when i click yes/no any thing the webpage www.free-virsscan.com is open
and it scan my system and ask me download one file
here i scan with hijackthis tool and attach it to this. plz solve this issue
StartupList report, 7/1/2008, 10:41:01 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows 2000 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\TeamViewer3\TeamViewer_Host.exe
E:\installHere\VNC4\WinVNC4.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
E:\installHere\Acrobat\Acrotray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINNT\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Synchronization Manager = mobsync.exe /logon
HotKeysCmds = C:\WINNT\system32\hkcmd.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Acrobat Assistant 8.0 = "E:\installHere\Acrobat\Acrotray.exe"
(Default) =
LogMeIn GUI = "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
Google Desktop Search = "C:\Program Files\Google\Google Desktop
Search\GoogleDesktop.exe" /startup
SoundMan = SOUNDMAN.EXE
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
McAfeeUpdaterUI = "C:\Program Files\McAfee\Common
Framework\UdaterUI.exe" /StartedFromRunKey
SpyHunter Security Suite = C:\Program Files\Enigma Software
Group\SpyHunter\SpyHunter3.exe
--------------------------------------------------
Load/Run keys from C:\WINNT\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not
found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not
found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not
found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not
found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not
found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows:
AppInit_DLLs=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
--------------------------------------------------
Shell & screensaver key from C:\WINNT\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=(NONE)
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - E:\installHere\Acrobat\AcroIEFavClient.dll -
{AE7CD045-E861-484f-8273-0445EE161910}
(no name) - C:\WINNT\system32\xmlview.dll -
{B1892F58-1116-4DEC-92AA-577872EC3D3D}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Disk Cleanup.job
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave ActiveX Control]
InProcServer32 = C:\WINNT\system32\Adobe\Director\SwDir.dll
CODEBASE =
http://download.macr...director/sw.cab
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINNT\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204
[{33564D57-9980-0010-8000-00AA00389B71}]
CODEBASE =
http://download.micr...94F-4334-8B55-A
F2E4D98ED0C/wmv9dmo.cab
[PCareImage Control]
InProcServer32 = C:\WINNT\DOWNLO~1\PCAREI~1.OCX
CODEBASE =
http://primecare.hca.../PCareImage.cab
[FileUpload Control]
InProcServer32 = C:\WINNT\DOWNLO~1\FILEUP~1.OCX
CODEBASE =
http://primecare.hca.../FileUpload.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash9e.ocx
CODEBASE =
http://download.macr...ash/swflash.cab
[Performance Viewer Activex Control]
InProcServer32 = C:\WINNT\Downloaded Program Files\RACtrl.dll
CODEBASE = https://secure.logme...ivex/RACtrl.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\system32\webcheck.dll
SysTray: stobject.dll
--------------------------------------------------
End of report, 7,258 bytes
Report generated in 0.188 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only