[Serialk]

hello

I scanned my laptop with nod32 3.0.642 and found an adware.
the object name is c:\windows\system32\khfCSLfd.dll.the size is 38400.
the reason is win32/adware.virtuemonde application.and the count keeps
increasing.when i tried to remove this from the quarantine folder it keeps coming
up and it can't be deleted.i tried to scan with spysweeper n lavasoft ad-aware but
with no success.they couldn't delete this .dll.

the following file is my hijackthis.log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:36 PM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\jnana\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\jnana\LOCALS~1\Temp\Rar$EX00.406\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [nxpclient] "C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe" /P nxpclient
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [IDMan] "C:\Program Files\Internet Download Manager\IDMan.exe" /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activatemydsl...ads/tgctlcm.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1197661400484
O17 - HKLM\System\CCS\Services\Tcpip\..\{69778219-B199-4570-93B5-643B55345A1D}: NameServer = 59.144.127.16,59.144.127.17
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (nxpclient) (sprtsvc_nxpclient) - SupportSoft, Inc. - C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe

--
End of file - 7698 bytes

Attached Thumbnails

• 

[Advertisements]

Hi Serialk,

Welcome to Geeks to Go!
My name is sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:
ComboFix

Run ComboFix:

• Double click combofix.exe and follow the prompts.
• When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply

Log file will be C:\Combofix.txt

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Cheers,

sage5

[sage5]

Hi Serialk,

Welcome to Geeks to Go!
My name is sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:
ComboFix

Run ComboFix:

• Double click combofix.exe and follow the prompts.
• When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply

Log file will be C:\Combofix.txt

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Cheers,

sage5

[Serialk]

Thanks mate for your quick reply..
I guess the adware virtuemonde has been kicked out of my system,
since i could delete that file from nod 32 quarantine folder.
thanks to combofix...i am posting the 2 log files of hijackthis and combofix below.
please let me know if my system is clean and the danger's gone..thanks..

hijackthis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:47:25 PM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\jnana\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\soft\Antispywares n antiviriuses\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [nxpclient] "C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe" /P nxpclient
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activatemydsl...ads/tgctlcm.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1197661400484
O17 - HKLM\System\CCS\Services\Tcpip\..\{69778219-B199-4570-93B5-643B55345A1D}: NameServer = 59.144.127.16,59.144.127.17
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (nxpclient) (sprtsvc_nxpclient) - SupportSoft, Inc. - C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe

--
End of file - 9089 bytes

combofix log:


ComboFix 08-04-11.5 - jnana 2008-04-12 14:37:39.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.546 [GMT 5.5:30]
Running from: C:\Documents and Settings\jnana\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\AJmVDcfe.ini
C:\WINDOWS\system32\AJmVDcfe.ini2
C:\WINDOWS\system32\efcDVmJA.dll
C:\WINDOWS\system32\khfCSLfd.dll

