i was attacked by the "installprivacyprotectorfree ,error cleaner ,privacy protector "
now my background has vanished and turned white.im trying to load the the background but it does not come on the desktop.when i try to right click on the desktop and click properties a general window opens. on it shows
protocal file protocol
type firefox document
connection not encryted
address file://D:\WINDOWS\privacy_danger\index.htm

im sending in the log file of hijack this please help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:22 PM, on 7/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\RunDll32.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\System32\svchost.exe
D:\Documents and Settings\anand manjrekar\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://195.225.177.206/preconfirm.php?sid=500&aid=223&said=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PCQuest
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] D:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=072207 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.pcquest.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O24 - Desktop Component 0: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm

--
End of file - 4106 bytes

Please do these scans and post results...

Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.zip) (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall...

Use as many posts as needed to post complete logs...

report of SMITFRAUDFIX:


SmitFraudFix v2.204

Scan done at 10:11:02.93, Tue 07/17/2007
Run from F:\smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\RunDll32.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Shareaza\Shareaza.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» D:\


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\anand manjrekar


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\anand manjrekar\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\ANANDM~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///D:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6BF5297D-7372-40BC-9A52-F3C8AE398CDB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6BF5297D-7372-40BC-9A52-F3C8AE398CDB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

report of COMBOFIX:

"anand manjrekar" - 2007-07-17 10:16:25 - ComboFix 07-07-14.6 - Service Pack 2 FAT32


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\DOCUME~1\ANANDM~1\FAVORI~1.\Error Cleaner.url
D:\DOCUME~1\ANANDM~1\FAVORI~1.\Privacy Protector.url
D:\DOCUME~1\ANANDM~1\FAVORI~1.\Spyware&Malware Protection.url
D:\WINDOWS\dat.txt
D:\WINDOWS\rs.txt


((((((((((((((((((((((((( Files Created from 2007-06-17 to 2007-07-17 )))))))))))))))))))))))))))))))


2007-07-17 10:15 51,200 --a------ D:\WINDOWS\nircmd.exe
2007-07-16 19:59 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Lavasoft
2007-07-16 19:00 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-16 16:52 720,896 --a------ D:\WINDOWS\iun6002.exe
2007-07-16 16:27 <DIR> d-------- D:\Program Files\Faces
2007-07-16 13:38 <DIR> d-------- D:\Program Files\Shareaza
2007-07-16 13:38 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Shareaza
2007-07-16 11:17 95,872 --a------ D:\WINDOWS\system32\AvastSS.scr
2007-07-16 11:17 94,552 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-16 11:17 85,952 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2007-07-16 11:17 745,600 --a------ D:\WINDOWS\system32\aswBoot.exe
2007-07-16 11:17 43,176 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-16 11:17 26,888 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-16 11:17 23,416 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-16 11:17 <DIR> d-------- D:\Program Files\Alwil Software
2007-07-15 23:48 76,560 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2007-07-15 22:55 <DIR> d-------- D:\DOCUME~1\ANANDM~1\.housecall6.6
2007-07-15 21:59 <DIR> d-------- D:\WINDOWS\system32\ActiveScan
2007-07-15 21:15 2,088 --a------ D:\WINDOWS\system32\tmp.reg
2007-07-15 21:13 524,288 --ah----- D:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-15 10:57 <DIR> d---s---- D:\DOCUME~1\ANANDM~1\UserData
2007-07-15 07:31 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Help
2007-07-14 16:12 <DIR> d--hs---- D:\FOUND.003
2007-07-14 14:58 <DIR> d-------- D:\WINDOWS\pss
2007-07-14 08:29 <DIR> d--hs---- D:\FOUND.002
2007-07-13 12:09 <DIR> d--hs---- D:\FOUND.001
2007-07-11 19:58 1,835,008 --ah----- D:\DOCUME~1\ANANDM~1\NTUSER.DAT
2007-07-11 19:29 <DIR> d-------- D:\Program Files\Sauerbraten
2007-07-11 19:17 <DIR> d-------- D:\games software


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-07-10 12:04:34 1,682 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
2007-06-30 09:20:24 56 --sh--r D:\WINDOWS\system32\2055E88D54.sys
2007-06-11 18:05:04 3,880 ----a-w D:\WINDOWS\mozver.dat
2007-06-07 19:08:02 0 ----a-w D:\WINDOWS\nsreg.dat
2007-06-07 19:07:52 110,592 ----a-w D:\WINDOWS\UninstallFirefox.exe
2007-06-07 11:41:50 -------- d-----w D:\Program Files\MSXML 4.0
2007-06-06 10:23:32 -------- d-----w D:\Program Files\Common Files\Ahead
2007-06-06 10:23:28 -------- d-----w D:\Program Files\Ahead
2007-06-06 09:39:28 -------- d-----w D:\Program Files\HP
2007-06-06 09:39:24 -------- d-----w D:\Program Files\Hewlett-Packard
2007-06-03 12:03:46 -------- d-----w D:\Program Files\C-Media 3D Audio
2007-06-03 11:58:02 -------- d-----w D:\Program Files\Intel
2007-06-03 11:08:00 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-06-03 11:06:54 -------- d-----w D:\Program Files\Common Files\Corel
2007-06-03 11:05:30 -------- d-----w D:\Program Files\Corel
2007-06-03 11:04:58 -------- d-----w D:\Program Files\Common Files\InstallShield
2007-06-03 10:59:26 -------- d-----w D:\Program Files\Microsoft ActiveSync
2007-06-03 10:48:46 -------- d-----w D:\Program Files\microsoft frontpage
2007-06-03 10:46:56 -------- d--h--w D:\Program Files\WindowsUpdate
2007-06-03 10:46:10 -------- d-----w D:\Program Files\Common Files\MSSoap
2007-06-03 10:46:00 -------- d-----w D:\Program Files\Movie Maker
2007-06-03 10:45:08 21,640 ----a-w D:\WINDOWS\system32\emptyregdb.dat
2007-06-03 10:44:38 -------- d-----w D:\Program Files\Online Services
2007-06-03 10:44:32 -------- d-----w D:\Program Files\Messenger
2007-06-03 10:44:28 -------- d-----w D:\Program Files\MSN Gaming Zone
2007-06-03 10:43:56 -------- d-----w D:\Program Files\Windows NT
2007-06-03 10:34:38 -------- d-----w D:\Program Files\Common Files\ODBC
2007-06-03 10:34:34 -------- d-----w D:\Program Files\Common Files\SpeechEngines
2007-05-16 15:12:02 683,520 ----a-w D:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:16 144,896 ----a-w D:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:24 2,854,400 ----a-w D:\WINDOWS\system32\msi.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-03-02 12:02 37808 --------- D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"CorelDRAW Graphics Suite 11b"="D:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 21:12]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///D:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
D:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Updater Servc]
D:\WINDOWS\system32\xpuupdate.exe


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e0b2a526-3213-11dc-8645-806d6172696f}]
AutoRun\command- G:\AUTORUN.EXE


************************************************** ************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-17 10:17:39
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-07-17 10:18:03
D:\ComboFix-quarantined-files.txt ... 2007-07-17 10:18

--- E O F ---


there is one more problem that when i left click my mouse the copy , past , create new folder options are not highlighted. even when i click properties on the desktop im not able to get the options for changing the settings of the desktop

You have some nasty stuff there including a keylogger... Stay off of the internet as much as possible and as soon as it looks like you are clean, you are going to need to change all passwords and contact any financial company you have used over the internet to let them know your accounts have been compromised... Change account numbers where possible and put watches on any you can't change...

