eeekkkk!!!! help me, trojan/virus

bigpun07931 · 11-16-2008, 11:27 AM

hey there, i've been having a problem in the last week and a half with google, where i search something, and 7/8 out of 10 times the first time i click on a link i see that it is redirecting me, the website changes to copy-book and then a random page comes up. this became annoying so i ran adaware first, but when it came to updating it it says please check your internet connection, and i know i am perfectly connected to the internet no problems. then i check avg, came up with virus/worm in the form of autorun.inf, but this was on my laptop c drive, and my external drive, e. this is quite worrying to me as i connect various things to my laptop like my ipod and i ont want viruses being transferred to them as i use these on other computers and i dont want them to be infected. i also ran search and destroy, and it came up that i have a zlob.dnschager? i think and one or two other zlob files, deleted them but everytime i use search ad destroy they keep showing up. Please help meee!!!

heres my gmre.txt and dds and attach if you need them.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-16 19:07:19
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT sppn.sys ZwCreateKey [0xF84140E0]
SSDT sppn.sys ZwEnumerateKey [0xF8432CA2]
SSDT sppn.sys ZwEnumerateValueKey [0xF8433030]
SSDT sppn.sys ZwOpenKey [0xF84140C0]
SSDT sppn.sys ZwQueryKey [0xF8433108]
SSDT sppn.sys ZwQueryValueKey [0xF8432F88]
SSDT sppn.sys ZwSetValueKey [0xF843319A]

INT 0x3B ? 820A9BF8
INT 0x3B ? 820A9BF8
INT 0x3B ? 820A9BF8
INT 0x3B ? 820A9BF8
INT 0x3E ? 823DFBF8
INT 0x3F ? 823DFBF8

---- Kernel code sections - GMER 1.0.14 ----

? sppn.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F7A618AC 5 Bytes JMP 820A91D8
.text ab9mmszh.SYS F7940386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]
.text ab9mmszh.SYS F79403AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ab9mmszh.SYS F79403C4 3 Bytes [ 00, 70, 02 ]
.text ab9mmszh.SYS F79403C9 1 Byte [ 2E ]
.text ab9mmszh.SYS F79403CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ]
.text ...

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 823722D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8445C4C] sppn.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8445CA0] sppn.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8415040] sppn.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F841513C] sppn.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84150BE] sppn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F84157FC] sppn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84156D2] sppn.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 820A92D8
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8425048] sppn.sys
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!RtlInitUnicodeString] F44D8B48
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!swprintf] C1815753
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!KeSetEvent] 00002590
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 467C8D51
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 76F6E84A
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] D88BFFFF
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8504C483
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 5F0A75DB
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 5B08438D
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!MmUnmapIoSpace] 5DE58B5E
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 259068C3
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IofCompleteRequest] 006A0000
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 88F0E853
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IofCallDriver] 558DFFFF
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 90838DF8
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 52000025
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoConnectInterrupt] 03895750
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoDetachDevice] FFF363E8
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!KeWaitForSingleObject] 0C458AFF
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!KeInitializeEvent] 8B104D8B
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!KeCancelTimer] 43881855
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 1C458B08
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!RtlInitAnsiString] 0F544389
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 89FF45B6
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoQueueWorkItem] 4D8B0C4B
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!MmMapIoSpace] 50538920
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 8924558B
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoReportDetectedDevice] 5389584B
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0A43885C
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0646B60F
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!NlsMbCodePageTag] A818C483
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8D7F743F
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001A8C8B
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] E0835100
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!sprintf] 7E8D503F
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] B9E85728
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!ObfDereferenceObject] 0F0000D1
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 8D0646B6
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001B8093
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!ZwClose] E0835200
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E857503F
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 0000EBB4
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 026B938D
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!PoStartNextPowerIrp] C6830000
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoCreateDevice] 0008B908
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!RtlCopyUnicodeString] FA8B0000
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 758BA5F3
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 064E8A08
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!ZwOpenKey] 883FE180
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 0002688B
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoStartTimer] 06468A00
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!KeInitializeTimer] 8306E8C0
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoInitializeTimer] 023C18C4
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!KeInitializeDpc] 02698388
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!KeInitializeSpinLock] 19750000
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoInitializeIrp] 028C838D
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!ZwCreateKey] 52500000
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 00C143E8
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 08C48300
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!ZwSetValueKey] 0575C085
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!KeInsertQueueDpc] EB08708D
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 074E8A54
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoStartPacket] 026A8B88
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 83660000
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 7601487E
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoFreeMdl] 4AC68305
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!MmUnlockPages] F63302EB
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5614558B
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 75E85352
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 8BFFFFF4
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 0CC483F0
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!KeSynchronizeExecution] 2075F685
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoStartNextPacket] 050C7D80
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!KeBugCheckEx] 0092850F
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 458B0000
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!KeSetTimer] E85350F8
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!_allmul] FFFFF848
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!MmProbeAndLockPages] 8408C483
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!_except_handler3] BE7875C0
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!PoSetPowerState] 00000008
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] F346E853
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!RtlWriteRegistryValue] C483FFFF
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00F46804
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!_aulldiv] 838D0000
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!strstr] 00001A8C
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!_strupr] E850006A
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!KeQuerySystemTime] FFFF87CA
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 0000F468
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!KeTickCount] 808B8D00
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 6A00001B
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoDeleteDevice] B7E85100
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 33FFFF87
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoAllocateWorkItem] 6B8389C0
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoAllocateIrp] 89000002
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoAllocateMdl] 00026F83
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 73838900
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!MmLockPagableDataSection] 89000002
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 00027783
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 7B838900
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!ExFreePoolWithTag] 89000002
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoFreeIrp] 00027F83
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!IoFreeWorkItem] 83838900
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!InitSafeBootMode] 53000002
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!RtlCompareMemory] 02878389
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!PoCallDriver] 7FE80000
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!memmove] 83FFFF68
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[ntoskrnl.exe!MmHighestUserAddress] 8B5F1CC4
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[HAL.dll!KfRaiseIrql] 8B000000
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[HAL.dll!KfLowerIrql] 56C35DE5
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
IAT \SystemRoot\System32\Drivers\ab9mmszh.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 823DE1F8
Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBPDO-0 820A81F8
Device \Driver\PCI_PNP7312 \Device\00000045 sppn.sys
Device \Driver\usbuhci \Device\USBPDO-1 820A81F8
Device \Driver\sptd \Device\3920109040 sppn.sys
Device \Driver\usbuhci \Device\USBPDO-2 820A81F8
Device \Driver\usbehci \Device\USBPDO-3 820861F8
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Ftdisk \Device\HarddiskVolume1 823701F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 823701F8
Device \Driver\Cdrom \Device\CdRom0 820741F8
Device \Driver\Cdrom \Device\CdRom1 820741F8
Device \Driver\USBSTOR \Device\00000080 8210C1F8
Device \Driver\USBSTOR \Device\00000081 8210C1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export FF9C41F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{18D4B2FD-D8A7-44F6-8803-B50E0AB0D0B8} FF9C41F8
Device \Driver\NetBT \Device\NetbiosSmb FF9C41F8
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-0 820A81F8
Device \Driver\usbuhci \Device\USBFDO-1 820A81F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver FF8A41F8
Device \Driver\usbuhci \Device\USBFDO-2 820A81F8
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \FileSystem\MRxSmb \Device\LanmanRedirector FF8A41F8
Device \Driver\usbehci \Device\USBFDO-3 820861F8
Device \Driver\Ftdisk \Device\FtControl 823701F8
Device \Driver\ab9mmszh \Device\Scsi\ab9mmszh1 8205E1F8
Device \Driver\ab9mmszh \Device\Scsi\ab9mmszh1Port2Path0Target0Lun0 8205E1F8
Device \FileSystem\Cdfs \Cdfs 821581F8
---- Processes - GMER 1.0.14 ----

Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1680] 0x00D30000

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x44 0x87 0x43 0x65 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5A 0x1D 0x09 0x29 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x46 0xF2 0x21 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x44 0x87 0x43 0x65 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5A 0x1D 0x09 0x29 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x46 0xF2 0x21 0x71 ...