----- BITS: Possible infected sites -----

hxxp://216.40.219.141
hxxp://77.91.228.186
hxxp://nxpagent.airtelbroadband.in
.
((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-12 12:03 . 2008-04-12 12:03 <DIR> d-------- C:\VundoFix Backups
2008-04-12 11:43 . 2008-04-12 11:43 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-12 11:28 . 2002-08-13 06:09 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2008-04-12 11:28 . 2002-08-13 06:10 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-04-12 10:11 . 2008-04-12 10:11 <DIR> d-------- C:\Program Files\RM Converter
2008-04-12 09:26 . 2008-04-12 09:26 <DIR> d-------- C:\Program Files\Real
2008-04-12 09:26 . 2008-04-12 09:26 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-12 09:26 . 2008-04-12 09:26 <DIR> d-------- C:\Program Files\Common Files\Real
2008-04-12 07:53 . 2008-04-12 07:53 <DIR> d-------- C:\Program Files\LimeWire
2008-04-12 07:53 . 2008-04-12 07:53 <DIR> d-------- C:\Documents and Settings\jnana\Application Data\LimeWire
2008-04-12 07:39 . 2008-04-12 07:39 <DIR> d-------- C:\Program Files\CCleaner
2008-04-12 01:02 . 2008-04-12 01:03 <DIR> d-------- C:\Program Files\SubSync
2008-04-12 00:38 . 2008-04-12 00:38 <DIR> d-------- C:\Program Files\Freecorp
2008-04-11 23:34 . 2008-04-12 01:02 249,856 --------- C:\WINDOWS\Setup1.exe
2008-04-11 23:34 . 2008-04-12 01:02 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-04-05 22:43 . 2008-04-05 22:43 <DIR> d-------- C:\Program Files\DFX
2008-04-05 22:42 . 2008-04-05 22:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-03 00:20 . 2008-04-03 00:20 <DIR> d-------- C:\Program Files\Marsu-Fix
2008-04-03 00:20 . 2008-04-03 00:20 159,841 --a------ C:\WINDOWS\Marsu-Fix Uninstaller.exe
2008-04-02 02:11 . 2008-04-02 02:11 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-31 22:56 . 2008-03-31 22:56 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-03-31 22:56 . 2008-03-31 22:56 <DIR> d-------- C:\Program Files\Airtel
2008-03-31 22:56 . 2008-03-31 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-03-31 09:16 . 2008-03-31 09:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-03-29 23:56 . 2008-03-29 23:56 <DIR> d-------- C:\Program Files\uTorrent
2008-03-29 23:56 . 2008-03-29 23:56 <DIR> d-------- C:\Documents and Settings\jnana\Application Data\uTorrent
2008-03-28 20:20 . 2008-03-28 20:55 288 --a------ C:\WINDOWS\packegtag.reg
2008-03-23 22:48 . 2008-03-23 22:48 <DIR> d-------- C:\Documents and Settings\jnana\Application Data\WordWeb
2008-03-23 18:57 . 2008-03-23 18:57 <DIR> d-------- C:\Program Files\WordWeb
2008-03-23 18:57 . 2007-12-01 18:01 1,049,720 --a------ C:\WINDOWS\wweb32.dll
2008-03-23 14:33 . 2008-03-23 14:48 3,902,784 --a------ C:\Documents and Settings\jnana\gosetup.exe
2008-03-22 19:41 . 2008-03-22 19:41 <DIR> d-------- C:\WINDOWS\speech
2008-03-22 19:41 . 2008-03-22 19:41 <DIR> d-------- C:\Program Files\A1 SpeechTRON
2008-03-22 19:41 . 2001-11-06 07:57 233,472 --a------ C:\WINDOWS\system32\SmartMenuXP.ocx
2008-03-22 19:41 . 2000-05-22 00:00 203,976 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-03-22 19:41 . 2000-05-22 00:00 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-03-22 19:41 . 2001-10-13 23:48 28,672 --a------ C:\WINDOWS\system32\SmartMenuXP.dll
2008-03-16 17:14 . 2008-03-16 17:14 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-03-16 17:14 . 2008-03-16 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-03-16 17:14 . 2008-03-16 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 12:54 90,112 ----a-w C:\WINDOWS\DUMP39ec.tmp
2008-03-07 17:49 --------- d-----w C:\Program Files\Total Video Converter
2008-03-07 17:41 --------- d-----w C:\Program Files\All Video Splitter
2008-02-24 04:45 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-02-24 04:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-02-23 16:09 --------- d-----w C:\Documents and Settings\jnana\Application Data\Sony Ericsson
2008-02-20 05:41 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-02-20 05:32 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-02-20 05:31 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-02-04 07:54 356,352 ----a-w C:\WINDOWS\system32\AegisI5Installer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-16 18:32 68856]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-02-06 19:34 2577840]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-12-17 17:13 3810544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 09:43 114688]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 14:02 16132608 C:\WINDOWS\RTHDCPL.EXE]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 17:21 53248]
"BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-04 01:07 33280 C:\WINDOWS\system32\rundll32.exe]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-05-23 01:03 834320]
"nxpclient"="C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe" [2007-12-06 11:45 202016]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-12 09:26 185896]