Run these scans to see if you can kill the pests...

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.


* Click here (http://support.f-secure.com/enu/home/ols.shtml) to use the F-Secure Online Scanner
Then click the Start Scanning button below.
You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
In case you are having problems with installing the ActiveX/starting the scan, please read here (http://support.f-secure.com/enu/home/ols-faq.shtml).
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.


Please use the Eset NOD32 Online Anti-Virus scanner and Removal Tool

Note: This tool requires the use of Internet Explorer and is Vista compatible

Please click HERE (http://www.eset.com/threat-center/cac.php) to start the process
Place a checkmark in the box beside "Terms of Service", then click "Start".
On the next scree, "Click" where prompted to install the required ActiveX Control.
Acknowledge the Security Warning in the next window by Clicking the "Install" button.
Press the "START" button on the Welcome Screen.
A download progress bar will then inform you on the status of your download.
Once the initialization is complete, place a checkmark beside "Remove found threats", then click "Scan".
When the tool has finished, under the Details Tab, you will find a list of items found and deleted.
No log will be made available for posting in your reply.

Download AVG Anti-Spyware from HERE (http://www.ewido.net/en/download/)
Install AVG Anti-Spyware
Double-click the icon on Desktop to launch AVG Anti-Spyware
You will need to update AVG Anti-Spyware to the latest definition files.
On the top of the main screen click Shield and then [active] to change it to inactive
On the top of the main screen click Update and then Start Update.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".


Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

* Click Scanner and then the Scan tab
* Click Complete System Scan to begin scanning.

Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all actions"
* Once finished, click the Save report button, then click Save Report As and save it to your Desktop. (make sure to remember where you saved that file, this is important).

Close AVG Anti-Spyware and Reboot.

Post all of the logs in a reply... The NOD32 scan won't produce a log, but it is a powerful cleaner...

REPORT OF DR.WEB CUREIT
Process.exe;D:\Documents and Settings\Administrator\Desktop\SmitfraudFix;Tool.P rockill;Incurable.Moved.
Process.exe;D:\Documents and Settings\Administrator\Desktop\SmitfraudFix;Tool.P rockill;Incurable.Moved.;
restart.exe;D:\Documents and Settings\Administrator\Desktop\SmitfraudFix;Tool.S hutDown.11;Incurable.Moved.;
A0023449.exe;D:\System Volume Information\_restore{706C20B8-11E0-4E3B-AC99-1E06C9FE2CA6}\RP55;Adware.BusMedia.30;Incurable.Mo ved.;
A0023451.dll;D:\System Volume Information\_restore{706C20B8-11E0-4E3B-AC99-1E06C9FE2CA6}\RP55;Adware.BusMedia.34;Incurable.Mo ved.;
A0023452.dll;D:\System Volume Information\_restore{706C20B8-11E0-4E3B-AC99-1E06C9FE2CA6}\RP55;Trojan.Fakealert.294;Deleted.;
A0023453.dll;D:\System Volume Information\_restore{706C20B8-11E0-4E3B-AC99-1E06C9FE2CA6}\RP55;Adware.BusMedia.33;Incurable.Mo ved.;
A0024936.exe;D:\System Volume Information\_restore{706C20B8-11E0-4E3B-AC99-1E06C9FE2CA6}\RP59;Tool.Prockill;Incurable.Moved.;
A0024946.exe;D:\System Volume Information\_restore{706C20B8-11E0-4E3B-AC99-1E06C9FE2CA6}\RP59;Trojan.DownLoader.26660;Deleted .;
Process.exe;F:\smitfraudfix\SmitfraudFix;Tool.Proc kill;Incurable.Moved.;
restart.exe;F:\smitfraudfix\SmitfraudFix;Tool.Shut Down.11;Incurable.Moved.;

COMBOFIX REPORT
"anand manjrekar" - 2007-07-17 10:16:25 - ComboFix 07-07-14.6 - Service Pack 2 FAT32


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\DOCUME~1\ANANDM~1\FAVORI~1.\Error Cleaner.url
D:\DOCUME~1\ANANDM~1\FAVORI~1.\Privacy Protector.url
D:\DOCUME~1\ANANDM~1\FAVORI~1.\Spyware&Malware Protection.url
D:\WINDOWS\dat.txt
D:\WINDOWS\rs.txt


((((((((((((((((((((((((( Files Created from 2007-06-17 to 2007-07-17 )))))))))))))))))))))))))))))))


2007-07-17 10:15 51,200 --a------ D:\WINDOWS\nircmd.exe
2007-07-16 19:59 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Lavasoft
2007-07-16 19:00 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-16 16:52 720,896 --a------ D:\WINDOWS\iun6002.exe
2007-07-16 16:27 <DIR> d-------- D:\Program Files\Faces
2007-07-16 13:38 <DIR> d-------- D:\Program Files\Shareaza
2007-07-16 13:38 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Shareaza
2007-07-16 11:17 95,872 --a------ D:\WINDOWS\system32\AvastSS.scr
2007-07-16 11:17 94,552 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-16 11:17 85,952 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2007-07-16 11:17 745,600 --a------ D:\WINDOWS\system32\aswBoot.exe
2007-07-16 11:17 43,176 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-16 11:17 26,888 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-16 11:17 23,416 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-16 11:17 <DIR> d-------- D:\Program Files\Alwil Software
2007-07-15 23:48 76,560 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2007-07-15 22:55 <DIR> d-------- D:\DOCUME~1\ANANDM~1\.housecall6.6
2007-07-15 21:59 <DIR> d-------- D:\WINDOWS\system32\ActiveScan
2007-07-15 21:15 2,088 --a------ D:\WINDOWS\system32\tmp.reg
2007-07-15 21:13 524,288 --ah----- D:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-15 10:57 <DIR> d---s---- D:\DOCUME~1\ANANDM~1\UserData
2007-07-15 07:31 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Help
2007-07-14 16:12 <DIR> d--hs---- D:\FOUND.003
2007-07-14 14:58 <DIR> d-------- D:\WINDOWS\pss
2007-07-14 08:29 <DIR> d--hs---- D:\FOUND.002
2007-07-13 12:09 <DIR> d--hs---- D:\FOUND.001
2007-07-11 19:58 1,835,008 --ah----- D:\DOCUME~1\ANANDM~1\NTUSER.DAT
2007-07-11 19:29 <DIR> d-------- D:\Program Files\Sauerbraten
2007-07-11 19:17 <DIR> d-------- D:\games software