---- EOF - GMER 1.0.14 ----

DDS (Version 1.0) - NTFSx86
Run by ashok at 19:07:33.52 on Sun 11/16/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.219 [GMT 0:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\NETGEAR\WG511v2\WG511v2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\ashok\Desktop\dds.scr

============== Psuedo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: System=kdkqi.exe
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {AA102584-3B97-47e7-B9BC-75D54C110A7D} - c:\program files\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [c:\documents and settings\ashok\local settings\temporary internet files\content.ie5\jxf3ezx5\tunebite[1].exe] c:\documents and settings\ashok\local settings\temporary internet files\content.ie5\jxf3ezx5\tunebite[1].exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [c:\windows\system32\kdpua.exe] c:\windows\system32\kdpua.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NavRegReminder] "c:\windows\temp\navbrowser.exe" /r /i "c:\windows\temp\NavLoad.ini"
mRun: [c:\windows\system32\kdkqi.exe] c:\windows\system32\kdkqi.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Spybot - Search & Destroy] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
StartupFolder: c:\docume~1\ashok\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg511v2\WG511v2.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {18D4B2FD-D8A7-44F6-8803-B50E0AB0D0B8} = 85.255.112.237;85.255.112.123
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys

=============== Created Last 30 ================

2008-11-16 18:53 250 a------- c:\windows\gmer.ini
2008-11-16 18:20 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-16 18:20 73,728 a------- c:\windows\system32\javacpl.cpl
2008-11-16 17:19 103 ---shr-- C:\autorun.inf
2008-11-16 16:13 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-16 16:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-11-15 19:49 27,904 a------- c:\windows\system32\drivers\ndisprot.sys
2008-11-08 00:04 348,160 a------- c:\windows\system32\msvcr71.dll
2008-11-07 23:59 <DIR> --d----- c:\docume~1\ashok\applic~1\MPEG Streamclip
2008-11-07 21:33 <DIR> --d----- c:\docume~1\ashok\applic~1\WinFF
2008-11-07 16:35 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-11-07 16:35 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-07 16:35 <DIR> --d----- c:\program files\iPod
2008-11-07 16:34 <DIR> --d----- c:\program files\iTunes
2008-11-07 16:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-07 16:15 <DIR> --d----- c:\windows\system32\appmgmt
2008-11-03 02:46 5,632 a------- c:\windows\system32\ptpusb.dll
2008-11-03 02:46 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2008-11-03 02:46 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-11-03 02:46 159,232 a------- c:\windows\system32\ptpusd.dll
2008-10-27 21:50 <DIR> --dshr-- C:\resycled
2008-10-24 19:49 <DIR> --d----- c:\program files\Bonjour
2008-10-24 19:47 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2008-10-24 13:00 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2008-10-21 17:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RapidSolution
2008-10-21 17:52 2,723,264 a------- c:\documents and settings\all users\vcredist_x86.exe
2008-10-17 21:19 <DIR> --d----- c:\program files\common files\Windows Live

==================== Find3M ====================

2008-11-16 19:03 <DIR> --d----- c:\docume~1\ashok\applic~1\DNA
2008-11-16 18:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WinZip
2008-11-16 18:03 <DIR> --d----- c:\program files\DNA
2008-11-16 14:45 <DIR> --d----- c:\docume~1\ashok\applic~1\LimeWire
2008-11-14 00:47 <DIR> --d----- c:\docume~1\ashok\applic~1\BitTorrent
2008-09-28 18:37 <DIR> --d----- c:\program files\EPSON
2008-09-28 18:35 <DIR> --d----- c:\program files\NewSoft
2008-09-28 18:29 <DIR> --d----- c:\docume~1\ashok\applic~1\ABBYY
2008-09-28 18:28 <DIR> --d----- c:\program files\ABBYY
2008-09-28 18:25 <DIR> --d----- c:\program files\Smart Panel
2008-09-28 18:25 <DIR> --d----- c:\program files\common files\Python
2008-09-28 17:06 <DIR> --d----- c:\docume~1\ashok\applic~1\AVGTOOLBAR
2008-09-27 22:35 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-09-27 22:34 <DIR> --d----- c:\program files\AVG
2008-09-27 22:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-09-27 22:07 <DIR> --d----- c:\program files\DAEMON Tools Lite
2008-09-27 22:04 <DIR> --d----- c:\docume~1\ashok\applic~1\DAEMON Tools
2008-09-24 21:21 <DIR> --d----- c:\program files\common files\xing shared
2008-09-24 21:21 <DIR> --d----- c:\program files\common files\Real
2008-09-24 21:21 <DIR> --d----- c:\program files\Real
2008-09-23 22:45 <DIR> --d----- c:\program files\LimeWire
2008-09-15 12:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-14 17:13 <DIR> --d----- c:\docume~1\ashok\applic~1\vlc
2008-09-13 13:35 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-09-12 22:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2008-09-12 21:00 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-08-29 09:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-08-29 08:53 61,440 a------- c:\windows\system32\dnssd.dll
2008-08-26 07:24 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 19:07:49.95 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/12/2008 10:10:13 PM
System Uptime: 11/16/2008 5:29:39 PM (2 hours ago)

Motherboard: Dell Computer Corporation | | 0P3490
Processor: Intel(R) Pentium(R) M processor 1700MHz | Microprocessor | 1694/133mhz
BIOS: Phoenix ROM BIOS PLUS Version 1.10 A14 | DELL - 27d5061e | A14 | 6/30/2005 1:00:00 AM

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 42.145 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 13.379 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&39A85202&0&00F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&39A85202&0&00F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Network Controller
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27228086&REV_05\4&39A85202&0&18F0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27228086&REV_05\4&39A85202&0&18F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_542214F1&REV_01\3&61AAA01&0&FE
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_542214F1&REV_01\3&61AAA01&0&FE
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
ABBYY FineReader 5.0 Sprint
ABBYY FineReader 6.0
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 9
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoUpdate
AVG Free 8.0
BitTorrent
Bonjour
Dell ResourceCD
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DNA
EPSON Copy Utility
EPSON Photo Print
EPSON Scan
EPSON Smart Panel
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iTunes
Java(TM) 6 Update 10
LimeWire PRO 4.16.2
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
NETGEAR WG511v2 wireless PC card
On2 VP7 Personal Edition
P1670 Reference Guide
Presto! BizCard 4.1 Eng
QuickTime
RealPlayer
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
SigmaTel AC97 Audio Drivers
Spybot - Search & Destroy
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb957258)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
VideoLAN VLC media player 0.8.6i
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages ===================

