Thanks for the clarification , below is my HIJACKTHIS LOG file. Please check and tell me the corrections:

Logfile of HijackThis v1.99.1
Scan saved at 3:49:40 PM, on 2/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolvc.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\mysvcc.exe
C:\WINDOWS\system32\srrvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svcchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Zip\Anti-virus\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Routingdsfdsfs] winf454jhgfgk.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\RunServices: [Routingdsfdsfs] winf454jhgfgk.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Routingdsfdsfs] winf454jhgfgk.exe
O4 - HKCU\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Samsung Multimedia Keyboard.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Advanced Email Extractor - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/link.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{17BBF687-1141-4522-B007-EF63C7F4B7EE}: NameServer = 202.54.6.60,202.54.29.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A1DA16E-B943-4E3A-A5A8-FF298FFD2041}: NameServer = 202.54.29.5 202.54.6.60
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Windows Host Services (DLLHOST32) - Unknown owner - C:\WINDOWS\system\dllhost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Sata emulation (mside) - Unknown owner - C:\WINDOWS\system\mside.exe (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Windows Terminal Services - Unknown owner - C:\WINDOWS\system32\spoolvc.exe

Your computer is very infected. Your going to need some patience and time to get this fixed.

Please download VundoFix.exe
to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt into your next reply

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

I followed your instructions, below is the vundoFix.txt file.
As you see below, "yudpdsvv.dll" couldn't not be removed after several tries :
-----------------------------------------------------------------------------------
VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.8

Scan started at 4:26:01 PM 2/5/2007

Listing files found while scanning....