C:\Documents and Settings\jnana\Start Menu\Programs\Startup\
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [2008-03-23 18:57:06 44384]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-05-04 06:02 961024 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 02:52 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMyPC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2008-02-06 19:34 2577840 C:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2006-10-06 09:41 98304 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-04-17 12:41 196608 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-04-13 06:07 69632 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 2006-10-06 09:40 94208 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 03:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-12-16 18:32 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-05-09 10:08 860160 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-12-17 17:13 3810544 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2007-04-03 10:04]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2007-04-02 16:11]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R2 LogWatch;Event Log Watch;"C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2002-09-20 21:59]
R2 sprtsvc_nxpclient;SupportSoft Sprocket Service (nxpclient);C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe [2007-12-06 11:45]
R2 XAudio;XAudio;C:\WINDOWS\system32\DRIVERS\xaudio.sys [2006-11-28 14:14]
S3 CA_LIC_CLNT;CA License Client;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe" [2002-09-20 21:57]
S3 CA_LIC_SRVR;CA License Server;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" [2002-09-20 22:11]
S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 13:53]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 12:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 12:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 12:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 12:43]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 12:43]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 12:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 12:43]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist;C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [2007-12-06 11:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{489f071a-afe1-11dc-bc6c-9ed3df7b4d8a}]
\Shell\AutoRun\command - a.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-31 19:17:56 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job"
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 14:42:26
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\PROGRAM FILES\O2MICRO OZ128 DRIVER\O2FLASH.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\WINDOWS\SYSTEM32\UASERVICE.EXE
C:\PROGRAM FILES\LAUNCH MANAGER\LMANAGER.EXE
C:\WINDOWS\SYSTEM32\IGFXEXT.EXE
C:\WINDOWS\SYSTEM32\IGFXSRVC.EXE
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
C:\DOCUME~1\jnana\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-04-12 14:43:24 - machine was rebooted [jnana]
ComboFix-quarantined-files.txt 2008-04-12 09:13:20
Pre-Run: 6,300,483,584 bytes free
Post-Run: 6,313,984,000 bytes free

[sage5]

Hi Serialk,


I see you have LimeWire, uTorrent & Ares installed on your system.
While these programs themselves are legal, most of the files downloaded with them, are not.
These programs can also be some of the major infection routes for an otherwise secure PC, because you might be unknowingly downloading infected files.
I highly recommend uninstalling LimeWire, uTorrent & Ares as outlined below.


Remove folders & files:

• Please go to Start > Control Panel > Add/Remove Programs and remove the following, (if present):
  LimeWire
  uTorrent
  Ares
  Computer Associates ---> This one appears to be left over from a previous install
  
  Please take note of any other programs that you don't recognise in that list, and include them in your next response
• Using Windows Explorer, (to get there right-click your Start button and go to "Explore"), delete these folders, (if present):
  C:\Program Files\Ares
  C:\Program Files\LimeWire
  C:\Program Files\uTorrent
  C:\Program Files\CA
  C:\Documents and Settings\jnana\Application Data\LimeWire
  C:\Documents and Settings\jnana\Application Data\uTorrent

You don't appear to be running a 3rd party firewall. These are essential to protect from trojans, viruses, spyware etc.

You should check out:- Comodo Firewall Pro or Sunbelt Personal Firewall

User manuals are available for both:
Comodo's manual is built in and accessable from the Help Menu.

Sunbelt Manual Here

Both are simple to install & free to use.
Please install only 1

I need you to post me a fresh HijackThis log to confirm correct installation of the Firewall.