11/9/2008 4:15:08 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000E' while processing the file 'autorun.inf' on the volume 'HarddiskVolume4'. It has stopped monitoring the volume.
11/9/2008 4:36:01 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000E' while processing the file 'autorun.inf' on the volume 'HarddiskVolume8'. It has stopped monitoring the volume.
11/9/2008 5:08:34 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000E' while processing the file 'autorun.inf' on the volume 'HarddiskVolume13'. It has stopped monitoring the volume.
11/9/2008 6:31:47 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000E' while processing the file 'autorun.inf' on the volume 'HarddiskVolume25'. It has stopped monitoring the volume.
11/9/2008 6:37:08 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
11/9/2008 6:37:13 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000E' while processing the file 'autorun.inf' on the volume 'HarddiskVolume26'. It has stopped monitoring the volume.
11/9/2008 6:59:17 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000E' while processing the file 'autorun.inf' on the volume 'HarddiskVolume29'. It has stopped monitoring the volume.
11/9/2008 7:12:25 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000E' while processing the file 'autorun.inf' on the volume 'HarddiskVolume31'. It has stopped monitoring the volume.
11/9/2008 7:44:09 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
11/9/2008 8:50:42 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000E' while processing the file 'autorun.inf' on the volume 'HarddiskVolume42'. It has stopped monitoring the volume.
11/9/2008 9:19:11 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000E' while processing the file 'autorun.inf' on the volume 'HarddiskVolume45'. It has stopped monitoring the volume.
11/9/2008 9:32:15 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000E' while processing the file 'autorun.inf' on the volume 'HarddiskVolume47'. It has stopped monitoring the volume.
11/9/2008 9:57:31 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000E' while processing the file 'autorun.inf' on the volume 'HarddiskVolume50'. It has stopped monitoring the volume.
11/9/2008 10:11:57 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000E' while processing the file 'autorun.inf' on the volume 'HarddiskVolume52'. It has stopped monitoring the volume.
11/9/2008 10:25:13 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000E' while processing the file 'autorun.inf' on the volume 'HarddiskVolume54'. It has stopped monitoring the volume.
11/9/2008 11:40:59 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000E' while processing the file 'autorun.inf' on the volume 'HarddiskVolume62'. It has stopped monitoring the volume.
11/9/2008 12

01 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000E' while processing the file 'autorun.inf' on the volume 'HarddiskVolume65'. It has stopped monitoring the volume.
11/9/2008 12:27:18 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000E' while processing the file 'autorun.inf' on the volume 'HarddiskVolume68'. It has stopped monitoring the volume.
11/15/2008 9:47:10 PM, error: Dhcp [1002] - The IP address lease 192.168.0.6 for the Network Card with network address 00184DEFBBD5 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
11/16/2008 12:39:58 AM, error: Dhcp [1002] - The IP address lease 192.168.0.231 for the Network Card with network address 00184DEFBBD5 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
11/16/2008 2:28:09 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/16/2008 2:28:36 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/16/2008 2:28:41 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/16/2008 2:28:54 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/16/2008 2:29:02 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/16/2008 2:29:10 PM, error: System Error [1003] - Error code 000000c2, parameter1 00000007, parameter2 00000cd4, parameter3 f000ed94, parameter4 00000020.
11/16/2008 2:30:55 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/16/2008 2:45:56 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
11/16/2008 2:46:19 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

thank you for your time and help

bigpun07931 · 11-16-2008, 11:36 AM

i think i forgot to attach the files so here they are

tetonbob · 11-18-2008, 08:49 AM

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Double click on combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

Click on Yes, to continue scanning for malware.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.

---------------------------------------------------------------------------------------------

bigpun07931 · 11-19-2008, 05:12 AM

hi, thank you for your reply and your support
i followed your instructions and here is the log as requested

ComboFix 08-11-18.09 - ashok 2008-11-19 12:50:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.226 [GMT 0:00]
Running from: c:\documents and settings\ashok\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Autorun.inf
E:\resycled
e:\resycled\boot.com
.
---- Previous Run -------
.
C:\Autorun.inf
c:\docume~1\ashok\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\ashok\LOCALS~1\Temp\tmp2.tmp
C:\resycled
c:\resycled\boot.com
c:\windows\system32\kdkqi.exe
c:\windows\Temp\tmp3.tmp

.
((((((((((((((((((((((((( Files Created from 2008-10-19 to 2008-11-19 )))))))))))))))))))))))))))))))
.

2008-11-16 18:53 . 2008-11-16 19:02 250 --a------ c:\windows\gmer.ini
2008-11-16 18:20 . 2008-11-16 18:20 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-16 18:20 . 2008-11-16 18:20 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-16 16:13 . 2008-11-19 12:42 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-16 16:13 . 2008-11-19 12:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-16 14:18 . 2008-11-16 14:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-11-15 19:49 . 2008-11-15 19:49 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-11-08 00:04 . 2004-01-11 22:00 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-11-07 23:59 . 2008-11-07 23:59 <DIR> d-------- c:\documents and settings\ashok\Application Data\MPEG Streamclip
2008-11-07 21:33 . 2008-11-07 23:56 <DIR> d-------- c:\documents and settings\ashok\Application Data\WinFF
2008-11-07 16:35 . 2008-11-07 16:35 <DIR> d-------- c:\program files\iPod
2008-11-07 16:35 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-11-07 16:35 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-07 16:34 . 2008-11-07 16:35 <DIR> d-------- c:\program files\iTunes
2008-11-07 16:34 . 2008-11-07 16:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-03 02:46 . 2008-04-14 01:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-03 02:46 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-03 02:46 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-03 02:46 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-10-24 19:50 . 2008-11-07 17:51 <DIR> d-------- c:\documents and settings\ashok\Application Data\Apple Computer
2008-10-24 19:48 . 2008-10-24 19:49 <DIR> d-------- c:\program files\QuickTime
2008-10-24 19:48 . 2008-10-24 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-24 19:47 . 2008-11-07 16:35 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-10-24 19:47 . 2008-10-24 19:48 <DIR> d-------- c:\program files\Common Files\Apple
2008-10-24 19:47 . 2008-10-24 19:47 <DIR> d-------- c:\program files\Apple Software Update
2008-10-24 19:47 . 2008-10-24 19:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-10-24 19:47 . 2008-10-01 12:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-10-24 13:00 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-21 17:53 . 2008-10-21 17:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\RapidSolution
2008-10-21 17:52 . 2008-10-21 17:52 2,723,264 --a------ c:\documents and settings\All Users\vcredist_x86.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 12:50 --------- d-----w c:\documents and settings\ashok\Application Data\DNA
2008-11-19 12:43 --------- d-----w c:\documents and settings\ashok\Application Data\LimeWire
2008-11-19 12:40 --------- d-----w c:\program files\DNA
2008-11-19 12:16 --------- d-----w c:\documents and settings\ashok\Application Data\BitTorrent
2008-11-16 18:50 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-11-16 18:20 --------- d-----w c:\program files\Java
2008-10-24 18:07 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-17 21:19 --------- d-----w c:\program files\Common Files\Windows Live
2008-10-15 13:39 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-09-28 18:37 --------- d-----w c:\program files\EPSON
2008-09-28 18:35 --------- d-----w c:\program files\NewSoft
2008-09-28 18:29 39,936 ----a-w c:\windows\system32\drivers\CDAC11BA.EXE
2008-09-28 18:29 --------- d-----w c:\documents and settings\ashok\Application Data\ABBYY
2008-09-28 18:28 --------- d-----w c:\program files\ABBYY
2008-09-28 18:27 --------- d-----w c:\program files\ArcSoft
2008-09-28 18:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-28 18:25 --------- d-----w c:\program files\Smart Panel
2008-09-28 18:25 --------- d-----w c:\program files\Common Files\Python
2008-09-28 17:06 --------- d-----w c:\documents and settings\ashok\Application Data\AVGTOOLBAR
2008-09-28 16:49 --------- d-----w c:\program files\MSBuild
2008-09-28 16:49 --------- d-----w c:\program files\Microsoft Works
2008-09-27 22:35 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-09-27 22:35 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-09-27 22:34 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-09-27 22:34 --------- d-----w c:\program files\AVG
2008-09-27 22:34 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-09-27 22:07 --------- d-----w c:\program files\DAEMON Tools Lite
2008-09-27 22:04 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-09-27 22:04 --------- d-----w c:\documents and settings\ashok\Application Data\DAEMON Tools
2008-09-25 11:33 43,552 ----a-w c:\windows\system32\drivers\tbhsd.sys
2008-09-24 21:21 --------- d-----w c:\program files\Real
2008-09-24 21:21 --------- d-----w c:\program files\Common Files\xing shared
2008-09-24 21:21 --------- d-----w c:\program files\Common Files\Real
2008-09-23 22:45 --------- d-----w c:\program files\LimeWire
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2007-05-24 13:58 249,856 ----a-w c:\windows\inf\WG511v2\InsDrv2k.exe
2006-12-04 10:38 53,248 ----a-w c:\windows\inf\WG511v2\snetcfg .exe
2006-12-04 10:38 265,984 ----a-w c:\windows\inf\WG511v2\WG511v2XP.sys
2006-12-04 10:38 249,856 ----a-w c:\windows\inf\WG511v2\InsDrvlh.exe
2006-12-04 10:38 212,992 ----a-w c:\windows\inf\WG511v2\CopyWHQLDriver.exe
2006-12-04 10:38 21,376 ----a-w c:\windows\inf\WG511v2\wlndis51.sys
.