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-07-10 12:04:34 1,682 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
2007-06-30 09:20:24 56 --sh--r D:\WINDOWS\system32\2055E88D54.sys
2007-06-11 18:05:04 3,880 ----a-w D:\WINDOWS\mozver.dat
2007-06-07 19:08:02 0 ----a-w D:\WINDOWS\nsreg.dat
2007-06-07 19:07:52 110,592 ----a-w D:\WINDOWS\UninstallFirefox.exe
2007-06-07 11:41:50 -------- d-----w D:\Program Files\MSXML 4.0
2007-06-06 10:23:32 -------- d-----w D:\Program Files\Common Files\Ahead
2007-06-06 10:23:28 -------- d-----w D:\Program Files\Ahead
2007-06-06 09:39:28 -------- d-----w D:\Program Files\HP
2007-06-06 09:39:24 -------- d-----w D:\Program Files\Hewlett-Packard
2007-06-03 12:03:46 -------- d-----w D:\Program Files\C-Media 3D Audio
2007-06-03 11:58:02 -------- d-----w D:\Program Files\Intel
2007-06-03 11:08:00 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-06-03 11:06:54 -------- d-----w D:\Program Files\Common Files\Corel
2007-06-03 11:05:30 -------- d-----w D:\Program Files\Corel
2007-06-03 11:04:58 -------- d-----w D:\Program Files\Common Files\InstallShield
2007-06-03 10:59:26 -------- d-----w D:\Program Files\Microsoft ActiveSync
2007-06-03 10:48:46 -------- d-----w D:\Program Files\microsoft frontpage
2007-06-03 10:46:56 -------- d--h--w D:\Program Files\WindowsUpdate
2007-06-03 10:46:10 -------- d-----w D:\Program Files\Common Files\MSSoap
2007-06-03 10:46:00 -------- d-----w D:\Program Files\Movie Maker
2007-06-03 10:45:08 21,640 ----a-w D:\WINDOWS\system32\emptyregdb.dat
2007-06-03 10:44:38 -------- d-----w D:\Program Files\Online Services
2007-06-03 10:44:32 -------- d-----w D:\Program Files\Messenger
2007-06-03 10:44:28 -------- d-----w D:\Program Files\MSN Gaming Zone
2007-06-03 10:43:56 -------- d-----w D:\Program Files\Windows NT
2007-06-03 10:34:38 -------- d-----w D:\Program Files\Common Files\ODBC
2007-06-03 10:34:34 -------- d-----w D:\Program Files\Common Files\SpeechEngines
2007-05-16 15:12:02 683,520 ----a-w D:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:16 144,896 ----a-w D:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:24 2,854,400 ----a-w D:\WINDOWS\system32\msi.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-03-02 12:02 37808 --------- D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"CorelDRAW Graphics Suite 11b"="D:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 21:12]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///D:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
D:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Updater Servc]
D:\WINDOWS\system32\xpuupdate.exe


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e0b2a526-3213-11dc-8645-806d6172696f}]
AutoRun\command- G:\AUTORUN.EXE


************************************************** ************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-17 10:17:39
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-07-17 10:18:03
D:\ComboFix-quarantined-files.txt ... 2007-07-17 10:18

--- E O F ---

REPORT OF F SECURE

canning Report
Wednesday, July 18, 2007 00:22:53 - 01:31:50

Computer name: MANJREKA-5B0181
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ E:\ F:\
Result: 6 malware found
DNSChanger.gen10 (virus)

* D:\SYSTEM VOLUME INFORMATION\_RESTORE{706C20B8-11E0-4E3B-AC99-1E06C9FE2CA6}\RP55\A0023460.EXE (Submitted)

NetworkWorm.ACJ (virus)

* D:\DOCUMENTS AND SETTINGS\SURAJ\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\EOLU6K12\ASWCLNR[1].EXE (Submitted)

Tracking Cookie (spyware)

* System (Disinfected)
* System
* System

W32/Agent.BEPW (virus)

* C:\BUZIOL GAMES\MARIO FOREVER\CCTRANS.DLL (Submitted)

Statistics
Scanned:

* Files: 36634
* System: 3505
* Not scanned: 2

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 5
* Submitted: 3

Files not scanned:

* D:\PAGEFILE.SYS
* D:\WINDOWS\SYSTEM32\CONFIG\SECURITY

Options
Scanning engines:

* F-Secure AVP: 7.0.171, 2007-07-17
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0260-23-12
* F-Secure Libra: 2.4.2, 2007-07-17
* F-Secure Orion: 1.2.37, 2007-07-17
* F-Secure Pegasus: 1.19.0, 2007-06-17

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
* Use Advanced heuristics

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

AVG Anti-Spyware - Scan Report


+ Created at: 11:23:29 PM 7/18/2007

+ Scan result:



C:\WINDOWS\SYSTEM\Tools\Restart.exe -> Not-A-Virus.Tool.Win32.RestartCounter : Cleaned with backup (quarantined).
D:\WINDOWS\system32\Tools\Restart.exe -> Not-A-Virus.Tool.Win32.RestartCounter : Cleaned with backup (quarantined).


::Report end

That took out some more of the problems, please let me know how things are going now... It would probably be a good idea to post a fresh HJT log after a reboot....

this is the latest log of HIJACK THIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:31 PM, on 7/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RunDll32.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\internet explorer\iexplore.exe
D:\Documents and Settings\anand manjrekar\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://195.225.177.206/preconfirm.php?sid=500&aid=223&said=0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] D:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=072207 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.pcquest.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/programs/OnlineScanner.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O24 - Desktop Component 1: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm

--
End of file - 4317 bytes

I really need to know how your computer is running...

Open a HJT scan and put a check next to:

O24 - Desktop Component 1: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm

Close all open windows except HJT and press Fix checked...

Reboot and post a fresh HJT log and tell me how your computer is doing...

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:22 PM, on 7/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RunDll32.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Documents and Settings\anand manjrekar\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://195.225.177.206/preconfirm.php?sid=500&aid=223&said=0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] D:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=072207 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.pcquest.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/programs/OnlineScanner.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

--
End of file - 4175 bytes
thank u very much.can u suggest me a good free firewall. what antivirus s/w should i keep on my pc. is my pc clean now

thank u very much.can u suggest me a good free firewall. what antivirus s/w should i keep on my pc. is my pc clean now

I don't know if it is clean... I keep asking you to tell me how your computer is running and you are not sharing that information... I have no further options until I have that report... Then you will need to run at least one more scan to confirm if you are clean...

how do i check if its clean.shud i do all the tests once again.

First, you answer the question I keep asking... Then I try to figure out whether or not you need to run more scans... Why is it so difficult to tell me how your computer is running??

my pc is working fine like before. it boots properly and even shuts down properly.
does this answer ur question.
now can u suggest a good free firewall.
what anti virus software shud i install to keep my pc safe.
there are few other questions for which i need answers but they are not related to virus stuff.i will ask u later in my next mail

Download a fresh copy of ComboFix and run it one more time to confirm that you are clean... Post the log...