C:\WINDOWS\system32\atfrnque.dll
C:\WINDOWS\system32\awtqono.dll
C:\WINDOWS\system32\awtqooo.dll
C:\WINDOWS\system32\awtrolk.dll
C:\WINDOWS\system32\awtrrqp.dll
C:\WINDOWS\system32\awtssrr.dll
C:\WINDOWS\system32\awttuus.dll
C:\WINDOWS\system32\awtuurr.dll
C:\WINDOWS\system32\awtuusp.dll
C:\WINDOWS\system32\btjckfoc.dll
C:\WINDOWS\system32\byxwtts.dll
C:\WINDOWS\system32\byxxyaa.dll
C:\WINDOWS\system32\byxxyya.dll
C:\WINDOWS\system32\byxywvu.dll
C:\WINDOWS\system32\byxyxxw.dll
C:\WINDOWS\system32\cbxuspp.dll
C:\WINDOWS\system32\cbxutsq.dll
C:\WINDOWS\system32\cbxvtsp.dll
C:\WINDOWS\system32\cbxvwut.dll
C:\WINDOWS\system32\cbxwttq.dll
C:\WINDOWS\system32\cbxwwwv.dll
C:\WINDOWS\system32\cbxwxxy.dll
C:\WINDOWS\system32\cofkcjtb.ini
C:\WINDOWS\system32\ddcaaww.dll
C:\WINDOWS\system32\ddcbxut.dll
C:\WINDOWS\system32\ddcdcca.dll
C:\WINDOWS\system32\ddcdeec.dll
C:\WINDOWS\system32\ddcyaxy.dll
C:\WINDOWS\system32\efcbbba.dll
C:\WINDOWS\system32\efcdcyy.dll
C:\WINDOWS\system32\efcyywt.dll
C:\WINDOWS\system32\efcyywx.dll
C:\WINDOWS\system32\euqnrfta.ini
C:\WINDOWS\system32\fccaayv.dll
C:\WINDOWS\system32\fccayaw.dll
C:\WINDOWS\system32\fccbaxx.dll
C:\WINDOWS\system32\fcccyyx.dll
C:\WINDOWS\system32\fccyxxx.dll
C:\WINDOWS\system32\gebcdab.dll
C:\WINDOWS\system32\gebywuv.dll
C:\WINDOWS\system32\gebywxv.dll
C:\WINDOWS\system32\gebyxwt.dll
C:\WINDOWS\system32\gebyxxu.dll
C:\WINDOWS\system32\gebyxyy.dll
C:\WINDOWS\system32\hggedax.dll
C:\WINDOWS\system32\hggefcy.dll
C:\WINDOWS\system32\hggfdde.dll
C:\WINDOWS\system32\hggffcb.dll
C:\WINDOWS\system32\hggffgg.dll
C:\WINDOWS\system32\hggfgeb.dll
C:\WINDOWS\system32\hgggdab.dll
C:\WINDOWS\system32\hgggddc.dll
C:\WINDOWS\system32\hgggefe.dll
C:\WINDOWS\system32\hgggged.dll
C:\WINDOWS\system32\hgghiii.dll
C:\WINDOWS\system32\iifcaby.dll
C:\WINDOWS\system32\iifcbxw.dll
C:\WINDOWS\system32\iifdbxw.dll
C:\WINDOWS\system32\iiffcca.dll
C:\WINDOWS\system32\iifgeeb.dll
C:\WINDOWS\system32\jkkjheb.dll
C:\WINDOWS\system32\jkkjijk.dll
C:\WINDOWS\system32\jkkkjgf.dll
C:\WINDOWS\system32\jkkklmj.dll
C:\WINDOWS\system32\khfcawu.dll
C:\WINDOWS\system32\khfcdbc.dll
C:\WINDOWS\system32\khfdefd.dll
C:\WINDOWS\system32\khfedeb.dll
C:\WINDOWS\system32\khfeedc.dll
C:\WINDOWS\system32\khffcax.dll
C:\WINDOWS\system32\khfggfc.dll
C:\WINDOWS\system32\ljjgeda.dll
C:\WINDOWS\system32\ljjghhi.dll
C:\WINDOWS\system32\ljjhfec.dll
C:\WINDOWS\system32\mljgeef.dll
C:\WINDOWS\system32\mljhhhh.dll
C:\WINDOWS\system32\mljjhhe.dll
C:\WINDOWS\system32\mljjhig.dll
C:\WINDOWS\system32\mljjihg.dll
C:\WINDOWS\system32\mljjihh.dll
C:\WINDOWS\system32\mljkihi.dll
C:\WINDOWS\system32\nnnliif.dll
C:\WINDOWS\system32\nnnliij.dll
C:\WINDOWS\system32\nnnlkhe.dll
C:\WINDOWS\system32\nnnmkih.dll
C:\WINDOWS\system32\nnnmljg.dll
C:\WINDOWS\system32\nnnmnml.dll
C:\WINDOWS\system32\nnnnllj.dll
C:\WINDOWS\system32\nnnoono.dll
C:\WINDOWS\system32\nnnooop.dll
C:\WINDOWS\system32\nnnopmn.dll
C:\WINDOWS\System32\nqstv.bak1
C:\WINDOWS\System32\nqstv.bak2
C:\WINDOWS\System32\nqstv.ini
C:\WINDOWS\system32\opnkkji.dll
C:\WINDOWS\system32\opnliff.dll
C:\WINDOWS\system32\opnliig.dll
C:\WINDOWS\system32\opnmjig.dll
C:\WINDOWS\system32\opnmkli.dll
C:\WINDOWS\system32\opnmnmn.dll
C:\WINDOWS\system32\opnollk.dll
C:\WINDOWS\system32\opnoomk.dll
C:\WINDOWS\system32\opnoopm.dll
C:\WINDOWS\system32\pmnmnnl.dll
C:\WINDOWS\system32\qomjhfe.dll
C:\WINDOWS\system32\qomjjkk.dll
C:\WINDOWS\system32\qomkjge.dll
C:\WINDOWS\system32\qomljge.dll
C:\WINDOWS\system32\qommkij.dll
C:\WINDOWS\system32\qommnlm.dll
C:\WINDOWS\system32\qomnmnl.dll
C:\WINDOWS\system32\qomnnoo.dll
C:\WINDOWS\system32\rqromlm.dll
C:\WINDOWS\system32\rqromnk.dll
C:\WINDOWS\system32\rqroool.dll
C:\WINDOWS\system32\rqrpolj.dll
C:\WINDOWS\system32\rqrqrpm.dll
C:\WINDOWS\system32\rqrqrss.dll
C:\WINDOWS\system32\sgqdqaux.ini
C:\WINDOWS\system32\ssqnkhi.dll
C:\WINDOWS\system32\ssqnkki.dll
C:\WINDOWS\system32\ssqnnmn.dll
C:\WINDOWS\system32\ssqnolk.dll
C:\WINDOWS\system32\ssqolki.dll
C:\WINDOWS\system32\ssqomnl.dll
C:\WINDOWS\system32\ssqonmj.dll
C:\WINDOWS\system32\ssqoopm.dll
C:\WINDOWS\system32\ssqpmnk.dll
C:\WINDOWS\system32\ssqpmnm.dll
C:\WINDOWS\system32\ssqpopq.dll
C:\WINDOWS\system32\ssqpqqp.dll
C:\WINDOWS\system32\ssqqnkk.dll
C:\WINDOWS\system32\ssqqool.dll
C:\WINDOWS\system32\ssqrrop.dll
C:\WINDOWS\system32\tuvsttr.dll
C:\WINDOWS\system32\tuvurqr.dll
C:\WINDOWS\system32\tuvuuvw.dll
C:\WINDOWS\system32\tuvvsst.dll
C:\WINDOWS\system32\tuvvuvv.dll
C:\WINDOWS\system32\tuvvvww.dll
C:\WINDOWS\system32\tuvwurp.dll
C:\WINDOWS\system32\tuvwxxy.dll
C:\WINDOWS\system32\urqnlji.dll
C:\WINDOWS\system32\urqnllm.dll
C:\WINDOWS\system32\urqolii.dll
C:\WINDOWS\system32\urqpqnl.dll
C:\WINDOWS\system32\urqqqoo.dll
C:\WINDOWS\system32\urqrqqn.dll
C:\WINDOWS\System32\vtsqn.dll
C:\WINDOWS\system32\vturqrq.dll
C:\WINDOWS\system32\vturrom.dll
C:\WINDOWS\system32\vtusqrr.dll
C:\WINDOWS\system32\vtusrsq.dll
C:\WINDOWS\system32\vtusrss.dll
C:\WINDOWS\system32\vtuttqq.dll
C:\WINDOWS\system32\vtuurom.dll
C:\WINDOWS\system32\vtuuvtt.dll
C:\WINDOWS\system32\wvuroon.dll
C:\WINDOWS\system32\wvussqp.dll
C:\WINDOWS\system32\wvutqom.dll
C:\WINDOWS\system32\wvuurpm.dll
C:\WINDOWS\system32\wvuvwxy.dll
C:\WINDOWS\system32\xuaqdqgs.dll
C:\WINDOWS\system32\xxyvuts.dll
C:\WINDOWS\system32\xxywtst.dll
C:\WINDOWS\system32\xxywvwu.dll
C:\WINDOWS\system32\xxywwtt.dll
C:\WINDOWS\system32\xxyxxus.dll
C:\WINDOWS\system32\xxyyyxy.dll
C:\WINDOWS\system32\yayayab.dll
C:\WINDOWS\system32\yayvuur.dll
C:\WINDOWS\system32\yaywurs.dll
C:\WINDOWS\system32\yaywuuu.dll
C:\WINDOWS\system32\yayxwts.dll
C:\WINDOWS\system32\yayyxyy.dll
C:\WINDOWS\System32\yudpdsvv.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\atfrnque.dll
C:\WINDOWS\system32\atfrnque.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtqono.dll
C:\WINDOWS\system32\awtqono.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtqooo.dll
C:\WINDOWS\system32\awtqooo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtrolk.dll
C:\WINDOWS\system32\awtrolk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtrrqp.dll
C:\WINDOWS\system32\awtrrqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtssrr.dll
C:\WINDOWS\system32\awtssrr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awttuus.dll
C:\WINDOWS\system32\awttuus.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtuurr.dll
C:\WINDOWS\system32\awtuurr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtuusp.dll
C:\WINDOWS\system32\awtuusp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\btjckfoc.dll
C:\WINDOWS\system32\btjckfoc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxwtts.dll
C:\WINDOWS\system32\byxwtts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxxyaa.dll
C:\WINDOWS\system32\byxxyaa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxxyya.dll
C:\WINDOWS\system32\byxxyya.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxywvu.dll
C:\WINDOWS\system32\byxywvu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxyxxw.dll
C:\WINDOWS\system32\byxyxxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxuspp.dll
C:\WINDOWS\system32\cbxuspp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxutsq.dll
C:\WINDOWS\system32\cbxutsq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxvtsp.dll
C:\WINDOWS\system32\cbxvtsp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxvwut.dll
C:\WINDOWS\system32\cbxvwut.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxwttq.dll
C:\WINDOWS\system32\cbxwttq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxwwwv.dll
C:\WINDOWS\system32\cbxwwwv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxwxxy.dll
C:\WINDOWS\system32\cbxwxxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cofkcjtb.ini
C:\WINDOWS\system32\cofkcjtb.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcaaww.dll
C:\WINDOWS\system32\ddcaaww.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcbxut.dll
C:\WINDOWS\system32\ddcbxut.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcdcca.dll
C:\WINDOWS\system32\ddcdcca.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcdeec.dll
C:\WINDOWS\system32\ddcdeec.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcyaxy.dll
C:\WINDOWS\system32\ddcyaxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcbbba.dll
C:\WINDOWS\system32\efcbbba.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcdcyy.dll
C:\WINDOWS\system32\efcdcyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcyywt.dll
C:\WINDOWS\system32\efcyywt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcyywx.dll
C:\WINDOWS\system32\efcyywx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\euqnrfta.ini
C:\WINDOWS\system32\euqnrfta.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccaayv.dll
C:\WINDOWS\system32\fccaayv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccayaw.dll
C:\WINDOWS\system32\fccayaw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccbaxx.dll
C:\WINDOWS\system32\fccbaxx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fcccyyx.dll
C:\WINDOWS\system32\fcccyyx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccyxxx.dll
C:\WINDOWS\system32\fccyxxx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcdab.dll
C:\WINDOWS\system32\gebcdab.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebywuv.dll
C:\WINDOWS\system32\gebywuv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebywxv.dll
C:\WINDOWS\system32\gebywxv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyxwt.dll
C:\WINDOWS\system32\gebyxwt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyxxu.dll
C:\WINDOWS\system32\gebyxxu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyxyy.dll
C:\WINDOWS\system32\gebyxyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggedax.dll
C:\WINDOWS\system32\hggedax.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggefcy.dll
C:\WINDOWS\system32\hggefcy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggfdde.dll
C:\WINDOWS\system32\hggfdde.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggffcb.dll
C:\WINDOWS\system32\hggffcb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggffgg.dll
C:\WINDOWS\system32\hggffgg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggfgeb.dll
C:\WINDOWS\system32\hggfgeb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgggdab.dll
C:\WINDOWS\system32\hgggdab.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgggddc.dll
C:\WINDOWS\system32\hgggddc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgggefe.dll
C:\WINDOWS\system32\hgggefe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgggged.dll
C:\WINDOWS\system32\hgggged.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgghiii.dll
C:\WINDOWS\system32\hgghiii.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iifcaby.dll
C:\WINDOWS\system32\iifcaby.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iifcbxw.dll