Code:

<pre>
----a-w            53,248 2006-12-04 10:38:30  c:\windows\inf\WG511v2\snetcfg .exe
</pre>

((((((((((((((((((((((((((((( snapshot@2008-11-19_12.33.58.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-19 12:39:37 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA102584-3B97-47e7-B9BC-75D54C110A7D}]
c:\program files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-12 342336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"c:\documents and settings\ashok\Local Settings\Temporary Internet Files\Content.IE5\JXF3EZX5\tunebite[1].exe"="c:\documents and settings\ashok\Local Settings\Temporary Internet Files\Content.IE5\JXF3EZX5\tunebite[1].exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-24 185896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"c:\windows\system32\kdpua.exe"="c:\windows\system32\kdpua.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"c:\windows\system32\kdkqi.exe"="c:\windows\system32\kdkqi.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-16 136600]

c:\documents and settings\ashok\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-01-10 147456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG511v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG511v2\WG511v2.exe [2007-06-26 1499136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-27 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-27 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-27 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-09-27 76040]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-15 27904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c298d925-a9ba-11dd-bd29-00184defbbd5}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:
\Shell\Open\command - e:\resycled\boot.com e:
.
Contents of the 'Scheduled Tasks' folder

2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\ashok\Application Data\Mozilla\Firefox\Profiles\0nt4njxg.default\
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 12:52:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-19 12:54:12
ComboFix-quarantined-files.txt 2008-11-19 12:54:07

Pre-Run: 43,169,288,192 bytes free
Post-Run: 43,157,979,136 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

192 --- E O F --- 2008-10-24 18:00:52

tetonbob · 11-19-2008, 07:54 AM

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

File::
c:\windows\system32\drivers\Ndisprot.sys

Driver::
Ndisprot

RenV::
----a-w 53,248 2006-12-04 10:38:30 c:\windows\inf\WG511v2\snetcfg .exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\documents and settings\ashok\Local Settings\Temporary Internet Files\Content.IE5\JXF3EZX5\tunebite[1].exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\kdkqi.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c298d925-a9ba-11dd-bd29-00184defbbd5}]

Save this as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.

---------------------------------------------------------------------------------------------

bigpun07931 · 11-20-2008, 12:48 PM

hey there, done as you requested heres the log, thanks for your help so far

ComboFix 08-11-19.08 - ashok 2008-11-20 20:31:27.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.280 [GMT 0:00]
Running from: c:\documents and settings\ashok\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ashok\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\drivers\ndisprot.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ndisprot.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISPROT
-------\Service_Ndisprot

((((((((((((((((((((((((( Files Created from 2008-10-20 to 2008-11-20 )))))))))))))))))))))))))))))))
.