I will post a link to an article about how to make your PC more secure, but there is no way to guarantee that you won't get infected again... Even the best firewall and antivirus will not catch everything... You are using Avast for antivirus now and that is a good program... If you want to pay for one, NOD32 is probably a bit better... There are several good free firewalls... At the moment, you are running the resident AVG AS protection, but that will stop working after 30 days and you probably need to use a free option to replace it... As I said earlier, you will need to deal with the risk of having all of your private info stolen as soon as we confirm this computer seems to be clean...

here is the log of combofix

"anand manjrekar" - 2007-07-21 11:43:54 - ComboFix 07-07-14.6 - Service Pack 2 FAT32


((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 )))))))))))))))))))))))))))))))


2007-07-19 17:51 <DIR> d-------- D:\DOCUME~1\Suraj\WINDOWS
2007-07-18 22:56 10,872 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-18 15:43 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Corel
2007-07-18 15:35 <DIR> d-------- D:\Program Files\Quick Screen Capture
2007-07-18 14:51 <DIR> d-------- D:\Program Files\EsetOnlineScanner
2007-07-18 13:38 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Ahead
2007-07-18 13:27 <DIR> d--hs---- D:\FOUND.004
2007-07-17 22:58 <DIR> d-------- D:\DOCUME~1\ANANDM~1\DoctorWeb
2007-07-17 10:15 51,200 --a------ D:\WINDOWS\nircmd.exe
2007-07-16 19:59 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Lavasoft
2007-07-16 19:00 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-16 16:52 720,896 --a------ D:\WINDOWS\iun6002.exe
2007-07-16 16:27 <DIR> d-------- D:\Program Files\Faces
2007-07-16 13:38 <DIR> d-------- D:\Program Files\Shareaza
2007-07-16 13:38 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Shareaza
2007-07-16 11:17 95,872 --a------ D:\WINDOWS\system32\AvastSS.scr
2007-07-16 11:17 94,552 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-16 11:17 85,952 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2007-07-16 11:17 745,600 --a------ D:\WINDOWS\system32\aswBoot.exe
2007-07-16 11:17 43,176 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-16 11:17 26,888 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-16 11:17 23,416 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-16 11:17 <DIR> d-------- D:\Program Files\Alwil Software
2007-07-15 23:48 76,560 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2007-07-15 22:55 <DIR> d-------- D:\DOCUME~1\ANANDM~1\.housecall6.6
2007-07-15 21:59 <DIR> d-------- D:\WINDOWS\system32\ActiveScan
2007-07-15 21:15 2,088 --a------ D:\WINDOWS\system32\tmp.reg
2007-07-15 21:13 524,288 --ah----- D:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-15 10:57 <DIR> d---s---- D:\DOCUME~1\ANANDM~1\UserData
2007-07-15 07:31 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Help
2007-07-14 16:12 <DIR> d--hs---- D:\FOUND.003
2007-07-14 14:58 <DIR> d-------- D:\WINDOWS\pss
2007-07-14 08:29 <DIR> d--hs---- D:\FOUND.002
2007-07-13 12:09 <DIR> d--hs---- D:\FOUND.001
2007-07-11 19:58 1,835,008 --ah----- D:\DOCUME~1\ANANDM~1\NTUSER.DAT
2007-07-11 19:29 <DIR> d-------- D:\Program Files\Sauerbraten
2007-07-11 19:17 <DIR> d-------- D:\games software
2007-07-04 14:53 233,472 --a------ D:\WINDOWS\system32\OnlineScannerDLLA.dll
2007-07-04 14:53 221,184 --a------ D:\WINDOWS\system32\OnlineScannerDLLW.dll
2007-07-04 14:28 225,356 --a------ D:\WINDOWS\system32\lnod32apiW.dll
2007-07-04 14:28 196,684 --a------ D:\WINDOWS\system32\lnod32apiA.dll
2007-06-29 17:32 16,896 --a------ D:\WINDOWS\system32\OnlineScannerLang.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-07-10 12:04:34 1,682 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
2007-06-30 09:20:24 56 --sh--r D:\WINDOWS\system32\2055E88D54.sys
2007-06-13 05:40:34 77,824 ----a-w D:\WINDOWS\system32\OnlineScannerUninstaller.exe
2007-06-11 18:05:04 3,880 ----a-w D:\WINDOWS\mozver.dat
2007-06-07 19:08:02 0 ----a-w D:\WINDOWS\nsreg.dat
2007-06-07 19:07:52 110,592 ----a-w D:\WINDOWS\UninstallFirefox.exe
2007-06-07 11:41:50 -------- d-----w D:\Program Files\MSXML 4.0
2007-06-06 10:23:32 -------- d-----w D:\Program Files\Common Files\Ahead
2007-06-06 10:23:28 -------- d-----w D:\Program Files\Ahead
2007-06-06 09:39:28 -------- d-----w D:\Program Files\HP
2007-06-06 09:39:24 -------- d-----w D:\Program Files\Hewlett-Packard
2007-06-03 12:03:46 -------- d-----w D:\Program Files\C-Media 3D Audio
2007-06-03 11:58:02 -------- d-----w D:\Program Files\Intel
2007-06-03 11:08:00 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-06-03 11:06:54 -------- d-----w D:\Program Files\Common Files\Corel
2007-06-03 11:05:30 -------- d-----w D:\Program Files\Corel
2007-06-03 11:04:58 -------- d-----w D:\Program Files\Common Files\InstallShield
2007-06-03 10:59:26 -------- d-----w D:\Program Files\Microsoft ActiveSync
2007-06-03 10:48:46 -------- d-----w D:\Program Files\microsoft frontpage
2007-06-03 10:46:56 -------- d--h--w D:\Program Files\WindowsUpdate
2007-06-03 10:46:10 -------- d-----w D:\Program Files\Common Files\MSSoap
2007-06-03 10:46:00 -------- d-----w D:\Program Files\Movie Maker
2007-06-03 10:45:08 21,640 ----a-w D:\WINDOWS\system32\emptyregdb.dat
2007-06-03 10:44:38 -------- d-----w D:\Program Files\Online Services
2007-06-03 10:44:32 -------- d-----w D:\Program Files\Messenger
2007-06-03 10:44:28 -------- d-----w D:\Program Files\MSN Gaming Zone
2007-06-03 10:43:56 -------- d-----w D:\Program Files\Windows NT
2007-06-03 10:34:38 -------- d-----w D:\Program Files\Common Files\ODBC
2007-06-03 10:34:34 -------- d-----w D:\Program Files\Common Files\SpeechEngines
2007-05-16 15:12:02 683,520 ----a-w D:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:16 144,896 ----a-w D:\WINDOWS\system32\schannel.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-03-02 12:02 37808 --------- D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"CorelDRAW Graphics Suite 11b"="D:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 21:12]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 14:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 17:59]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled ]
WgaLogon.dll --------- 2007-03-15 18:16 236928 D:\WINDOWS\system32\WgaLogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
D:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Updater Servc]
D:\WINDOWS\system32\xpuupdate.exe


************************************************** ************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-07-21 11:45:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-07-21 11:46:06
D:\ComboFix-quarantined-files.txt ... 2007-07-21 11:46
D:\ComboFix3.txt ... 2007-07-17 10:18
D:\ComboFix2.txt ... 2007-07-18 23:52

--- E O F ---
please tell me all the programs (free) that will help me to keep my pc clean(antispyware, antimalware, antivirus, antiadware)
here in india the softwares cost a lot.here we get pirated s/w but i dont want to buy them.

You still have infected files on your computer please do this:

CFScript

-----------


Open notepad and copy/paste the text in the quotebox below into it:

File::
D:\FOUND.004
D:\FOUND.003
D:\FOUND.002
D:\FOUND.001
D:\WINDOWS\iun6002.exe


Save this as "CFScript"


http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log...