Cheers,

sage5

[Serialk]

hi sage5,

i installed comodo firewall.can u suggest any other firewall which doesn't have pop ups coming
up all the time???i am posting the latest hijackthis log below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:16 PM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\jnana\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\uTorrent\uTorrent.exe
D:\soft\Antispywares n antiviriuses\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [nxpclient] "C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe" /P nxpclient
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activatemydsl...ads/tgctlcm.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1197661400484
O17 - HKLM\System\CCS\Services\Tcpip\..\{69778219-B199-4570-93B5-643B55345A1D}: NameServer = 59.144.127.16,59.144.127.17
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (nxpclient) (sprtsvc_nxpclient) - SupportSoft, Inc. - C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe

--
End of file - 9183 bytes

[sage5]

Hi Serialk,

Comodo, like all firewalls, produces a lot of popup windows while it "learns" what to allow & disallow.
The Defense+ module seems to be the culprit for most of the popups in Comodo.
I have found that I don't need the Defense+ module because I use an anti-malware scanner.
To disable it, right click on the tray icon and set the Defense+ security level to Disabled.


Please use the Ctrl+Alt+Del keys to bring up the Task Manager
Under the Processes tab scroll down to RtkBtMnt.exe
Click End Task.

Now navigate to C:\Documents and Settings1\jnana\Local Settings\Temp folder.
Delete RtkBtMnt.exe


Create an Uninstall list:

• Open HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save list.

This generates uninstall_list.txt in the same folder as HijackThis. I will need you to paste the text from this file, into your next post.


Please go HERE to run Panda's TotalScan

• Select the bubble for Full scan
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• Then the scan will begin
• When the scan completes, click the Save button on the right of Scan details
• Save it to C:\active_scan.txt
• Post the contents of the TotalScan report

Cheers,

sage5

[Serialk]

hi again

there is a folder named qoobox in my C drive.i think it was created after running combofix.should
i delete this folder??i am posting the activescan log and the uninstall list below.