C:\WINDOWS\system32\iifcbxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iifdbxw.dll
C:\WINDOWS\system32\iifdbxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iiffcca.dll
C:\WINDOWS\system32\iiffcca.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iifgeeb.dll
C:\WINDOWS\system32\iifgeeb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjheb.dll
C:\WINDOWS\system32\jkkjheb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjijk.dll
C:\WINDOWS\system32\jkkjijk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkkjgf.dll
C:\WINDOWS\system32\jkkkjgf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkklmj.dll
C:\WINDOWS\system32\jkkklmj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfcawu.dll
C:\WINDOWS\system32\khfcawu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfcdbc.dll
C:\WINDOWS\system32\khfcdbc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfdefd.dll
C:\WINDOWS\system32\khfdefd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfedeb.dll
C:\WINDOWS\system32\khfedeb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfeedc.dll
C:\WINDOWS\system32\khfeedc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khffcax.dll
C:\WINDOWS\system32\khffcax.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfggfc.dll
C:\WINDOWS\system32\khfggfc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjgeda.dll
C:\WINDOWS\system32\ljjgeda.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjghhi.dll
C:\WINDOWS\system32\ljjghhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjhfec.dll
C:\WINDOWS\system32\ljjhfec.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgeef.dll
C:\WINDOWS\system32\mljgeef.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljhhhh.dll
C:\WINDOWS\system32\mljhhhh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjhhe.dll
C:\WINDOWS\system32\mljjhhe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjhig.dll
C:\WINDOWS\system32\mljjhig.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjihg.dll
C:\WINDOWS\system32\mljjihg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjihh.dll
C:\WINDOWS\system32\mljjihh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljkihi.dll
C:\WINDOWS\system32\mljkihi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnliif.dll
C:\WINDOWS\system32\nnnliif.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnliij.dll
C:\WINDOWS\system32\nnnliij.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnlkhe.dll
C:\WINDOWS\system32\nnnlkhe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmkih.dll
C:\WINDOWS\system32\nnnmkih.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmljg.dll
C:\WINDOWS\system32\nnnmljg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmnml.dll
C:\WINDOWS\system32\nnnmnml.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnnllj.dll
C:\WINDOWS\system32\nnnnllj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnoono.dll
C:\WINDOWS\system32\nnnoono.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnooop.dll
C:\WINDOWS\system32\nnnooop.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnopmn.dll
C:\WINDOWS\system32\nnnopmn.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\nqstv.bak1
C:\WINDOWS\System32\nqstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\nqstv.bak2
C:\WINDOWS\System32\nqstv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\nqstv.ini
C:\WINDOWS\System32\nqstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnkkji.dll
C:\WINDOWS\system32\opnkkji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnliff.dll
C:\WINDOWS\system32\opnliff.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnliig.dll
C:\WINDOWS\system32\opnliig.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnmjig.dll
C:\WINDOWS\system32\opnmjig.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnmkli.dll
C:\WINDOWS\system32\opnmkli.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnmnmn.dll
C:\WINDOWS\system32\opnmnmn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnollk.dll
C:\WINDOWS\system32\opnollk.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\opnoomk.dll
C:\WINDOWS\system32\opnoomk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnoopm.dll
C:\WINDOWS\system32\opnoopm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnmnnl.dll
C:\WINDOWS\system32\pmnmnnl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomjhfe.dll
C:\WINDOWS\system32\qomjhfe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomjjkk.dll
C:\WINDOWS\system32\qomjjkk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomkjge.dll
C:\WINDOWS\system32\qomkjge.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomljge.dll
C:\WINDOWS\system32\qomljge.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qommkij.dll
C:\WINDOWS\system32\qommkij.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qommnlm.dll
C:\WINDOWS\system32\qommnlm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomnmnl.dll
C:\WINDOWS\system32\qomnmnl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomnnoo.dll
C:\WINDOWS\system32\qomnnoo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqromlm.dll
C:\WINDOWS\system32\rqromlm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqromnk.dll
C:\WINDOWS\system32\rqromnk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqroool.dll
C:\WINDOWS\system32\rqroool.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrpolj.dll
C:\WINDOWS\system32\rqrpolj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrqrpm.dll
C:\WINDOWS\system32\rqrqrpm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrqrss.dll
C:\WINDOWS\system32\rqrqrss.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sgqdqaux.ini
C:\WINDOWS\system32\sgqdqaux.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqnkhi.dll
C:\WINDOWS\system32\ssqnkhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqnkki.dll
C:\WINDOWS\system32\ssqnkki.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqnnmn.dll
C:\WINDOWS\system32\ssqnnmn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqnolk.dll
C:\WINDOWS\system32\ssqnolk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqolki.dll
C:\WINDOWS\system32\ssqolki.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqomnl.dll
C:\WINDOWS\system32\ssqomnl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqonmj.dll
C:\WINDOWS\system32\ssqonmj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqoopm.dll
C:\WINDOWS\system32\ssqoopm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpmnk.dll
C:\WINDOWS\system32\ssqpmnk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpmnm.dll
C:\WINDOWS\system32\ssqpmnm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpopq.dll
C:\WINDOWS\system32\ssqpopq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpqqp.dll
C:\WINDOWS\system32\ssqpqqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqqnkk.dll
C:\WINDOWS\system32\ssqqnkk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqqool.dll
C:\WINDOWS\system32\ssqqool.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrrop.dll
C:\WINDOWS\system32\ssqrrop.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvsttr.dll
C:\WINDOWS\system32\tuvsttr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvurqr.dll
C:\WINDOWS\system32\tuvurqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvuuvw.dll
C:\WINDOWS\system32\tuvuuvw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvvsst.dll
C:\WINDOWS\system32\tuvvsst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvvuvv.dll
C:\WINDOWS\system32\tuvvuvv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvvvww.dll
C:\WINDOWS\system32\tuvvvww.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvwurp.dll
C:\WINDOWS\system32\tuvwurp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvwxxy.dll
C:\WINDOWS\system32\tuvwxxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqnlji.dll
C:\WINDOWS\system32\urqnlji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqnllm.dll
C:\WINDOWS\system32\urqnllm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqolii.dll
C:\WINDOWS\system32\urqolii.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqpqnl.dll
C:\WINDOWS\system32\urqpqnl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqqqoo.dll
C:\WINDOWS\system32\urqqqoo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqrqqn.dll
C:\WINDOWS\system32\urqrqqn.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\vtsqn.dll
C:\WINDOWS\System32\vtsqn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturqrq.dll
C:\WINDOWS\system32\vturqrq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturrom.dll
C:\WINDOWS\system32\vturrom.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtusqrr.dll
C:\WINDOWS\system32\vtusqrr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtusrsq.dll
C:\WINDOWS\system32\vtusrsq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtusrss.dll
C:\WINDOWS\system32\vtusrss.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuttqq.dll
C:\WINDOWS\system32\vtuttqq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuurom.dll
C:\WINDOWS\system32\vtuurom.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuuvtt.dll
C:\WINDOWS\system32\vtuuvtt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuroon.dll
C:\WINDOWS\system32\wvuroon.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvussqp.dll
C:\WINDOWS\system32\wvussqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvutqom.dll
C:\WINDOWS\system32\wvutqom.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuurpm.dll
C:\WINDOWS\system32\wvuurpm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuvwxy.dll
C:\WINDOWS\system32\wvuvwxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xuaqdqgs.dll
C:\WINDOWS\system32\xuaqdqgs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxyvuts.dll
C:\WINDOWS\system32\xxyvuts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxywtst.dll
C:\WINDOWS\system32\xxywtst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxywvwu.dll
C:\WINDOWS\system32\xxywvwu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxywwtt.dll
C:\WINDOWS\system32\xxywwtt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxyxxus.dll
C:\WINDOWS\system32\xxyxxus.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxyyyxy.dll
C:\WINDOWS\system32\xxyyyxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayayab.dll
C:\WINDOWS\system32\yayayab.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayvuur.dll
C:\WINDOWS\system32\yayvuur.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yaywurs.dll
C:\WINDOWS\system32\yaywurs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yaywuuu.dll
C:\WINDOWS\system32\yaywuuu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayxwts.dll
C:\WINDOWS\system32\yayxwts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayyxyy.dll
C:\WINDOWS\system32\yayyxyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\yudpdsvv.dll
C:\WINDOWS\System32\yudpdsvv.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.8