I was unable to find any useful info on these files... Please find them and use Properties to see if they are from a company that you recognize and post back here on what you find... If you can't identify them, please submit them to Jotti...

D:\WINDOWS\system32\OnlineScannerDLLA.dll
D:\WINDOWS\system32\OnlineScannerDLLW.dll
D:\WINDOWS\system32\lnod32apiW.dll
D:\WINDOWS\system32\lnod32apiA.dll
D:\WINDOWS\system32\OnlineScannerLang.dll
D:\WINDOWS\system32\tmp.reg
D:\WINDOWS\system32\2055E88D54.sys

You will need to show Hidden/System files to find some of them...

In Windows XP, on the taskbar, click Start > My Computer.
In the Tools menu, click Folder Options.
On the View tab, uncheck Hide file extensions for known file types.
Uncheck Hide protected operating system files. Then, under the "Hidden files" folder, click Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply.
Click OK.

If you can't figure out what any of them are, please go to Jotti's malware scan at http://virusscan.jotti.org/ and upload the file for scanning and post the results here.

It looks like you used the version of CombFix that you already had and that means it may have missed some things... After you complete the steps noted here, please download a fresh copy, run it again and post the log here along with the other logs...

report of combofix and cfscript

"anand manjrekar" - 2007-07-22 10:27:47 - ComboFix 07-07-14.6 - Service Pack 2 FAT32
Command switches used :: D:\Documents and Settings\anand manjrekar\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\FOUND.001
D:\FOUND.002
D:\FOUND.003
D:\FOUND.004
D:\WINDOWS\iun6002.exe


((((((((((((((((((((((((( Files Created from 2007-06-22 to 2007-07-22 )))))))))))))))))))))))))))))))


2007-07-21 21:03 31,264 --a------ D:\DOCUME~1\ANANDM~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-07-19 17:51 <DIR> d-------- D:\DOCUME~1\Suraj\WINDOWS
2007-07-18 22:56 10,872 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-18 15:43 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Corel
2007-07-18 15:35 <DIR> d-------- D:\Program Files\Quick Screen Capture
2007-07-18 14:51 <DIR> d-------- D:\Program Files\EsetOnlineScanner
2007-07-18 13:38 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Ahead
2007-07-17 22:58 <DIR> d-------- D:\DOCUME~1\ANANDM~1\DoctorWeb
2007-07-17 10:15 51,200 --a------ D:\WINDOWS\nircmd.exe
2007-07-16 19:59 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Lavasoft
2007-07-16 19:00 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-16 16:27 <DIR> d-------- D:\Program Files\Faces
2007-07-16 13:38 <DIR> d-------- D:\Program Files\Shareaza
2007-07-16 13:38 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Shareaza
2007-07-16 11:17 95,872 --a------ D:\WINDOWS\system32\AvastSS.scr
2007-07-16 11:17 94,552 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-16 11:17 85,952 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2007-07-16 11:17 745,600 --a------ D:\WINDOWS\system32\aswBoot.exe
2007-07-16 11:17 43,176 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-16 11:17 26,888 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-16 11:17 23,416 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-16 11:17 <DIR> d-------- D:\Program Files\Alwil Software
2007-07-15 23:48 76,560 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2007-07-15 22:55 <DIR> d-------- D:\DOCUME~1\ANANDM~1\.housecall6.6
2007-07-15 21:59 <DIR> d-------- D:\WINDOWS\system32\ActiveScan
2007-07-15 21:15 2,088 --a------ D:\WINDOWS\system32\tmp.reg
2007-07-15 21:13 524,288 --ah----- D:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-15 10:57 <DIR> d---s---- D:\DOCUME~1\ANANDM~1\UserData
2007-07-15 07:31 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Help
2007-07-14 14:58 <DIR> d-------- D:\WINDOWS\pss
2007-07-11 19:58 2,883,584 --ah----- D:\DOCUME~1\ANANDM~1\NTUSER.DAT
2007-07-11 19:29 <DIR> d-------- D:\Program Files\Sauerbraten
2007-07-11 19:17 <DIR> d-------- D:\games software
2007-07-04 14:53 233,472 --a------ D:\WINDOWS\system32\OnlineScannerDLLA.dll
2007-07-04 14:53 221,184 --a------ D:\WINDOWS\system32\OnlineScannerDLLW.dll
2007-07-04 14:28 225,356 --a------ D:\WINDOWS\system32\lnod32apiW.dll
2007-07-04 14:28 196,684 --a------ D:\WINDOWS\system32\lnod32apiA.dll
2007-06-29 17:32 16,896 --a------ D:\WINDOWS\system32\OnlineScannerLang.dll

report of combofix and cfscript

"anand manjrekar" - 2007-07-22 10:27:47 - ComboFix 07-07-14.6 - Service Pack 2 FAT32
Command switches used :: D:\Documents and Settings\anand manjrekar\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\FOUND.001
D:\FOUND.002
D:\FOUND.003
D:\FOUND.004
D:\WINDOWS\iun6002.exe


((((((((((((((((((((((((( Files Created from 2007-06-22 to 2007-07-22 )))))))))))))))))))))))))))))))