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-13 17:16:38
PROTECTIONS: 1
MALWARE: 35
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
ESET NOD32 Antivirus 3.0 3.0 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139060 Cookie/Casalemedia TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Cookies\jnana@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Cookies\jnana@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Cookies\jnana@atdmt[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.mediaplex.com/]
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.ccbill.com/]
00167642 Cookie/Com.com TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.com.com/]
00167691 Cookie/ademails TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Cookies\[email protected][1].txt
00167749 Cookie/Toplist TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.toplist.cz/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.toplist.cz/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Cookies\jnana@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Cookies\jnana@statcounter[2].txt
00167760 Cookie/Hitslink TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][counter.hitslink.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.bs.serving-sys.com/]
00168109 Cookie/Adtech TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Cookies\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Cookies\jnana@advertising[1].txt
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.sextracker.com/]
00169286 Cookie/Sextracker TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.sextracker.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[statse.webtrendslive.com/]
00170554 Cookie/Overture TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Cookies\jnana@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.zedo.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.adrevolver.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Cookies\jnana@adultfriendfinder[2].txt
00194327 Cookie/Go TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\JNANA\Application Data\Mozilla\Firefox\Profiles\27g10l9y.default\COOKIES.TXT[.go.com/]
00262020 Cookie/Atwola TrackingCookie No 0 No No C:\Documents and Settings\JNANA\Local Settings\Application Data\SupportSoft\nxpclient\JNANA\STATE\BACKUP\CO\COOKIES.TXT\60607_5e95a297e_[cookies.txt][.atwola.com/]
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\System Volume Information\_restore{9170D127-89D6-40C6-AF62-9F8517A4FC52}\RP116\A0059109.EXE[327882R2FWJFW\nircmd.cfexe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{9170D127-89D6-40C6-AF62-9F8517A4FC52}\RP116\A0058619.EXE
01650305 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{9170D127-89D6-40C6-AF62-9F8517A4FC52}\RP72\A0039362.DLL
01650305 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{9170D127-89D6-40C6-AF62-9F8517A4FC52}\RP72\A0038952.DLL
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{9170D127-89D6-40C6-AF62-9F8517A4FC52}\RP116\A0058613.SYS
02909132 Trj/Downloader.TDE Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{9170D127-89D6-40C6-AF62-9F8517A4FC52}\RP112\A0058407.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location (
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description (
;===============================================================================
=================================================================================
===================
184380 MEDIUM MS08-002 (
184379 MEDIUM MS08-001 (
182048 HIGH MS07-069 (
182046 HIGH MS07-067 (
182043 HIGH MS07-064 (
179553 HIGH MS07-061 (
176382 HIGH MS07-057 (
176383 HIGH MS07-058 (
170911 HIGH MS07-050 (
170907 HIGH MS07-046 (
170906 HIGH MS07-045 (
170904 HIGH MS07-043 (
164915 HIGH MS07-035 (
164913 HIGH MS07-033 (
164911 HIGH MS07-031 (
160623 HIGH MS07-027 (
157262 HIGH MS07-022 (
157261 HIGH MS07-021 (
157260 HIGH MS07-020 (
157259 HIGH MS07-019 (
156477 HIGH MS07-017 (
150253 HIGH MS07-016 (
150249 HIGH MS07-013 (
150248 HIGH MS07-012 (
150247 HIGH MS07-011 (
150243 HIGH MS07-008 (
150242 HIGH MS07-007 (
150241 MEDIUM MS07-006 (
141034 HIGH MS06-076 (
141033 MEDIUM MS06-075 (
141030 HIGH MS06-072 (
137571 HIGH MS06-070 (
137568 HIGH MS06-067 (
133387 MEDIUM MS06-065 (
133386 MEDIUM MS06-064 (
133385 MEDIUM MS06-063 (
133379 HIGH MS06-057 (
131654 HIGH MS06-055 (
129977 MEDIUM MS06-053 (
129976 MEDIUM MS06-052 (
126093 HIGH MS06-051 (
126092 MEDIUM MS06-050 (
126087 HIGH MS06-046 (
126086 MEDIUM MS06-045 (
126083 HIGH MS06-042 (
126082 HIGH MS06-041 (
126081 HIGH MS06-040 (
123421 HIGH MS06-036 (
123420 HIGH MS06-035 (
120825 MEDIUM MS06-032 (
120823 MEDIUM MS06-030 (
120818 HIGH MS06-025 (
120815 HIGH MS06-022 (
120814 HIGH MS06-021 (
117384 MEDIUM MS06-018 (
114666 HIGH MS06-015 (
114664 HIGH MS06-013 (
108744 MEDIUM MS06-008 (
108743 MEDIUM MS06-00

Edited by Serialk, 13 April 2008 - 07:11 AM.

[sage5]

I didn't get the unnstall list, can you send it to me please?

[Serialk]

hi

here is the uninstall_list.


A1 SpeechTRON
Acer ScreenSaver
Adobe Acrobat 8 Standard
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Airtel NetXpert 2.0
All Video Splitter 2.3
Ares 2.0.9
Broadcom Driver v4.102.15.64_Foxconn Installation Program
Broadcom Gigabit Integrated Controller
CA Advantage CA-Realia II Workbench
CA Advantage CA-Realia II Workbench
CCleaner (remove only)
COMODO Firewall Pro
DFX 8 for Windows Media Player
ESET NOD32 Antivirus
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB888111
Intel® Graphics Media Accelerator Driver
Internet Download Manager
IsoBuster 2.3
J2SE Development Kit 5.0
Java™ 6 Update 4
K-Lite Codec Pack 3.5.7 Full
Launch Manager
Marsu-Fix
Microsoft .NET Framework 2.0
Microsoft Office Professional Edition 2003
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.13)
Nero 7 Demo
NOD32 FiX
Nokia Connectivity Cable Driver
O2Micro Flash Memory Card Reader Driver Installer(x86)
PC Connectivity Solution
QUICKfind
RealPlayer
Realtek High Definition Audio Driver
Registry Mechanic 7.0
RM Converter 4.12
save2pc Light 3.21
Sony Ericsson PC Suite 1.20.173
Synaptics Pointing Device Driver
Total Video Converter 3.02
Update for Windows XP (KB894391)
VideoLAN VLC media player 0.8.6d
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows Vista Upgrade Advisor
WinRAR archiver
WordWeb
Yahoo! Messenger
YouTube Downloader 3000 ver. 1.0.2.0

[sage5]

Hi Serialk

Congratulations, your new log looks clear, so we can now deal with some final clean up jobs.