Scan started at 4:33:02 PM 2/5/2007

Listing files found while scanning....

C:\WINDOWS\system32\opnollk.dll
C:\WINDOWS\System32\yudpdsvv.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\opnollk.dll
C:\WINDOWS\system32\opnollk.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.8

Scan started at 4:45:20 PM 2/5/2007

Listing files found while scanning....

C:\WINDOWS\System32\yudpdsvv.dll

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.8

Scan started at 4:50:23 PM 2/5/2007

Listing files found while scanning....

C:\WINDOWS\System32\yudpdsvv.dll

Beginning removal...

Performing Repairs to the registry.
Done!
------------------------------------------------------------------------


Below is the HIJACKTHIS.LOG after using VundoFix:

Logfile of HijackThis v1.99.1
Scan saved at 4:57:31 PM, on 2/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\mysvcc.exe
C:\WINDOWS\system32\srrvc.exe
C:\WINDOWS\System32\svcchost.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\PROGRA~1\eScan\AVPMWrap.EXE
C:\WINDOWS\system32\mfcee.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\PROGRA~1\eScan\kavss.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\Documents and Settings\Sys\4.exe
C:\PROGRA~1\eScan\avpm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\Program Files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\eScan\AvpM.exe
C:\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {481E7983-1F2B-4250-951A-44E0902DF978} - C:\WINDOWS\System32\opnollk.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\System32\yudpdsvv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F2496031-4FE4-497E-8F75-04E0A180366E} - C:\WINDOWS\System32\vtsqn.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKLM\..\Run: [staeck12] C:\WINDOWS\system32\mfcee.exe
O4 - HKLM\..\Run: [melg34] C:\Documents and Settings\Sys\4.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKCU\..\Run: [staeck12] C:\WINDOWS\system32\mfcee.exe
O4 - HKCU\..\Run: [melg34] C:\Documents and Settings\Sys\4.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Samsung Multimedia Keyboard.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Advanced Email Extractor - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/link.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{17BBF687-1141-4522-B007-EF63C7F4B7EE}: NameServer = 202.54.6.60,202.54.29.5
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe


Please check and advice my system errors.

Alright, now follow this guide:
http://forum.CCleaner.com/index.php?showtopic=6329

In your next reply post the four logs you get from doing those steps. (AVG antispyware, Superantispyware, Bitdefender and a new hijackthis log.)

THANKS RRIDGELY, I FOLLOWED THE DETAILS, BELOW ARE THE REPORTS.
THESE SPYWARES REMOVED MANY INFECTIONS , PLEASE STUDY AND ADVISE THE NEXT STEP.

1) HIJACKTHIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 4:53:54 PM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\PROGRA~1\eScan\avpm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\srrvc.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\PROGRA~1\eScan\AVPMWrap.EXE
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\WINDOWS\system32\mfcee.exe
C:\Documents and Settings\Sys\4.exe
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\PROGRA~1\eScan\kavss.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\eScan\AvpM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {481E7983-1F2B-4250-951A-44E0902DF978} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F2496031-4FE4-497E-8F75-04E0A180366E} - C:\WINDOWS\System32\vtsqn.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKLM\..\Run: [staeck12] C:\WINDOWS\system32\mfcee.exe
O4 - HKLM\..\Run: [melg34] C:\Documents and Settings\Sys\4.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKCU\..\Run: [staeck12] C:\WINDOWS\system32\mfcee.exe
O4 - HKCU\..\Run: [melg34] C:\Documents and Settings\Sys\4.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Samsung Multimedia Keyboard.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Advanced Email Extractor - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/link.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17BBF687-1141-4522-B007-EF63C7F4B7EE}: NameServer = 202.54.6.60,202.54.29.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A1DA16E-B943-4E3A-A5A8-FF298FFD2041}: NameServer = 202.54.29.5 202.54.6.60
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

2) BIT DEFENDER REPORT:
BitDefender Online Scanner - Real Time Virus ReportBitDefender Online
Scanner - Real Time Virus Report
Generated at: Tue, Feb 06, 2007 - 14:51:55




Scan Info
Scanned Files621382
Infected Files378


Virus Detected
DeepScan:Generic.Malware.SYBddldg.26A600B35
Trojan.Agent.ACL1
Backdoor.Rbot.FGD4
DeepScan:Generic.Malware.SYddldg.855620B12
Backdoor.Sdbot.W1
MemScan:Trojan.Vundo.W3
BehavesLike:Win32.FileInfector12
Trojan.Downloader.Conhook.D4
Trojan.Juan.E2
Trojan.Virtumod.EB9
DeepScan:Generic.Malware.SYddldg.21FE268A287
DeepScan:Generic.Malware.SYddldg.23F1AE3A42
Backdoor.Rbot.BDQ5
Generic.Botget.930D50D41





This summary of the scan process will be used by the BitDefender Antivirus
Lab to create agregate statistics about virus activity around the world.