2007-07-21 21:03 31,264 --a------ D:\DOCUME~1\ANANDM~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-07-19 17:51 <DIR> d-------- D:\DOCUME~1\Suraj\WINDOWS
2007-07-18 22:56 10,872 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-18 15:43 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Corel
2007-07-18 15:35 <DIR> d-------- D:\Program Files\Quick Screen Capture
2007-07-18 14:51 <DIR> d-------- D:\Program Files\EsetOnlineScanner
2007-07-18 13:38 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Ahead
2007-07-17 22:58 <DIR> d-------- D:\DOCUME~1\ANANDM~1\DoctorWeb
2007-07-17 10:15 51,200 --a------ D:\WINDOWS\nircmd.exe
2007-07-16 19:59 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Lavasoft
2007-07-16 19:00 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-16 16:27 <DIR> d-------- D:\Program Files\Faces
2007-07-16 13:38 <DIR> d-------- D:\Program Files\Shareaza
2007-07-16 13:38 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Shareaza
2007-07-16 11:17 95,872 --a------ D:\WINDOWS\system32\AvastSS.scr
2007-07-16 11:17 94,552 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-16 11:17 85,952 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2007-07-16 11:17 745,600 --a------ D:\WINDOWS\system32\aswBoot.exe
2007-07-16 11:17 43,176 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-16 11:17 26,888 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-16 11:17 23,416 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-16 11:17 <DIR> d-------- D:\Program Files\Alwil Software
2007-07-15 23:48 76,560 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2007-07-15 22:55 <DIR> d-------- D:\DOCUME~1\ANANDM~1\.housecall6.6
2007-07-15 21:59 <DIR> d-------- D:\WINDOWS\system32\ActiveScan
2007-07-15 21:15 2,088 --a------ D:\WINDOWS\system32\tmp.reg
2007-07-15 21:13 524,288 --ah----- D:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-15 10:57 <DIR> d---s---- D:\DOCUME~1\ANANDM~1\UserData
2007-07-15 07:31 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Help
2007-07-14 14:58 <DIR> d-------- D:\WINDOWS\pss
2007-07-11 19:58 2,883,584 --ah----- D:\DOCUME~1\ANANDM~1\NTUSER.DAT
2007-07-11 19:29 <DIR> d-------- D:\Program Files\Sauerbraten
2007-07-11 19:17 <DIR> d-------- D:\games software
2007-07-04 14:53 233,472 --a------ D:\WINDOWS\system32\OnlineScannerDLLA.dll
2007-07-04 14:53 221,184 --a------ D:\WINDOWS\system32\OnlineScannerDLLW.dll
2007-07-04 14:28 225,356 --a------ D:\WINDOWS\system32\lnod32apiW.dll
2007-07-04 14:28 196,684 --a------ D:\WINDOWS\system32\lnod32apiA.dll
2007-06-29 17:32 16,896 --a------ D:\WINDOWS\system32\OnlineScannerLang.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-07-10 12:04:34 1,682 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
2007-06-30 09:20:24 56 --sh--r D:\WINDOWS\system32\2055E88D54.sys
2007-06-13 05:40:34 77,824 ----a-w D:\WINDOWS\system32\OnlineScannerUninstaller.exe
2007-06-11 18:05:04 3,880 ----a-w D:\WINDOWS\mozver.dat
2007-06-07 19:08:02 0 ----a-w D:\WINDOWS\nsreg.dat
2007-06-07 19:07:52 110,592 ----a-w D:\WINDOWS\UninstallFirefox.exe
2007-06-07 11:41:50 -------- d-----w D:\Program Files\MSXML 4.0
2007-06-06 10:23:32 -------- d-----w D:\Program Files\Common Files\Ahead
2007-06-06 10:23:28 -------- d-----w D:\Program Files\Ahead
2007-06-06 09:39:28 -------- d-----w D:\Program Files\HP
2007-06-06 09:39:24 -------- d-----w D:\Program Files\Hewlett-Packard
2007-06-03 12:03:46 -------- d-----w D:\Program Files\C-Media 3D Audio
2007-06-03 11:58:02 -------- d-----w D:\Program Files\Intel
2007-06-03 11:08:00 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-06-03 11:06:54 -------- d-----w D:\Program Files\Common Files\Corel
2007-06-03 11:05:30 -------- d-----w D:\Program Files\Corel
2007-06-03 11:04:58 -------- d-----w D:\Program Files\Common Files\InstallShield
2007-06-03 10:59:26 -------- d-----w D:\Program Files\Microsoft ActiveSync
2007-06-03 10:48:46 -------- d-----w D:\Program Files\microsoft frontpage
2007-06-03 10:46:56 -------- d--h--w D:\Program Files\WindowsUpdate
2007-06-03 10:46:10 -------- d-----w D:\Program Files\Common Files\MSSoap
2007-06-03 10:46:00 -------- d-----w D:\Program Files\Movie Maker
2007-06-03 10:45:08 21,640 ----a-w D:\WINDOWS\system32\emptyregdb.dat
2007-06-03 10:44:38 -------- d-----w D:\Program Files\Online Services
2007-06-03 10:44:32 -------- d-----w D:\Program Files\Messenger
2007-06-03 10:44:28 -------- d-----w D:\Program Files\MSN Gaming Zone
2007-06-03 10:43:56 -------- d-----w D:\Program Files\Windows NT
2007-06-03 10:34:38 -------- d-----w D:\Program Files\Common Files\ODBC
2007-06-03 10:34:34 -------- d-----w D:\Program Files\Common Files\SpeechEngines
2007-05-16 15:12:02 683,520 ----a-w D:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:16 144,896 ----a-w D:\WINDOWS\system32\schannel.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-03-02 12:02 37808 --------- D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"CorelDRAW Graphics Suite 11b"="D:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 21:12]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 14:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 17:59]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled ]
WgaLogon.dll --------- 2007-03-15 18:16 236928 D:\WINDOWS\system32\WgaLogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
D:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Updater Servc]
D:\WINDOWS\system32\xpuupdate.exe


************************************************** ************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-22 10:29:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-07-22 10:30:12
D:\ComboFix-quarantined-files.txt ... 2007-07-22 10:30
D:\ComboFix3.txt ... 2007-07-18 23:52
D:\ComboFix2.txt ... 2007-07-21 11:46

--- E O F ---

result of jotti scanner of the files that u gave me

File: lnod32apiA.dll
Status:
OK
MD5: fdf3a06f19b7eeb4d9d91bfcd5713300
Packers detected:
-
Bit9 reports: File not found
can taken on 22 Jul 2007 05:43:36 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

File: lnod32apiW.dll
Status:
OK
MD5: 94a07e641d50071fe594935a757f3df7
Packers detected:
-
Bit9 reports: File not found
Scan taken on 22 Jul 2007 05:46:36 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

File: OnlineScannerDLLA.dll
Status:
OK
MD5: 4605e24b23671bbdb281f9c2241831ff
Packers detected:
-
Bit9 reports: File not found
Scan taken on 22 Jul 2007 05:47:51 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing


File: OnlineScannerDLLW.dll
Status:
OK
MD5: 20913616014a96d6534c2a6d46ce3f1d
Packers detected:
-
Bit9 reports: File not found
Scan taken on 22 Jul 2007 05:51:40 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing



File: OnlineScannerLang.dll
Status:
OK
MD5: d35f6c816bde7a48d169e7b7b808c2ed
Packers detected:
-
Bit9 reports: File not found
Scan taken on 22 Jul 2007 05:53:14 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing


File: tmp.reg
Status:
OK
MD5: d5020bfd6ed1faa399d7df7461401d58
Packers detected:
-
Bit9 reports: File not found
can taken on 22 Jul 2007 05:55:03 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing


D:\WINDOWS\system32\2055E88D54.sys i searched my pc for this file and i was not able to find it.i used show hidden files and folders option on.

report from the latest combo fix downloaded

"anand manjrekar" - 2007-07-22 11:29:31 - ComboFix 07-07-14.6 - Service Pack 2 FAT32


((((((((((((((((((((((((( Files Created from 2007-06-22 to 2007-07-22 )))))))))))))))))))))))))))))))


