this winAntivirus popups have messed up my system. I also might have other malwares lurking around. My internet explorer freezes every now n then.
here is the hijackthis log , uninstall_list log and VundoFix log :
hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:24:02 PM, on 04-Jan-07
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\TL953C.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\hjt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.c...earch.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rediff.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.rd.yahoo.c...earch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.c...earch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.c...earch.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll (file missing)
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {76008B24-75EE-4392-AB16-6D32D3A048F8} - C:\WINDOWS\System32\ddcyy.dll (file missing)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\ldsfmptv.dll
O2 - BHO: (no name) - {B2145EDE-1F61-4CD7-A84D-74ABB1A6BC23} - C:\WINDOWS\System32\awtqq.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ghbc6774] RUNDLL32.EXE w144f063.dll,n 004c67700000000a144f063
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\soilaelh.dll",setvm
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: palmOne Registration.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{75A6BF8A-A2BF-4B43-B74B-6DA8A2379E4F}: NameServer = 202.144.95.4,202.144.66.6
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
--------------
uninstall_list log:
µTorrent
Ableton Live v5.0.3
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Ahead Nero Burning ROM
BlueSoleil
CuteFTP 8 Home
DC++ 0.691
DeluxeCommunications
DivX Codec
DivX Player
Documents To Go
E-MU Xboard
eMule2
Geiss2 for Winamp 2x (remove only)
G-Force
Google Talk (remove only)
Hijackthis 1.99.1
HijackThis 1.99.1
HP PrecisionScan LTX
HP Share-to-Web
Internet Radio Ripper 2.0
iPod for Windows 2005-10-12
iPod for Windows 2006-01-10
iTunes
Kaspersky Anti-Virus 6.0
Microsoft Office Professional Edition 2003
MixMeister BPM Analyzer 1.0
Mojo Master Winamp Visualizer for Winamp (remove only)
Native Instruments Traktor DJ Studio v3.0.2.098
NVIDIA Drivers
palmOne
Power2Go 4.0
PowerDVD
QuickTime
RealPlayer
Reason 3.0
Search Bar
Sify Broadband 3.22
Spybot - Search & Destroy 1.4
Spyware Doctor 3.2
The Playa
Trend Micro OfficeScan Client
VideoLAN VLC media player 0.8.2
VSAdd-in for Internet Explorer
Winamp (remove only)
Windows Live Messenger
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB835732
WinRAR archiver
WinZip
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
----------------------
Vundofix log:
VundoFix V6.2.13
Checking Java version...
Java version is 1.5.0.4
Scan started at 10:41:22 PM 04-Jan-07
Listing files found while scanning....
C:\WINDOWS\System32\awtqq.dll
C:\WINDOWS\System32\qqtwa.ini
C:\WINDOWS\System32\qqtwa.bak1
C:\WINDOWS\System32\qqtwa.bak2
C:\WINDOWS\System32\qqtwa.ini2
C:\WINDOWS\System32\qqtwa.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\System32\awtqq.dll
C:\WINDOWS\System32\awtqq.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\qqtwa.ini
C:\WINDOWS\System32\qqtwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\qqtwa.bak1
C:\WINDOWS\System32\qqtwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\qqtwa.bak2
C:\WINDOWS\System32\qqtwa.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\qqtwa.ini2
C:\WINDOWS\System32\qqtwa.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\qqtwa.tmp
C:\WINDOWS\System32\qqtwa.tmp Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.13
Checking Java version...
Java version is 1.5.0.4
Scan started at 10:54:21 PM 04-Jan-07
Listing files found while scanning....
C:\WINDOWS\System32\ddcyy.dll
C:\WINDOWS\System32\yycdd.ini
C:\WINDOWS\System32\yycdd.bak1
Beginning removal...
Attempting to delete C:\WINDOWS\System32\ddcyy.dll
C:\WINDOWS\System32\ddcyy.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\yycdd.ini
C:\WINDOWS\System32\yycdd.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\yycdd.bak1
C:\WINDOWS\System32\yycdd.bak1 Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.13
Checking Java version...
Java version is 1.5.0.4
Scan started at 11:17:50 PM 04-Jan-07
Listing files found while scanning....
No infected files were found.
thankz
Edited by cacofonix, 04 January 2007 - 11:58 AM.