2008-11-20 09:39 . 2008-09-04 17:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-20 09:39 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-16 18:53 . 2008-11-16 19:02 250 --a------ c:\windows\gmer.ini
2008-11-16 18:20 . 2008-11-16 18:20 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-16 18:20 . 2008-11-16 18:20 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-16 16:13 . 2008-11-19 12:42 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-16 16:13 . 2008-11-19 12:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-16 14:18 . 2008-11-16 14:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-11-08 00:04 . 2004-01-11 22:00 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-11-07 23:59 . 2008-11-07 23:59 <DIR> d-------- c:\documents and settings\ashok\Application Data\MPEG Streamclip
2008-11-07 21:33 . 2008-11-07 23:56 <DIR> d-------- c:\documents and settings\ashok\Application Data\WinFF
2008-11-07 16:35 . 2008-11-07 16:35 <DIR> d-------- c:\program files\iPod
2008-11-07 16:35 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-11-07 16:35 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-07 16:34 . 2008-11-07 16:35 <DIR> d-------- c:\program files\iTunes
2008-11-07 16:34 . 2008-11-07 16:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-03 02:46 . 2008-04-14 01:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-03 02:46 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-03 02:46 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-03 02:46 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-10-24 19:50 . 2008-11-07 17:51 <DIR> d-------- c:\documents and settings\ashok\Application Data\Apple Computer
2008-10-24 19:48 . 2008-10-24 19:49 <DIR> d-------- c:\program files\QuickTime
2008-10-24 19:48 . 2008-10-24 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-24 19:47 . 2008-11-07 16:35 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-10-24 19:47 . 2008-10-24 19:48 <DIR> d-------- c:\program files\Common Files\Apple
2008-10-24 19:47 . 2008-10-24 19:47 <DIR> d-------- c:\program files\Apple Software Update
2008-10-24 19:47 . 2008-10-24 19:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-10-24 19:47 . 2008-10-01 12:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-10-24 13:00 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-21 17:53 . 2008-10-21 17:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\RapidSolution
2008-10-21 17:52 . 2008-10-21 17:52 2,723,264 --a------ c:\documents and settings\All Users\vcredist_x86.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 20:38 --------- d-----w c:\program files\DNA
2008-11-20 20:38 --------- d-----w c:\documents and settings\ashok\Application Data\DNA
2008-11-20 20:16 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-19 14:00 --------- d-----w c:\documents and settings\ashok\Application Data\BitTorrent
2008-11-19 13:04 --------- d-----w c:\documents and settings\ashok\Application Data\LimeWire
2008-11-16 18:50 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-11-16 18:20 --------- d-----w c:\program files\Java
2008-10-24 18:07 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-17 21:19 --------- d-----w c:\program files\Common Files\Windows Live
2008-09-28 18:37 --------- d-----w c:\program files\EPSON
2008-09-28 18:35 --------- d-----w c:\program files\NewSoft
2008-09-28 18:29 39,936 ----a-w c:\windows\system32\drivers\CDAC11BA.EXE
2008-09-28 18:29 --------- d-----w c:\documents and settings\ashok\Application Data\ABBYY
2008-09-28 18:28 --------- d-----w c:\program files\ABBYY
2008-09-28 18:27 --------- d-----w c:\program files\ArcSoft
2008-09-28 18:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-28 18:25 --------- d-----w c:\program files\Smart Panel
2008-09-28 18:25 --------- d-----w c:\program files\Common Files\Python
2008-09-28 17:06 --------- d-----w c:\documents and settings\ashok\Application Data\AVGTOOLBAR
2008-09-28 16:49 --------- d-----w c:\program files\MSBuild
2008-09-28 16:49 --------- d-----w c:\program files\Microsoft Works
2008-09-27 22:35 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-09-27 22:35 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-09-27 22:34 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-09-27 22:34 --------- d-----w c:\program files\AVG
2008-09-27 22:34 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-09-27 22:07 --------- d-----w c:\program files\DAEMON Tools Lite
2008-09-27 22:04 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-09-27 22:04 --------- d-----w c:\documents and settings\ashok\Application Data\DAEMON Tools
2008-09-25 11:33 43,552 ----a-w c:\windows\system32\drivers\tbhsd.sys
2008-09-24 21:21 --------- d-----w c:\program files\Real
2008-09-24 21:21 --------- d-----w c:\program files\Common Files\xing shared
2008-09-24 21:21 --------- d-----w c:\program files\Common Files\Real
2008-09-23 22:45 --------- d-----w c:\program files\LimeWire
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2007-05-24 13:58 249,856 ----a-w c:\windows\inf\WG511v2\InsDrv2k.exe
2006-12-04 10:38 53,248 ----a-w c:\windows\inf\WG511v2\snetcfg.exe
2006-12-04 10:38 265,984 ----a-w c:\windows\inf\WG511v2\WG511v2XP.sys
2006-12-04 10:38 249,856 ----a-w c:\windows\inf\WG511v2\InsDrvlh.exe
2006-12-04 10:38 212,992 ----a-w c:\windows\inf\WG511v2\CopyWHQLDriver.exe
2006-12-04 10:38 21,376 ----a-w c:\windows\inf\WG511v2\wlndis51.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-19_12.33.58.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2005-10-20 20:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2008-10-15 13:39:16 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-11-20 20:16:15 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-10-15 13:39:16 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-11-20 20:16:17 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-10-15 13:39:17 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-11-20 20:16:17 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-10-15 13:39:18 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-11-20 20:16:18 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-10-15 13:39:16 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-11-20 20:16:17 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
- 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-11-20 20:36:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_510.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA102584-3B97-47e7-B9BC-75D54C110A7D}]
c:\program files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-12 342336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-24 185896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-16 136600]

c:\documents and settings\ashok\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-01-10 147456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG511v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG511v2\WG511v2.exe [2007-06-26 1499136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-27 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-27 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-27 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-09-27 76040]
.
Contents of the 'Scheduled Tasks' folder

2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-c:\documents and settings\ashok\Local Settings\Temporary Internet Files\Content.IE5\JXF3EZX5\tunebite[1].exe - c:\documents and settings\ashok\Local Settings\Temporary Internet Files\Content.IE5\JXF3EZX5\tunebite[1].exe
HKLM-Run-c:\windows\system32\kdpua.exe - c:\windows\system32\kdpua.exe
HKLM-Run-c:\windows\system32\kdkqi.exe - c:\windows\system32\kdkqi.exe

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-20 20:36:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\iTunes\iTunes.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
.
**************************************************************************
.
Completion time: 2008-11-20 20:44:17 - machine was rebooted [ashok]
ComboFix-quarantined-files.txt 2008-11-20 20:43:30
ComboFix2.txt 2008-11-19 12:54:14

Pre-Run: 42,925,084,672 bytes free
Post-Run: 42,926,817,280 bytes free

205 --- E O F --- 2008-11-20 20:17:30

tetonbob · 11-20-2008, 01:38 PM

Looks better....next steps:

P2P - I see you have P2P software ( Limewire, BitTorrent, DNA ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Please see this topic for more information:

http://www.techsupportforum.com/secu...e-sharing.html

I would strongly recommend that you uninstall these. You can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

Please perform this online scan to help look for remnants

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
Once the update is complete, click on Settings. Uncheck Mail databases.
Next, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save Report As... button.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

---------------------------------------------------------------------------------------------

How is the machine behaving?

bigpun07931 · 11-21-2008, 08:40 AM

the machince seems to be a lot better, i have tried several times typing items into google and then clicking on the links without being redirected. thank you very very very much with your help so far, and here is the report as requested

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, November 21, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, November 20, 2008 21:08:41
Records in database: 1397772
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: no

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 46868
Threat name: 4
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 01:54:51

File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\autorun.inf.vir Infected: Worm.Win32.AutoRun.nuu 1
C:\Qoobox\Quarantine\C\DOCUME~1\ashok\LOCALS~1\Temp\tmp1.tmp.vir Infected: Trojan-Downloader.Win32.Agent.ahcg 1
C:\Qoobox\Quarantine\C\DOCUME~1\ashok\LOCALS~1\Temp\tmp2.tmp.vir Infected: Trojan-Downloader.Win32.Agent.ahcg 1
C:\Qoobox\Quarantine\E\autorun.inf.vir Infected: Worm.Win32.AutoRun.oni 1
E:\music albums\rolex sweep.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
E:\N360_BACKUP\Drive_C\Documents and Settings\punit khemani\My Documents\LimeWire\rolex sweep.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
E:\N360_BACKUP\Drive_C\Documents and Settings\punit khemani\My Documents\LimeWire\Saved\rolex sweep.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

The selected area was scanned.

tetonbob · 11-21-2008, 08:46 AM

Glad to hear it...just a couple more things to take care of...

These files are infected, and should be deleted. This should drive home even more the perils of using P2P software.

"E:\music albums\rolex sweep.mp3"
"E:\N360_BACKUP\Drive_C\Documents and Settings\punit khemani\My Documents\LimeWire\rolex sweep.mp3"
"E:\N360_BACKUP\Drive_C\Documents and Settings\punit khemani\My Documents\LimeWire\Saved\rolex sweep.mp3"

The other items found will be addressed by uninstalling ComboFix as instructed below.

Your logs appear clean.You should be good to go. We still have a few items to address.

Go to

-> Run -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

Microsoft Windows Update - http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
Winpatrol

Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

You can get a free copy of Winpatrol or use the Plus version for more features.

You can read Winpatrol's FAQ if you run into problems.
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip to your desktop.
- From your Desktop right-click (hosts.zip) and select:
  Extract All from the menu.
- Click Next, click Next, select the option:
  "Show Extracted files", click Finish
- This will open the newly created hosts folder on your Desktop.
- Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
- Once updated you should see another prompt that the task was completed.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.

http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

bigpun07931 · 11-21-2008, 10:21 AM

thank you very much for your help, i am extremely greatful!!!!!!!!!!!!

take care

punit

tetonbob · 11-21-2008, 11:22 AM

I'm happy to have helped.