2007-07-21 21:03 31,264 --a------ D:\DOCUME~1\ANANDM~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-07-19 17:51 <DIR> d-------- D:\DOCUME~1\Suraj\WINDOWS
2007-07-18 22:56 10,872 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-18 15:43 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Corel
2007-07-18 15:35 <DIR> d-------- D:\Program Files\Quick Screen Capture
2007-07-18 14:51 <DIR> d-------- D:\Program Files\EsetOnlineScanner
2007-07-18 13:38 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Ahead
2007-07-17 22:58 <DIR> d-------- D:\DOCUME~1\ANANDM~1\DoctorWeb
2007-07-17 10:15 51,200 --a------ D:\WINDOWS\nircmd.exe
2007-07-16 19:59 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Lavasoft
2007-07-16 19:00 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-16 16:27 <DIR> d-------- D:\Program Files\Faces
2007-07-16 13:38 <DIR> d-------- D:\Program Files\Shareaza
2007-07-16 13:38 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Shareaza
2007-07-16 11:17 95,872 --a------ D:\WINDOWS\system32\AvastSS.scr
2007-07-16 11:17 94,552 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-16 11:17 85,952 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2007-07-16 11:17 745,600 --a------ D:\WINDOWS\system32\aswBoot.exe
2007-07-16 11:17 43,176 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-16 11:17 26,888 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-16 11:17 23,416 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-16 11:17 <DIR> d-------- D:\Program Files\Alwil Software
2007-07-15 23:48 76,560 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2007-07-15 22:55 <DIR> d-------- D:\DOCUME~1\ANANDM~1\.housecall6.6
2007-07-15 21:59 <DIR> d-------- D:\WINDOWS\system32\ActiveScan
2007-07-15 21:15 2,088 --a------ D:\WINDOWS\system32\tmp.reg
2007-07-15 21:13 524,288 --ah----- D:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-15 10:57 <DIR> d---s---- D:\DOCUME~1\ANANDM~1\UserData
2007-07-15 07:31 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Help
2007-07-14 14:58 <DIR> d-------- D:\WINDOWS\pss
2007-07-11 19:58 2,883,584 --ah----- D:\DOCUME~1\ANANDM~1\NTUSER.DAT
2007-07-11 19:29 <DIR> d-------- D:\Program Files\Sauerbraten
2007-07-11 19:17 <DIR> d-------- D:\games software
2007-07-04 14:53 233,472 --a------ D:\WINDOWS\system32\OnlineScannerDLLA.dll
2007-07-04 14:53 221,184 --a------ D:\WINDOWS\system32\OnlineScannerDLLW.dll
2007-07-04 14:28 225,356 --a------ D:\WINDOWS\system32\lnod32apiW.dll
2007-07-04 14:28 196,684 --a------ D:\WINDOWS\system32\lnod32apiA.dll
2007-06-29 17:32 16,896 --a------ D:\WINDOWS\system32\OnlineScannerLang.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-07-10 12:04:34 1,682 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
2007-06-30 09:20:24 56 --sh--r D:\WINDOWS\system32\2055E88D54.sys
2007-06-13 05:40:34 77,824 ----a-w D:\WINDOWS\system32\OnlineScannerUninstaller.exe
2007-06-11 18:05:04 3,880 ----a-w D:\WINDOWS\mozver.dat
2007-06-07 19:08:02 0 ----a-w D:\WINDOWS\nsreg.dat
2007-06-07 19:07:52 110,592 ----a-w D:\WINDOWS\UninstallFirefox.exe
2007-06-07 11:41:50 -------- d-----w D:\Program Files\MSXML 4.0
2007-06-06 10:23:32 -------- d-----w D:\Program Files\Common Files\Ahead
2007-06-06 10:23:28 -------- d-----w D:\Program Files\Ahead
2007-06-06 09:39:28 -------- d-----w D:\Program Files\HP
2007-06-06 09:39:24 -------- d-----w D:\Program Files\Hewlett-Packard
2007-06-03 12:03:46 -------- d-----w D:\Program Files\C-Media 3D Audio
2007-06-03 11:58:02 -------- d-----w D:\Program Files\Intel
2007-06-03 11:08:00 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-06-03 11:06:54 -------- d-----w D:\Program Files\Common Files\Corel
2007-06-03 11:05:30 -------- d-----w D:\Program Files\Corel
2007-06-03 11:04:58 -------- d-----w D:\Program Files\Common Files\InstallShield
2007-06-03 10:59:26 -------- d-----w D:\Program Files\Microsoft ActiveSync
2007-06-03 10:48:46 -------- d-----w D:\Program Files\microsoft frontpage
2007-06-03 10:46:56 -------- d--h--w D:\Program Files\WindowsUpdate
2007-06-03 10:46:10 -------- d-----w D:\Program Files\Common Files\MSSoap
2007-06-03 10:46:00 -------- d-----w D:\Program Files\Movie Maker
2007-06-03 10:45:08 21,640 ----a-w D:\WINDOWS\system32\emptyregdb.dat
2007-06-03 10:44:38 -------- d-----w D:\Program Files\Online Services
2007-06-03 10:44:32 -------- d-----w D:\Program Files\Messenger
2007-06-03 10:44:28 -------- d-----w D:\Program Files\MSN Gaming Zone
2007-06-03 10:43:56 -------- d-----w D:\Program Files\Windows NT
2007-06-03 10:34:38 -------- d-----w D:\Program Files\Common Files\ODBC
2007-06-03 10:34:34 -------- d-----w D:\Program Files\Common Files\SpeechEngines
2007-05-16 15:12:02 683,520 ----a-w D:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:16 144,896 ----a-w D:\WINDOWS\system32\schannel.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-03-02 12:02 37808 --------- D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"CorelDRAW Graphics Suite 11b"="D:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 21:12]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 14:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 17:59]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled ]
WgaLogon.dll --------- 2007-03-15 18:16 236928 D:\WINDOWS\system32\WgaLogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
D:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Updater Servc]
D:\WINDOWS\system32\xpuupdate.exe


************************************************** ************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-22 11:30:51
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-07-22 11:31:29
D:\ComboFix-quarantined-files.txt ... 2007-07-22 11:31
D:\ComboFix2.txt ... 2007-07-22 10:30
D:\ComboFix3.txt ... 2007-07-21 11:46

--- E O F ---

This is still there... Please make another Notepad file with it as the content and save as CFScript again and follow the instructions noted earlier for it...

File::
D:\WINDOWS\system32\2055E88D54.sys

Let me know how things are going when you complete this... If you have a problem, you may need to restore that file, but I suspect it is bad...

log of combofix using D:\WINDOWS\system32\2055E88D54.sys in the notepad

"anand manjrekar" - 2007-07-22 16:59:07 - ComboFix 07-07-14.6 - Service Pack 2 FAT32
Command switches used :: D:\Documents and Settings\anand manjrekar\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\WINDOWS\system32\2055E88D54.sys


((((((((((((((((((((((((( Files Created from 2007-06-22 to 2007-07-22 )))))))))))))))))))))))))))))))