3) SUPER ANTIVIRUS SCAN REPORT
SUPERAntiSpyware Scan Log
Generated 02/06/2007 at 03:36 PM

Application Version : 3.5.1016

Core Rules Database Version : 3178
Trace Rules Database Version: 1188

Scan type : Complete Scan
Total Scan Time : 00:17:47

Memory items scanned : 478
Memory threats detected : 1
Registry items scanned : 6149
Registry threats detected : 8
File items scanned : 25650
File threats detected : 96

Trojan.SVCCHost
C:\WINDOWS\SYSTEM32\SVCCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCCHOST.EXE
[msvcc25] C:\WINDOWS\SYSTEM32\SVCCHOST.EXE
[msvcc25] C:\WINDOWS\SYSTEM32\SVCCHOST.EXE

Adware.Tracking Cookie
C:\Documents and Settings\Sys\Cookies\sys@1072664508[1].txt
C:\Documents and Settings\Sys\Cookies\sys@indexstats[2].txt
C:\Documents and Settings\Sys\Cookies\sys@mediaplex[1].txt
C:\Documents and Settings\Sys\Cookies\sys@www.freesexyindians[3].txt
C:\Documents and Settings\Sys\Cookies\sys@1069251633[1].txt
C:\Documents and Settings\Sys\Cookies\sys@www.winantispyware[1].txt
C:\Documents and Settings\Sys\Cookies\sys@doubleclick[2].txt
C:\Documents and Settings\Sys\Cookies\sys@adrevolver[1].txt
C:\Documents and Settings\Sys\Cookies\sys@tribalfusion[1].txt
C:\Documents and Settings\Sys\Cookies\sys@1066815633[1].txt
C:\Documents and Settings\Sys\Cookies\sys@fastclick[2].txt
C:\Documents and Settings\Sys\Cookies\sys@cbs.112.2o7[1].txt
C:\Documents and Settings\Sys\Cookies\sys@adrevolver[2].txt
C:\Documents and Settings\Sys\Cookies\sys@stats1.reliablestats[2].txt
C:\Documents and Settings\Sys\Cookies\sys@winantivirus[2].txt
C:\Documents and Settings\Sys\Cookies\sys@casalemedia[2].txt
C:\Documents and Settings\Sys\Cookies\sys@bs.serving-sys[2].txt
C:\Documents and Settings\Sys\Cookies\sys@atdmt[2].txt
C:\Documents and Settings\Sys\Cookies\sys@www.amaena[2].txt
C:\Documents and Settings\Sys\Cookies\sys@serving-sys[1].txt
C:\Documents and Settings\Sys\Cookies\sys@adbrite[2].txt
C:\Documents and Settings\Sys\Cookies\sys@1069738494[1].txt
C:\Documents and Settings\Sys\Cookies\sys@www.winantivirus[1].txt
C:\Documents and Settings\Sys\Cookies\sys@adserver[1].txt
C:\Documents and Settings\Sys\Cookies\sys@ad.parachat[2].txt
C:\Documents and Settings\Sys\Cookies\sys@ads.realtechnetwork[2].txt
C:\Documents and Settings\Sys\Cookies\sys@overture[1].txt
C:\Documents and Settings\Sys\Cookies\sys@winantispyware[2].txt
C:\Documents and Settings\Sys\Cookies\sys@pro-market[1].txt
C:\Documents and Settings\Sys\Cookies\sys@ad.yieldmanager[1].txt
C:\Documents and Settings\Sys\Cookies\sys@www.freesexyindians[1].txt

Adware.Vundo Variant
HKCR\CLSID\{68D5CF1D-EC5C-4BDD-A9EF-F0E517565D50}
HKCR\CLSID\{68D5CF1D-EC5C-4BDD-A9EF-F0E517565D50}\InprocServer32
HKCR\CLSID\{68D5CF1D-EC5C-4BDD-A9EF-F0E517565D50}\InprocServer32#ThreadingModel

Unclassified.Unknown Origin
HKCR\CLSID\{481E7983-1F2B-4250-951A-44E0902DF978}
HKCR\CLSID\{481E7983-1F2B-4250-951A-44E0902DF978}\InprocServer32
HKCR\CLSID\{481E7983-1F2B-4250-951A-44E0902DF978}\InprocServer32#ThreadingModel

Malware.SpywareNuker
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP201\A0048059.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP202\A0048076.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP203\A0048077.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP203\A0048086.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP204\A0048103.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP204\A0048133.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP204\A0048146.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP204\A0048174.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP205\A0048191.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP205\A0048213.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP205\A0048223.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP205\A0048236.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP205\A0048256.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP205\A0048265.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP205\A0048275.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP206\A0048290.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP206\A0048299.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP206\A0048318.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP206\A0048349.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP206\A0048363.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP207\A0048373.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP207\A0048382.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP207\A0048410.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP207\A0048429.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP207\A0048460.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049458.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049470.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049484.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049503.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049512.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049560.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049598.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049633.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049650.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049663.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049682.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP209\A0049705.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP209\A0049751.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP209\A0049767.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP209\A0049806.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP209\A0049821.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP210\A0050822.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP210\A0051821.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP210\A0051835.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0051851.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0051865.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0051892.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0051931.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0052055.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0052077.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0052118.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0052154.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053389.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053403.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053418.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053465.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053497.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053530.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053552.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053568.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053584.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053601.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\PSHOOK11.SYS

Trojan.Downloader-WBRock
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053645.EXE


4) AVG ANTI-SPYWARE SCAN REPORT:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:47:46 PM 2/6/2007

+ Scan result:



C:\WINDOWS\system32\ajj.exe -> Adware.Aureate : Ignored.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.
[352] C:\WINDOWS\System32\mysvcc.exe -> Backdoor.Rbot.aeu : Cleaned with backup (quarantined).
C:\Documents and Settings\Sys\Cookies\sys@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.


::Report end

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

-------

Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall

In your next post I want a combofix log, smitfraud log, and a new hijackthis log.

Thanks rridgely, after extracting Smitfraudfix, I double clicked smitfraudfix.cmd. But I got a error message "Reboot.exe file is missing!".
Later when I checked, I couldn't extract "reboot.exe" file. I could see reboot.exe in the winzip window, but this particular file is not getting extracted though I tried in different methods. Any suggestions where I am wrong!

LATER I COULD FIND THE VIRUS SOFTWARE THAT IS STOPPING THE EXTRACTION OF "REBOOT.EXE". I DISABLED THAT SOFTWARE AND FOLLOWED YOUR INSTRUCTIONS, BELOW ARE THE REPORTS. PLEASE STUDY AND ADVISE THE NEXT STEP, THANKS.