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be archived.

11-18-2008, 08:49 AM	#3 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 32,560 OS: 2000 Pro; XP Pro; XP Home	Re: eeekkkk!!!! help me, trojan/virus Hello, and Welcome to TSF. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Place combofix.exe on your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. Double click on combofix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement. ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed. Click on Yes, to continue scanning for malware. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

11-19-2008, 05:12 AM	#4 (permalink)
bigpun07931 Registered User Join Date: Nov 2008 Posts: 6 OS: windows xp	Re: eeekkkk!!!! help me, trojan/virus hi, thank you for your reply and your support i followed your instructions and here is the log as requested ComboFix 08-11-18.09 - ashok 2008-11-19 12:50:35.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.226 [GMT 0:00] Running from: c:\documents and settings\ashok\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . E:\Autorun.inf E:\resycled e:\resycled\boot.com . ---- Previous Run ------- . C:\Autorun.inf c:\docume~1\ashok\LOCALS~1\Temp\tmp1.tmp c:\docume~1\ashok\LOCALS~1\Temp\tmp2.tmp C:\resycled c:\resycled\boot.com c:\windows\system32\kdkqi.exe c:\windows\Temp\tmp3.tmp . ((((((((((((((((((((((((( Files Created from 2008-10-19 to 2008-11-19 ))))))))))))))))))))))))))))))) . 2008-11-16 18:53 . 2008-11-16 19:02 250 --a------ c:\windows\gmer.ini 2008-11-16 18:20 . 2008-11-16 18:20 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-16 18:20 . 2008-11-16 18:20 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-11-16 16:13 . 2008-11-19 12:42 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-11-16 16:13 . 2008-11-19 12:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-16 14:18 . 2008-11-16 14:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET 2008-11-15 19:49 . 2008-11-15 19:49 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys 2008-11-08 00:04 . 2004-01-11 22:00 348,160 --a------ c:\windows\system32\msvcr71.dll 2008-11-07 23:59 . 2008-11-07 23:59 <DIR> d-------- c:\documents and settings\ashok\Application Data\MPEG Streamclip 2008-11-07 21:33 . 2008-11-07 23:56 <DIR> d-------- c:\documents and settings\ashok\Application Data\WinFF 2008-11-07 16:35 . 2008-11-07 16:35 <DIR> d-------- c:\program files\iPod 2008-11-07 16:35 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll 2008-11-07 16:35 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys 2008-11-07 16:34 . 2008-11-07 16:35 <DIR> d-------- c:\program files\iTunes 2008-11-07 16:34 . 2008-11-07 16:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-03 02:46 . 2008-04-14 01:12 159,232 --a------ c:\windows\system32\ptpusd.dll 2008-11-03 02:46 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2008-11-03 02:46 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2008-11-03 02:46 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll 2008-10-24 19:50 . 2008-11-07 17:51 <DIR> d-------- c:\documents and settings\ashok\Application Data\Apple Computer 2008-10-24 19:48 . 2008-10-24 19:49 <DIR> d-------- c:\program files\QuickTime 2008-10-24 19:48 . 2008-10-24 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2008-10-24 19:47 . 2008-11-07 16:35 <DIR> d----c--- c:\windows\system32\DRVSTORE 2008-10-24 19:47 . 2008-10-24 19:48 <DIR> d-------- c:\program files\Common Files\Apple 2008-10-24 19:47 . 2008-10-24 19:47 <DIR> d-------- c:\program files\Apple Software Update 2008-10-24 19:47 . 2008-10-24 19:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple 2008-10-24 19:47 . 2008-10-01 12:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys 2008-10-24 13:00 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-21 17:53 . 2008-10-21 17:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\RapidSolution 2008-10-21 17:52 . 2008-10-21 17:52 2,723,264 --a------ c:\documents and settings\All Users\vcredist_x86.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-19 12:50 --------- d-----w c:\documents and settings\ashok\Application Data\DNA 2008-11-19 12:43 --------- d-----w c:\documents and settings\ashok\Application Data\LimeWire 2008-11-19 12:40 --------- d-----w c:\program files\DNA 2008-11-19 12:16 --------- d-----w c:\documents and settings\ashok\Application Data\BitTorrent 2008-11-16 18:50 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip 2008-11-16 18:20 --------- d-----w c:\program files\Java 2008-10-24 18:07 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-17 21:19 --------- d-----w c:\program files\Common Files\Windows Live 2008-10-15 13:39 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-09-28 18:37 --------- d-----w c:\program files\EPSON 2008-09-28 18:35 --------- d-----w c:\program files\NewSoft 2008-09-28 18:29 39,936 ----a-w c:\windows\system32\drivers\CDAC11BA.EXE 2008-09-28 18:29 --------- d-----w c:\documents and settings\ashok\Application Data\ABBYY 2008-09-28 18:28 --------- d-----w c:\program files\ABBYY 2008-09-28 18:27 --------- d-----w c:\program files\ArcSoft 2008-09-28 18:26 --------- d--h--w c:\program files\InstallShield Installation Information 2008-09-28 18:25 --------- d-----w c:\program files\Smart Panel 2008-09-28 18:25 --------- d-----w c:\program files\Common Files\Python 2008-09-28 17:06 --------- d-----w c:\documents and settings\ashok\Application Data\AVGTOOLBAR 2008-09-28 16:49 --------- d-----w c:\program files\MSBuild 2008-09-28 16:49 --------- d-----w c:\program files\Microsoft Works 2008-09-27 22:35 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys 2008-09-27 22:35 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2008-09-27 22:34 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys 2008-09-27 22:34 --------- d-----w c:\program files\AVG 2008-09-27 22:34 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2008-09-27 22:07 --------- d-----w c:\program files\DAEMON Tools Lite 2008-09-27 22:04 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-09-27 22:04 --------- d-----w c:\documents and settings\ashok\Application Data\DAEMON Tools 2008-09-25 11:33 43,552 ----a-w c:\windows\system32\drivers\tbhsd.sys 2008-09-24 21:21 --------- d-----w c:\program files\Real 2008-09-24 21:21 --------- d-----w c:\program files\Common Files\xing shared 2008-09-24 21:21 --------- d-----w c:\program files\Common Files\Real 2008-09-23 22:45 --------- d-----w c:\program files\LimeWire 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll 2007-05-24 13:58 249,856 ----a-w c:\windows\inf\WG511v2\InsDrv2k.exe 2006-12-04 10:38 53,248 ----a-w c:\windows\inf\WG511v2\snetcfg .exe 2006-12-04 10:38 265,984 ----a-w c:\windows\inf\WG511v2\WG511v2XP.sys 2006-12-04 10:38 249,856 ----a-w c:\windows\inf\WG511v2\InsDrvlh.exe 2006-12-04 10:38 212,992 ----a-w c:\windows\inf\WG511v2\CopyWHQLDriver.exe 2006-12-04 10:38 21,376 ----a-w c:\windows\inf\WG511v2\wlndis51.sys . Code: <pre> ----a-w 53,248 2006-12-04 10:38:30 c:\windows\inf\WG511v2\snetcfg .exe </pre> ((((((((((((((((((((((((((((( snapshot@2008-11-19_12.33.58.05 ))))))))))))))))))))))))))))))))))))))))) . + 2008-11-19 12:39:37 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3b0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA102584-3B97-47e7-B9BC-75D54C110A7D}] c:\program files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll [BU] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-12 342336] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "c:\documents and settings\ashok\Local Settings\Temporary Internet Files\Content.IE5\JXF3EZX5\tunebite[1].exe"="c:\documents and settings\ashok\Local Settings\Temporary Internet Files\Content.IE5\JXF3EZX5\tunebite[1].exe" [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-24 185896] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "c:\windows\system32\kdpua.exe"="c:\windows\system32\kdpua.exe" [N/A] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "c:\windows\system32\kdkqi.exe"="c:\windows\system32\kdkqi.exe" [N/A] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-16 136600] c:\documents and settings\ashok\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-01-10 147456] c:\documents and settings\All Users\Start Menu\Programs\Startup\ NETGEAR WG511v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG511v2\WG511v2.exe [2007-06-26 1499136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-27 97928] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-27 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-27 231704] R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-09-27 76040] S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-15 27904] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c298d925-a9ba-11dd-bd29-00184defbbd5}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e: \Shell\Open\command - e:\resycled\boot.com e: . Contents of the 'Scheduled Tasks' folder 2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\ashok\Application Data\Mozilla\Firefox\Profiles\0nt4njxg.default\ FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-19 12:52:55 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-11-19 12:54:12 ComboFix-quarantined-files.txt 2008-11-19 12:54:07 Pre-Run: 43,169,288,192 bytes free Post-Run: 43,157,979,136 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 192 --- E O F --- 2008-10-24 18:00:52