2007-07-21 21:03 31,264 --a------ D:\DOCUME~1\ANANDM~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-07-19 17:51 <DIR> d-------- D:\DOCUME~1\Suraj\WINDOWS
2007-07-18 22:56 10,872 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-18 15:43 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Corel
2007-07-18 15:35 <DIR> d-------- D:\Program Files\Quick Screen Capture
2007-07-18 14:51 <DIR> d-------- D:\Program Files\EsetOnlineScanner
2007-07-18 13:38 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Ahead
2007-07-17 22:58 <DIR> d-------- D:\DOCUME~1\ANANDM~1\DoctorWeb
2007-07-17 10:15 51,200 --a------ D:\WINDOWS\nircmd.exe
2007-07-16 19:59 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Lavasoft
2007-07-16 19:00 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-16 16:27 <DIR> d-------- D:\Program Files\Faces
2007-07-16 13:38 <DIR> d-------- D:\Program Files\Shareaza
2007-07-16 13:38 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Shareaza
2007-07-16 11:17 95,872 --a------ D:\WINDOWS\system32\AvastSS.scr
2007-07-16 11:17 94,552 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-16 11:17 85,952 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2007-07-16 11:17 745,600 --a------ D:\WINDOWS\system32\aswBoot.exe
2007-07-16 11:17 43,176 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-16 11:17 26,888 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-16 11:17 23,416 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-16 11:17 <DIR> d-------- D:\Program Files\Alwil Software
2007-07-15 23:48 76,560 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2007-07-15 22:55 <DIR> d-------- D:\DOCUME~1\ANANDM~1\.housecall6.6
2007-07-15 21:59 <DIR> d-------- D:\WINDOWS\system32\ActiveScan
2007-07-15 21:15 2,088 --a------ D:\WINDOWS\system32\tmp.reg
2007-07-15 21:13 524,288 --ah----- D:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-15 10:57 <DIR> d---s---- D:\DOCUME~1\ANANDM~1\UserData
2007-07-15 07:31 <DIR> d-------- D:\DOCUME~1\ANANDM~1\APPLIC~1\Help
2007-07-14 14:58 <DIR> d-------- D:\WINDOWS\pss
2007-07-11 19:58 2,883,584 --ah----- D:\DOCUME~1\ANANDM~1\NTUSER.DAT
2007-07-11 19:29 <DIR> d-------- D:\Program Files\Sauerbraten
2007-07-11 19:17 <DIR> d-------- D:\games software
2007-07-04 14:53 233,472 --a------ D:\WINDOWS\system32\OnlineScannerDLLA.dll
2007-07-04 14:53 221,184 --a------ D:\WINDOWS\system32\OnlineScannerDLLW.dll
2007-07-04 14:28 225,356 --a------ D:\WINDOWS\system32\lnod32apiW.dll
2007-07-04 14:28 196,684 --a------ D:\WINDOWS\system32\lnod32apiA.dll
2007-06-29 17:32 16,896 --a------ D:\WINDOWS\system32\OnlineScannerLang.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-07-10 12:04:34 1,682 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
2007-06-13 05:40:34 77,824 ----a-w D:\WINDOWS\system32\OnlineScannerUninstaller.exe
2007-06-11 18:05:04 3,880 ----a-w D:\WINDOWS\mozver.dat
2007-06-07 19:08:02 0 ----a-w D:\WINDOWS\nsreg.dat
2007-06-07 19:07:52 110,592 ----a-w D:\WINDOWS\UninstallFirefox.exe
2007-06-07 11:41:50 -------- d-----w D:\Program Files\MSXML 4.0
2007-06-06 10:23:32 -------- d-----w D:\Program Files\Common Files\Ahead
2007-06-06 10:23:28 -------- d-----w D:\Program Files\Ahead
2007-06-06 09:39:28 -------- d-----w D:\Program Files\HP
2007-06-06 09:39:24 -------- d-----w D:\Program Files\Hewlett-Packard
2007-06-03 12:03:46 -------- d-----w D:\Program Files\C-Media 3D Audio
2007-06-03 11:58:02 -------- d-----w D:\Program Files\Intel
2007-06-03 11:08:00 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-06-03 11:06:54 -------- d-----w D:\Program Files\Common Files\Corel
2007-06-03 11:05:30 -------- d-----w D:\Program Files\Corel
2007-06-03 11:04:58 -------- d-----w D:\Program Files\Common Files\InstallShield
2007-06-03 10:59:26 -------- d-----w D:\Program Files\Microsoft ActiveSync
2007-06-03 10:48:46 -------- d-----w D:\Program Files\microsoft frontpage
2007-06-03 10:46:56 -------- d--h--w D:\Program Files\WindowsUpdate
2007-06-03 10:46:10 -------- d-----w D:\Program Files\Common Files\MSSoap
2007-06-03 10:46:00 -------- d-----w D:\Program Files\Movie Maker
2007-06-03 10:45:08 21,640 ----a-w D:\WINDOWS\system32\emptyregdb.dat
2007-06-03 10:44:38 -------- d-----w D:\Program Files\Online Services
2007-06-03 10:44:32 -------- d-----w D:\Program Files\Messenger
2007-06-03 10:44:28 -------- d-----w D:\Program Files\MSN Gaming Zone
2007-06-03 10:43:56 -------- d-----w D:\Program Files\Windows NT
2007-06-03 10:34:38 -------- d-----w D:\Program Files\Common Files\ODBC
2007-06-03 10:34:34 -------- d-----w D:\Program Files\Common Files\SpeechEngines
2007-05-16 15:12:02 683,520 ----a-w D:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:16 144,896 ----a-w D:\WINDOWS\system32\schannel.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-03-02 12:02 37808 --------- D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"CorelDRAW Graphics Suite 11b"="D:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 21:12]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 14:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 17:59]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled ]
WgaLogon.dll --------- 2007-03-15 18:16 236928 D:\WINDOWS\system32\WgaLogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
D:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Updater Servc]
D:\WINDOWS\system32\xpuupdate.exe


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e0b2a526-3213-11dc-8645-806d6172696f}]
AutoRun\command- G:\AUTORUN.EXE


************************************************** ************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-07-22 17:00:51
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-07-22 17:01:47
D:\ComboFix-quarantined-files.txt ... 2007-07-22 17:01
D:\ComboFix3.txt ... 2007-07-22 10:30
D:\ComboFix2.txt ... 2007-07-22 11:31

--- E O F ---

If your system is working well at this point, we will hope that it is clean...

The 3 main free firewalls are Kerio, Outpost and Comodo... ZoneAlarm is good too... I personally use and recommend Kerio, but any of them would be good...

For a free antivirus, I recommend Avast and you already have that... You could also use AVG or Avira...

No program or suite of programs will protect you if you surf to bad sites...

Firefox with NoScripts will also help a great deal and I recommend it strongly...

Here is my prevention speech to help avoid future infection:

This is a good time to set up protection against further
attacks. Read the article linked below about "How did I
get infected". You need an antivirus that is updated, a
good firewall (a router firewall is not enough) and a
spyware blocker like SpywareBlaster and also IE-Spyads.
All of these have good free versions available... be very
cautious about any security software that advertises in
popups or other intrusive ways, they are not only usually
useless, but also often have malware in them....

http://forums.spywareinfo.com/index.php?showtopic=60955

thank u very much
there are 2 things on which i like to know a little bit.

if the hard disk gets corrupt or fails we give it to an agency which recovers the data from that harddrive . can u tell me what they exactly do over there. do they use any software or they use some mechanical means.im asking u this as i want to start taking orders for recovering data from harddisks

if i want to buy a used or second hand hard disk how shud i check it to know that it is 100% working .do i use any s/w for this

please advice

Hard drive recovery usually involves actually taking the drive apart in an extremely clean environment and recovering the data directly from the disks... It uses a "clean room" which is maintained with almost NO dust and requires that anyone entering is completely covered to prevent so much as a flake of skin from landing on the drives... It is a very expensive operation to set up and would require a large initial investment... A number of different software products are used in addition to a number of hardware components...

As for checking a hard drive to see if it works, you can hook it up and run the manufacturer's diagnostics on it, but that still won't guarantee that it will work... If you need more extensive info on that, I suggest you post in Core Hardware or Storage...