1) SMITFRAUDFIX REPORT:
SmitFraudFix v2.141

Scan done at 16:18:52.46, Thu 02/08/2007
Run from C:\Documents and Settings\Sys\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sys


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sys\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sys\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


2) COMBOFIX REPORT:
"Sys" - 07-02-08 16:20:29 Service Pack 2
ComboFix 07-02-07 - Running from: "C:\Documents and Settings\Sys\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\REGEDIT.com


((((((((((((((((((((((((((((((( Files Created from 2007-01-08 to 2007-02-08 ))))))))))))))))))))))))))))))))))


2007-02-08 16:19 3,024 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-08 16:17 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-08 16:17 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-08 16:17 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-08 16:17 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-08 16:17 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-08 16:17 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-08 14:32 67,645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys
2007-02-06 16:01 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-06 15:22 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-02-06 15:15 <DIR> d-------- C:\DOCUME~1\Sys\Application Data\SUPERAntiSpyware.com
2007-02-06 15:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\SUPERAntiSpyware.com
2007-02-06 15:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-02-06 13:12 <DIR> d-------- C:\WINDOWS\LastGood
2007-02-06 13:12 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-02-05 16:26 <DIR> d-------- C:\VundoFix Backups
2007-02-05 12:16 <DIR> d-------- C:\WINDOWS\Prefetch
2007-02-05 12:15 33,792 --------- C:\WINDOWS\system32\drivers\escanmxx.sys
2007-02-05 12:13 7,583 --a------ C:\WINDOWS\system32\eInstall.dat
2007-02-05 12:13 12,560 --a------ C:\WINDOWS\WSSPORD.DAT
2007-02-05 12:12 <DIR> d-------- C:\PUB
2007-02-05 12:11 508,928 --a------ C:\WINDOWS\system32\eInstall.exe
2007-02-05 12:11 32,768 --a------ C:\WINDOWS\system32\esmxlog.dll
2007-02-05 12:11 138,000 --a------ C:\WINDOWS\system32\drivers\klif108.sys
2007-02-05 12:11 117,008 --a------ C:\WINDOWS\system32\drivers\klif50.sys
2007-02-05 12:11 <DIR> d-------- C:\WINDOWS\system32\ES_SETUP
2007-02-05 12:11 <DIR> d-------- C:\AVPDOS
2007-02-05 12:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avg7
2007-02-05 12:09 950,272 --a------ C:\WINDOWS\system32\contfilt.dll
2007-02-05 12:09 9,488 --a------ C:\WINDOWS\sporder.dll
2007-02-05 12:09 7,680 --a------ C:\WINDOWS\sporder.exe
2007-02-05 12:09 41,984 --a------ C:\WINDOWS\killproc.exe
2007-02-05 12:09 40,448 --a------ C:\WINDOWS\inst_tsp.exe
2007-02-05 12:09 339,968 --a------ C:\WINDOWS\system32\mwtsp.dll
2007-02-05 12:09 14,866 --a------ C:\WINDOWS\winsbak.reg
2007-02-05 12:09 134,144 --a------ C:\WINDOWS\R.COM
2007-02-05 12:09 130,560 --a------ C:\WINDOWS\system32\ZIPDLL.DLL
2007-02-05 12:09 128,512 --a------ C:\WINDOWS\system32\T.COM
2007-02-05 12:09 125,440 --a------ C:\WINDOWS\system32\UNZDLL.DLL
2007-02-05 12:09 118,784 --a------ C:\WINDOWS\system32\mwnsp.dll
2007-02-05 12:09 105,944 --a------ C:\WINDOWS\winsbak2.reg
2007-02-05 12:09 <DIR> d-------- C:\WINDOWS\system32\FLCSS.EXE
2007-02-05 12:09 <DIR> d-------- C:\Program Files\eScan
2007-02-05 12:09 <DIR> d-------- C:\Program Files\Common Files\MicroWorld
2007-02-05 12:09 <DIR> d-------- C:\DOCUME~1\REMOTE~1\Documents
2007-02-05 12:09 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Documents
2007-02-04 15:08 76,589 --a------ C:\DOCUME~1\Sys\3.exe
2007-02-04 11:06 <DIR> d-------- C:\HIJACKTHIS
2007-01-28 14:16 <DIR> d-------- C:\Program Files\Payroll 2007
2007-01-28 14:15 <DIR> d-------- C:\DOCUME~1\Sys\Application Data\{54B1765B-9375-4819-95E7-963DB04D3A42}
2007-01-28 13:09 5,680 --a------ C:\WINDOWS\system32\drivers\psntkd20.sys
2007-01-27 20:58 <DIR> d-------- C:\DOCUME~1\Sys\Application Data\DivX
2007-01-27 20:57 36,624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-01-27 20:57 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-01-27 20:57 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-01-27 20:57 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-01-27 20:57 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-01-27 20:57 116,472 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-01-27 20:57 <DIR> d-------- C:\Program Files\DivX
2007-01-27 13:11 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-01-27 12:32 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2007-01-27 12:32 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-01-27 12:32 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2007-01-27 12:32 10,240 -ra------ C:\WINDOWS\system32\PA207Usd.dll
2007-01-27 12:31 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-01-27 12:31 <DIR> d-------- C:\Program Files\zebronics webcamera model zeb-100k
2007-01-27 12:31 <DIR> d-------- C:\Program Files\Common Files\PCCamera
2007-01-27 07:48 457,097 --ahs---- C:\WINDOWS\system32\ccbeg.bak2
2007-01-26 17:02 <DIR> d-------- C:\DOCUME~1\Sys\Application Data\Leadertech
2007-01-26 06:49 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-01-26 06:49 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-01-26 06:48 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-01-26 06:48 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-01-26 06:43 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-01-26 06:43 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-01-26 06:43 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-01-26 06:43 738,906 --a------ C:\WINDOWS\system32\DivX.dll
2007-01-26 06:43 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-01-26 06:43 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-01-26 06:43 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-01-26 06:43 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-01-26 06:43 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-01-26 06:43 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-01-26 06:43 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-01-26 06:43 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-01-25 21:43 435,704 --ahs---- C:\WINDOWS\system32\ccbeg.bak1
2007-01-23 20:20 0 --a------ C:\WINDOWS\system32\setup_23367.exe
2007-01-23 20:19 0 --a------ C:\WINDOWS\system32\eraseme_38347.exe
2007-01-21 19:05 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-21 18:53 <DIR> d-------- C:\DOCUME~1\Sys\Application Data\Real
2007-01-16 16:22 <DIR> d-------- C:\DOCUME~1\Sys\Application Data\AdobeAUM
2007-01-16 15:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-13 11:32 <DIR> d-------- C:\Program Files\Grisoft