11-20-2008, 12:48 PM	#6 (permalink)
bigpun07931 Registered User Join Date: Nov 2008 Posts: 6 OS: windows xp	Re: eeekkkk!!!! help me, trojan/virus hey there, done as you requested heres the log, thanks for your help so far ComboFix 08-11-19.08 - ashok 2008-11-20 20:31:27.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.280 [GMT 0:00] Running from: c:\documents and settings\ashok\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\ashok\Desktop\CFScript.txt * Created a new restore point FILE :: c:\windows\system32\drivers\ndisprot.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\ndisprot.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NDISPROT -------\Service_Ndisprot ((((((((((((((((((((((((( Files Created from 2008-10-20 to 2008-11-20 ))))))))))))))))))))))))))))))) . 2008-11-20 09:39 . 2008-09-04 17:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-20 09:39 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-16 18:53 . 2008-11-16 19:02 250 --a------ c:\windows\gmer.ini 2008-11-16 18:20 . 2008-11-16 18:20 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-16 18:20 . 2008-11-16 18:20 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-11-16 16:13 . 2008-11-19 12:42 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-11-16 16:13 . 2008-11-19 12:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-16 14:18 . 2008-11-16 14:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET 2008-11-08 00:04 . 2004-01-11 22:00 348,160 --a------ c:\windows\system32\msvcr71.dll 2008-11-07 23:59 . 2008-11-07 23:59 <DIR> d-------- c:\documents and settings\ashok\Application Data\MPEG Streamclip 2008-11-07 21:33 . 2008-11-07 23:56 <DIR> d-------- c:\documents and settings\ashok\Application Data\WinFF 2008-11-07 16:35 . 2008-11-07 16:35 <DIR> d-------- c:\program files\iPod 2008-11-07 16:35 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll 2008-11-07 16:35 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys 2008-11-07 16:34 . 2008-11-07 16:35 <DIR> d-------- c:\program files\iTunes 2008-11-07 16:34 . 2008-11-07 16:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-03 02:46 . 2008-04-14 01:12 159,232 --a------ c:\windows\system32\ptpusd.dll 2008-11-03 02:46 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2008-11-03 02:46 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2008-11-03 02:46 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll 2008-10-24 19:50 . 2008-11-07 17:51 <DIR> d-------- c:\documents and settings\ashok\Application Data\Apple Computer 2008-10-24 19:48 . 2008-10-24 19:49 <DIR> d-------- c:\program files\QuickTime 2008-10-24 19:48 . 2008-10-24 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2008-10-24 19:47 . 2008-11-07 16:35 <DIR> d----c--- c:\windows\system32\DRVSTORE 2008-10-24 19:47 . 2008-10-24 19:48 <DIR> d-------- c:\program files\Common Files\Apple 2008-10-24 19:47 . 2008-10-24 19:47 <DIR> d-------- c:\program files\Apple Software Update 2008-10-24 19:47 . 2008-10-24 19:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple 2008-10-24 19:47 . 2008-10-01 12:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys 2008-10-24 13:00 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-21 17:53 . 2008-10-21 17:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\RapidSolution 2008-10-21 17:52 . 2008-10-21 17:52 2,723,264 --a------ c:\documents and settings\All Users\vcredist_x86.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-20 20:38 --------- d-----w c:\program files\DNA 2008-11-20 20:38 --------- d-----w c:\documents and settings\ashok\Application Data\DNA 2008-11-20 20:16 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-11-19 14:00 --------- d-----w c:\documents and settings\ashok\Application Data\BitTorrent 2008-11-19 13:04 --------- d-----w c:\documents and settings\ashok\Application Data\LimeWire 2008-11-16 18:50 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip 2008-11-16 18:20 --------- d-----w c:\program files\Java 2008-10-24 18:07 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-17 21:19 --------- d-----w c:\program files\Common Files\Windows Live 2008-09-28 18:37 --------- d-----w c:\program files\EPSON 2008-09-28 18:35 --------- d-----w c:\program files\NewSoft 2008-09-28 18:29 39,936 ----a-w c:\windows\system32\drivers\CDAC11BA.EXE 2008-09-28 18:29 --------- d-----w c:\documents and settings\ashok\Application Data\ABBYY 2008-09-28 18:28 --------- d-----w c:\program files\ABBYY 2008-09-28 18:27 --------- d-----w c:\program files\ArcSoft 2008-09-28 18:26 --------- d--h--w c:\program files\InstallShield Installation Information 2008-09-28 18:25 --------- d-----w c:\program files\Smart Panel 2008-09-28 18:25 --------- d-----w c:\program files\Common Files\Python 2008-09-28 17:06 --------- d-----w c:\documents and settings\ashok\Application Data\AVGTOOLBAR 2008-09-28 16:49 --------- d-----w c:\program files\MSBuild 2008-09-28 16:49 --------- d-----w c:\program files\Microsoft Works 2008-09-27 22:35 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys 2008-09-27 22:35 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2008-09-27 22:34 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys 2008-09-27 22:34 --------- d-----w c:\program files\AVG 2008-09-27 22:34 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2008-09-27 22:07 --------- d-----w c:\program files\DAEMON Tools Lite 2008-09-27 22:04 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-09-27 22:04 --------- d-----w c:\documents and settings\ashok\Application Data\DAEMON Tools 2008-09-25 11:33 43,552 ----a-w c:\windows\system32\drivers\tbhsd.sys 2008-09-24 21:21 --------- d-----w c:\program files\Real 2008-09-24 21:21 --------- d-----w c:\program files\Common Files\xing shared 2008-09-24 21:21 --------- d-----w c:\program files\Common Files\Real 2008-09-23 22:45 --------- d-----w c:\program files\LimeWire 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll 2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll 2007-05-24 13:58 249,856 ----a-w c:\windows\inf\WG511v2\InsDrv2k.exe 2006-12-04 10:38 53,248 ----a-w c:\windows\inf\WG511v2\snetcfg.exe 2006-12-04 10:38 265,984 ----a-w c:\windows\inf\WG511v2\WG511v2XP.sys 2006-12-04 10:38 249,856 ----a-w c:\windows\inf\WG511v2\InsDrvlh.exe 2006-12-04 10:38 212,992 ----a-w c:\windows\inf\WG511v2\CopyWHQLDriver.exe 2006-12-04 10:38 21,376 ----a-w c:\windows\inf\WG511v2\wlndis51.sys . ((((((((((((((((((((((((((((( snapshot@2008-11-19_12.33.58.05 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys + 2005-10-20 20:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE - 2008-10-15 13:39:16 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2008-11-20 20:16:15 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe - 2008-10-15 13:39:16 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2008-11-20 20:16:17 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2008-10-15 13:39:17 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2008-11-20 20:16:17 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2008-10-15 13:39:18 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2008-11-20 20:16:18 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2008-10-15 13:39:16 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2008-11-20 20:16:17 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll + 2008-09-10 01:14:56 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll - 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\system32\MRT.exe + 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe - 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll + 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll + 2008-11-20 20:36:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_510.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA102584-3B97-47e7-B9BC-75D54C110A7D}] c:\program files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll [BU] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-12 342336] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-24 185896] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-16 136600] c:\documents and settings\ashok\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-01-10 147456] c:\documents and settings\All Users\Start Menu\Programs\Startup\ NETGEAR WG511v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG511v2\WG511v2.exe [2007-06-26 1499136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-27 97928] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-27 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-27 231704] R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-09-27 76040] . Contents of the 'Scheduled Tasks' folder 2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHANS REMOVED - - - - HKCU-Run-c:\documents and settings\ashok\Local Settings\Temporary Internet Files\Content.IE5\JXF3EZX5\tunebite[1].exe - c:\documents and settings\ashok\Local Settings\Temporary Internet Files\Content.IE5\JXF3EZX5\tunebite[1].exe HKLM-Run-c:\windows\system32\kdpua.exe - c:\windows\system32\kdpua.exe HKLM-Run-c:\windows\system32\kdkqi.exe - c:\windows\system32\kdkqi.exe ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-20 20:36:54 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\iPod\bin\iPodService.exe c:\program files\iTunes\iTunes.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe . ************************************************************************ . Completion time: 2008-11-20 20:44:17 - machine was rebooted [ashok] ComboFix-quarantined-files.txt 2008-11-20 20:43:30 ComboFix2.txt 2008-11-19 12:54:14 Pre-Run: 42,925,084,672 bytes free Post-Run: 42,926,817,280 bytes free 205 --- E O F --- 2008-11-20 20:17:30

