboFix /U
ANTIVIRUS SOFTWARE
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Microsoft Windows Update → http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://www.spywareinfoforum.com/index.php?showtopic=60955

After doing all these, your system will be optimised against future threats.

.

Have a safe & happy computing day.

Kindly respond to this thread once more so we can mark this thread as resolved.

pankaj phull · October 21, 2009

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:
Uninstall ComboFix ... do not skip this step
This process will perform some post cleanup measures.
Do this by going to to Start > Run & typing in ComboFix /U
ANTIVIRUS SOFTWARE
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Microsoft Windows Update → http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://www.spywareinfoforum.com/index.php?showtopic=60955
After doing all these, your system will be optimised against future threats.
.
Have a safe & happy computing day.
Kindly respond to this thread once more so we can mark this thread as resolved.

Dear Mr. Elite

Thanks a million time.....

Every thing went as smooth and your expert guidelines had made me more alert and experienced to tackle future problems for malware.....

really appreciate for your prompt replies nad able guidance,

keep up good works....

BBYE

Thanks.

Pankaj

malware problem on my laptop

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information