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-04 12:51 -------- d-------- C:\Program Files\xoftspy
2007-01-30 07:48 -------- d-------- C:\DOCUME~1\Sys\Application Data\skype
2007-01-28 14:15 -------- d-------- C:\DOCUME~1\Sys\Application Data\{54b1765b-9375-4819-95e7-963db04d3a42}
2007-01-28 12:14 -------- d-------- C:\Program Files\spyware nuker
2007-01-28 11:52 -------- d-------- C:\Program Files\yahoo!
2007-01-27 12:31 -------- d--h----- C:\Program Files\installshield installation information
2007-01-22 12:06 -------- d-------- C:\DOCUME~1\Sys\Application Data\adobeum
2007-01-21 19:05 -------- d-------- C:\Program Files\Common Files\real
2007-01-16 16:22 -------- d-------- C:\DOCUME~1\Sys\Application Data\adobe
2007-01-13 12:16 -------- d-------- C:\Program Files\Common Files\symantec shared
2006-12-25 10:36 1682 --ahs---- C:\WINDOWS\system32\kgygaavl.sys
2006-12-21 07:47 304160 --a------ C:\StiImg.dat
2006-12-20 10:33 -------- d-------- C:\DOCUME~1\Sys\Application Data\google
2006-12-20 10:25 -------- d-------- C:\Program Files\google
2006-12-20 10:23 -------- d-------- C:\DOCUME~1\Sys\Application Data\macromedia
2006-12-12 21:54 12288 --a------ C:\WINDOWS\system32\divxwmpexttype.dll
2006-12-12 21:54 118784 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2006-12-06 11:25 56 -r-hs---- C:\WINDOWS\system32\fc5303fb6f.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.8472\\GoogleToolbarNotifier.exe"
"Skype"="\"D:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"john315"="C:\\WINDOWS\\system32\\srrvc.exe"
"staeck12"="C:\\WINDOWS\\system32\\mfcee.exe"
"melg34"="C:\\WINDOWS\\system32\\mdmd.exe"
"SUPERAntiSpyware"="D:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SMSERIAL"="sm56hlpr.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SWN2"="C:\\Program Files\\Spyware Nuker\\swnxt.exe /h"
"DSLSTATEXE"="C:\\Program Files\\GlobespanVirata\\Adsl\\dslstat.exe icon"
"DSLAGENTEXE"="C:\\Program Files\\GlobespanVirata\\Adsl\\dslagent.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"john315"="C:\\WINDOWS\\system32\\srrvc.exe"
"MailScan Dispatcher"="\"C:\\Program Files\\eScan\\LAUNCH.EXE\""
"eScan Updater"="C:\\PROGRA~1\\eScan\\TRAYICOS.EXE /App"
"eScan Monitor"="C:\\PROGRA~1\\eScan\\AVPMWrap.EXE"
"staeck12"="C:\\WINDOWS\\system32\\mfcee.exe"
"melg34"="C:\\WINDOWS\\system32\\mdmd.exe"
"!AVG Anti-Spyware"="\"D:\\Program Files\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sys^Start Menu^Programs^Startup^PANTONE® for fashion and home 3.0.lnk]
"path"="C:\\Documents and Settings\\Sys\\Start Menu\\Programs\\Startup\\PANTONE® for fashion and home 3.0.lnk"
"backup"="C:\\WINDOWS\\pss\\PANTONE® for fashion and home 3.0.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\PANTON~1\\PANTON~1.0\\PANTON~1.EXE "
"item"="PANTONE® for fashion and home 3.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAP"
"hkey"="HKLM"
"command"="D:\\PROGRA~1\\DAP\\DAP.EXE /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"command"="D:\\Program Files\\HP Share-to-Web\\hpgs2wnd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWN2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swnxt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Spyware Nuker\\swnxt.exe /h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Winampa"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\Winamp\\Winampa.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YAHOOM~1"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{481E7983-1F2B-4250-951A-44E0902DF978}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\



********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-08 16:23:19


3) NEW HIJACK THIS LOG:
Logfile of HijackThis v1.99.1
Scan saved at 4:24:54 PM, on 2/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\PROGRA~1\eScan\avpm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\PROGRA~1\eScan\AVPMWrap.EXE
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\eScan\AvpM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe
D:\PROGRA~1\DAP\DAP.EXE
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\eScan\kavss.exe
C:\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {481E7983-1F2B-4250-951A-44E0902DF978} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F2496031-4FE4-497E-8F75-04E0A180366E} - C:\WINDOWS\System32\vtsqn.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKLM\..\Run: [staeck12] C:\WINDOWS\system32\mfcee.exe
O4 - HKLM\..\Run: [melg34] C:\WINDOWS\system32\mdmd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKCU\..\Run: [staeck12] C:\WINDOWS\system32\mfcee.exe
O4 - HKCU\..\Run: [melg34] C:\WINDOWS\system32\mdmd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Samsung Multimedia Keyboard.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Advanced Email Extractor - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/link.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17BBF687-1141-4522-B007-EF63C7F4B7EE}: NameServer = 202.54.6.60,202.54.29.5
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Uninstall spyware nuker. If you don't see it in add/remove programs don't worry about it.

Your computer is still pretty bad. Lets run a few more tools.

Run Panda Activescan from Here.

Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan
(Note: It may take a couple of minutes)
- When the download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location so you can post it back.

---------

Please download WebRoot SpySweeper from HERE (It's a 14 day trial):

• Click the Download now link on the right to download the program.
• Double-click the file to install it as follows:

• Click "Next", read the agreement, Click "Next"
• Choose "Custom" click "Next".
• Leave the default installation directory as it is, then click "Next".
• UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
• On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
• Finally, click "Install"

• Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, disconnect from the internet.
• Click Options on the left side.
• Click the Sweep Options tab.
• Under What to Sweep please put a check next to the following:
• Sweep Memory
• Sweep Registry
• Sweep Cookies
• Sweep All User Accounts
• Enable Direct Disk Sweeping
• Sweep Contents of Compressed Files
• Sweep for Rootkits
• Please UNCHECK Do not Sweep System Restore Folder.

• Click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into your next reply.

Post the webroot log and a new hijackthis log along with the panda log.

I USED THE TWO TOOLS AND BELOW ARE THE REPORTS:
IT SEEMS MY SYSTEM IS DAMAGED VERY BADLY , THANKS FOR HELP .

1) PANDA REPORT:

Incident Status Location

Adware:adware/ipinsight Not disinfected c:\windows\system32\sentry.sys
Adware:adware/powerstrip Not disinfected Windows Registry
Virus:Trj/Mailbot.BJ Disinfected C:\Documents and Settings\Sys\3.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sys\Cookies\sys@ad.yieldmanager[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sys\Cookies\sys@atdmt[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Sys\Cookies\sys@bluestreak[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Sys\Cookies\sys@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Sys\Cookies\sys@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Sys\Cookies\sys@fastclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Sys\Cookies\sys@media.fastclick[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Sys\Cookies\sys@tribalfusion[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sys\Desktop\BMK\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sys\Desktop\BMK\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sys\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sys\Desktop\SPYWARE\SmitFraudFix\SmitfraudFix\Process.exe
Adware:Adware/Aureate-Radiate Not disinfected C:\WINDOWS\system32\GMAGlue.exe
Virus:W32/Sdbot.ftp.worm Disinfected C:\WINDOWS\system32\i
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Adware:Adware/Aureate-Radiate Not disinfected D:\Program Files\Group Mail\BACKUP\GMAGlue.exe
Adware:Adware/Aureate-Radiate Not disinfected D:\Program Files\Group Mail\BACKUP\GMAGlue.001
Adware:Adware/Aureate-Radiate Not disinfected F:\Zip\Group Mail Plus v3.4.071 with serial\infactagmplus.exe[GMAGLUE.EXE]