11-20-2008, 01:38 PM	#7 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 32,560 OS: 2000 Pro; XP Pro; XP Home	Re: eeekkkk!!!! help me, trojan/virus Looks better....next steps: P2P - I see you have P2P software ( Limewire, BitTorrent, DNA ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. Please see this topic for more information: http://www.techsupportforum.com/secu...e-sharing.html I would strongly recommend that you uninstall these. You can do so via Control Panel >> Add or Remove Programs. --------------------------------------------------------------------------------------------- Please perform this online scan to help look for remnants Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner Note To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan. Click Accept, when prompted to download and install the program files and database of malware definitions. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on Settings. Uncheck Mail databases. Next, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View scan report at the bottom. Click the Save Report As... button. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply. --------------------------------------------------------------------------------------------- How is the machine behaving? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

11-21-2008, 08:40 AM	#8 (permalink)
bigpun07931 Registered User Join Date: Nov 2008 Posts: 6 OS: windows xp	Re: eeekkkk!!!! help me, trojan/virus the machince seems to be a lot better, i have tried several times typing items into google and then clicking on the links without being redirected. thank you very very very much with your help so far, and here is the report as requested -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Friday, November 21, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Thursday, November 20, 2008 21:08:41 Records in database: 1397772 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: no Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 46868 Threat name: 4 Infected objects: 7 Suspicious objects: 0 Duration of the scan: 01:54:51 File name / Threat name / Threats count C:\Qoobox\Quarantine\C\autorun.inf.vir Infected: Worm.Win32.AutoRun.nuu 1 C:\Qoobox\Quarantine\C\DOCUME~1\ashok\LOCALS~1\Temp\tmp1.tmp.vir Infected: Trojan-Downloader.Win32.Agent.ahcg 1 C:\Qoobox\Quarantine\C\DOCUME~1\ashok\LOCALS~1\Temp\tmp2.tmp.vir Infected: Trojan-Downloader.Win32.Agent.ahcg 1 C:\Qoobox\Quarantine\E\autorun.inf.vir Infected: Worm.Win32.AutoRun.oni 1 E:\music albums\rolex sweep.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1 E:\N360_BACKUP\Drive_C\Documents and Settings\punit khemani\My Documents\LimeWire\rolex sweep.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1 E:\N360_BACKUP\Drive_C\Documents and Settings\punit khemani\My Documents\LimeWire\Saved\rolex sweep.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1 The selected area was scanned.

11-21-2008, 08:46 AM	#9 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 32,560 OS: 2000 Pro; XP Pro; XP Home	Re: eeekkkk!!!! help me, trojan/virus Glad to hear it...just a couple more things to take care of... These files are infected, and should be deleted. This should drive home even more the perils of using P2P software. "E:\music albums\rolex sweep.mp3" "E:\N360_BACKUP\Drive_C\Documents and Settings\punit khemani\My Documents\LimeWire\rolex sweep.mp3" "E:\N360_BACKUP\Drive_C\Documents and Settings\punit khemani\My Documents\LimeWire\Saved\rolex sweep.mp3" The other items found will be addressed by uninstalling ComboFix as instructed below. Your logs appear clean.You should be good to go. We still have a few items to address. Go to -> Run -> copy/paste in the following single line command & click OK combofix /u This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points. Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs: Microsoft Windows Update - http://www.windowsupdate.com Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items Winpatrol Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here. You can get a free copy of Winpatrol or use the Plus version for more features. You can read Winpatrol's FAQ if you run into problems. MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Download Host.zip to your desktop. From your Desktop right-click (hosts.zip) and select: Extract All from the menu. Click Next, click Next, select the option: "Show Extracted files", click Finish This will open the newly created hosts folder on your Desktop. Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine. Once updated you should see another prompt that the task was completed. Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer Here are some additional utilities that will further enhance your safety. http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT. ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry. NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster. In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? MAKING INTERNET EXPLORER SAFER If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

11-21-2008, 10:21 AM	#10 (permalink)
bigpun07931 Registered User Join Date: Nov 2008 Posts: 6 OS: windows xp	Re: eeekkkk!!!! help me, trojan/virus thank you very much for your help, i am extremely greatful!!!!!!!!!!!! take care punit

11-21-2008, 11:22 AM	#11 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 32,560 OS: 2000 Pro; XP Pro; XP Home	Re: eeekkkk!!!! help me, trojan/virus I'm happy to have helped. Surf Safely, and Think Prevention! Since this issue is resolved, this topic will be archived. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.