The remainder of those files listed in the last scan are either cookies, or in the System Restore folders.

However the following from the Active3Scan log show that you have a lot of Windows vulnerabilities due to missing seurity updates:

170904 HIGH MS07-043 (
164915 HIGH MS07-035 (
164913 HIGH MS07-033 (
164911 HIGH MS07-031 (

I am not sure why you wouldn't have all those Security Updates in place, but I suggest that you to do that as a matter of urgency. (see note "Other Updates" below.

Clean out cookies, temp files etc:
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.
  
  If you use Firefox browser
  
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
• Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.


Time for some housekeeping:

• Follow these steps to uninstall Combofix and tools used in the removal of malware
  
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    
  
  
  To Clear Restore points, please do the following:
  • Go to Start > Settings > Control Panel.
  • Double-click the System icon.
    [list]NOTE: If the System icon is not visible, click "View all Control Panel options" to display it.
• Click the System Restore tab.
• Put a check by Disable System Restore.
• Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.

After reboot, you must turn System Restore back on:

• Go back to the Troubleshooting tab.
• UNcheck Disable System Restore.
• Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.

Lastly, some extra or better security for your PC:

The programs recommended below are freeware alternatives to some of your security software & might reduce the potential for spyware infection in the future:-

Spyware Prevention:
Spyware Blaster by JavaCool Software, prevents spyware installing and consumes no system resources.
IE/SpyAd, stops suspect sites loading ActiveX, popups etc onto your PC. An excellent tutorial is Here

Spyware Detection:
AVG Anti-Spyware is my favourite here.

Anti-Virus:
The first line of defence, especially since some will now detect trojans as well.
Avira's Antivir PersonalEdition Classic and Grisoft's Avast! Free Edition are among the best freebies.
*Please note* You should never install more than one anti-virus program on a PC, as it will cause conflicts.

Firewall:
A Firewall is an essential tool in the security of any PC connected to the Internet.
Sunbelt Personal Firewall and Comodo are both excellent freeware.

Alternate Browsers:
Thankfully, there are now some excellent alternatives to MS Internet Explorer. They offer better security, more stability, and better speed.
A couple of good examples are: Firefox and Opera

Other Updates:
Vital security patches and updates are available for Microsoft Windows and Internet Explorer at the Windows Update Site
It is equally important to update the other security software you use, on a regular basis.

Further reading about these issues is available in a very good article: How did I get infected in the first place ? (by Tony Klein and dvk01)

All the best & safe surfing in the future,

sage5

[Serialk]

hi sage

thanks for the all the important info.actually i did remove the combofix by pressing the shift+del keys.
i dunno why i did that but i removed that icon from my desktop.what do i do now??i dont think it was
uninstalled properly...

[sage5]

It doesn't really install as such, so I would just d'load a new copy to the desktop & use the "Time for some housekeeping" instructions above.
It would be quicker to do that than try to track down all the files to delete.

[Serialk]

thanks i will follow that process too.btw i think the installation of comodo firewall
has affected the downloading speed. i already have nod 32 anti virus installed in my laptop.
i am afraid that by installing another anti-spyware it will slow down the system.

[sage5]

If you have suffered a reduction in download speed since the installation of a firewall, there is a setting wrong somewhere, which you should be able to correct with the help of the manual, (see Help menu).

There should be no problem adding an anti-spyware application to a system containing an existing anti-virus setup.
2x antivirus = trouble.
Same goes for 2x anti-spyware with Real time protection enabled.

#1 thing to do with that PC is install all those Windows Updates to get the vulnerabilities patched.

Cheers,

sage5

Edited by sage5, 15 April 2008 - 12:39 AM.

[sage5]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.