2) SPY SWEEPER REPORT:
12:52 PM: Removal process completed. Elapsed time 00:00:07
12:52 PM: Quarantining All Traces: burstnet cookie
12:52 PM: Quarantining All Traces: tribalfusion cookie
12:52 PM: Quarantining All Traces: bluestreak cookie
12:52 PM: Quarantining All Traces: atlas dmt cookie
12:52 PM: Quarantining All Traces: casalemedia cookie
12:52 PM: Quarantining All Traces: yieldmanager cookie
12:51 PM: Quarantining All Traces: maxifiles
12:51 PM: Removal process initiated
12:51 PM: Traces Found: 8
12:51 PM: Custom Sweep has completed. Elapsed time 00:17:26
12:51 PM: File Sweep Complete, Elapsed Time: 00:14:57
12:50 PM: ApplicationMinimized - EXIT
12:50 PM: ApplicationMinimized - EXIT
12:50 PM: ApplicationMinimized - ENTER
12:50 PM: ApplicationMinimized - ENTER
12:50 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
12:45 PM: Warning: SweepDirectories: Cannot find directory "g:". This directory was not added to the list of paths to be scanned.
12:39 PM: Warning: Failed to open file "c:\program files\escan\spooler.lck". The operation completed successfully
12:39 PM: Warning: Failed to open file "c:\program files\escan\maildisp.lck". The operation completed successfully
12:39 PM: Warning: Failed to open file "c:\program files\escan\maildsp1.lck". The operation completed successfully
12:36 PM: Starting File Sweep
12:36 PM: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
12:36 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
12:36 PM: c:\documents and settings\sys\cookies\sys@www.burstnet[1].txt (ID = 2337)
12:36 PM: Found Spy Cookie: burstnet cookie
12:36 PM: c:\documents and settings\sys\cookies\sys@tribalfusion[1].txt (ID = 3589)
12:36 PM: Found Spy Cookie: tribalfusion cookie
12:36 PM: c:\documents and settings\sys\cookies\sys@casalemedia[2].txt (ID = 2354)
12:36 PM: c:\documents and settings\sys\cookies\sys@bluestreak[1].txt (ID = 2314)
12:36 PM: Found Spy Cookie: bluestreak cookie
12:36 PM: c:\documents and settings\sys\cookies\sys@atdmt[1].txt (ID = 2253)
12:36 PM: Found Spy Cookie: atlas dmt cookie
12:36 PM: c:\documents and settings\sys\cookies\sys@as.casalemedia[1].txt (ID = 2355)
12:36 PM: Found Spy Cookie: casalemedia cookie
12:36 PM: c:\documents and settings\sys\cookies\sys@ad.yieldmanager[2].txt (ID = 3751)
12:36 PM: Found Spy Cookie: yieldmanager cookie
12:36 PM: Starting Cookie Sweep
12:36 PM: Registry Sweep Complete, Elapsed Time:00:00:22
12:36 PM: HKLM\software\microsoft\juan\ (ID = 1781228)
12:36 PM: Found Adware: maxifiles
12:35 PM: Starting Registry Sweep
12:35 PM: Memory Sweep Complete, Elapsed Time: 00:01:35
12:34 PM: Starting Memory Sweep
12:34 PM: Start Custom Sweep
12:34 PM: Sweep initiated using definitions version 845
12:29 PM: Access to Hosts file allowed for D:\PROGRAM FILES\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
12:26 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
12:26 PM: ApplicationMinimized - EXIT
12:26 PM: ApplicationMinimized - ENTER
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
12:25 PM: Shield States
12:25 PM: Spyware Definitions: 845
12:24 PM: Spy Sweeper 5.3.1.2344 started
12:24 PM: Spy Sweeper 5.3.1.2344 started
12:24 PM: | Start of Session, Saturday, February 10, 2007 |
***************

3) NEW HIJACKTHIS LOG:
Logfile of HijackThis v1.99.1
Scan saved at 1:00:52 PM, on 2/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\PROGRA~1\eScan\avpm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\PROGRA~1\eScan\AVPMWrap.EXE
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\PROGRA~1\eScan\kavss.exe
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\eScan\AvpM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {481E7983-1F2B-4250-951A-44E0902DF978} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F2496031-4FE4-497E-8F75-04E0A180366E} - C:\WINDOWS\System32\vtsqn.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\GlobespanVirata\Adsl\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\GlobespanVirata\Adsl\dslagent.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] "C:\PROGRA~1\eScan\TRAYICOS.EXE" /App
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKLM\..\Run: [staeck12] C:\WINDOWS\system32\mfcee.exe
O4 - HKLM\..\Run: [melg34] C:\WINDOWS\system32\mdmd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKCU\..\Run: [staeck12] C:\WINDOWS\system32\mfcee.exe
O4 - HKCU\..\Run: [melg34] C:\WINDOWS\system32\mdmd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Samsung Multimedia Keyboard.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Advanced Email Extractor - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/link.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17BBF687-1141-4522-B007-EF63C7F4B7EE}: NameServer = 202.54.6.60,202.54.29.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A1DA16E-B943-4E3A-A5A8-FF298FFD2041}: NameServer = 202.54.29.5 202.54.6.60
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Besides I have one doubt, my internet connection has got invariably very slow after installing the spyware/adware softwares. If I open an additional window, the transferring of the bytes is getting completely stopped, so I have to restart my syste to browse internet. Any suggestion why is this happening? Can I un-install these softwares now? Please comment.

You can uninstall webroot spysweeper if you want. Keep the others because we will probably need them again.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

THANKS RRIDGELY, BELOW ARE THE REPORTS, PLEASE ADVISE NEXT STEP :

1) SDFix report:

SDFix: Version 1.64

Run by: Sys - Sun 02/11/2007 @ 12:19:12.87

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\eraseme_38347.exe - Deleted
C:\WINDOWS\system32\eraseme_46035.exe - Deleted
C:\WINDOWS\system32\eraseme_51380.exe - Deleted
C:\WINDOWS\system32\i - Deleted
C:\WINDOWS\system32\plscd.exe - Deleted
C:\WINDOWS\system32\setup_23367.exe - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:



Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\WINDOWS\system32\FC5303FB6F.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\LastGood.Tmp\INF\oem5.inf
C:\WINDOWS\LastGood.Tmp\INF\oem5.PNF

Finished

2) NEW HIJACKTHIS LOG:
Logfile of HijackThis v1.99.1
Scan saved at 12:27:02 PM, on 2/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\PROGRA~1\eScan\avpm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\PROGRA~1\eScan\AVPMWrap.EXE
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\eScan\kavss.exe
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\eScan\AvpM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {481E7983-1F2B-4250-951A-44E0902DF978} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F2496031-4FE4-497E-8F75-04E0A180366E} - C:\WINDOWS\System32\vtsqn.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\GlobespanVirata\Adsl\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\GlobespanVirata\Adsl\dslagent.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] "C:\PROGRA~1\eScan\TRAYICOS.EXE" /App
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] "D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Samsung Multimedia Keyboard.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Advanced Email Extractor - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/link.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{17BBF687-1141-4522-B007-EF63C7F4B7EE}: NameServer = 202.54.6.60,202.54.29.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A1DA16E-B943-4E3A-A5A8-FF298FFD2041}: NameServer = 202.54.29.5 202.54.6.60
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

THANKS RRIDGELY, BELOW ARE THE REPORTS, PLEASE ADVISE NEXT STEP :

1) SDFix report:

SDFix: Version 1.64

Run by: Sys - Sun 02/11/2007 @ 12:19:12.87

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\eraseme_38347.exe - Deleted
C:\WINDOWS\system32\eraseme_46035.exe - Deleted
C:\WINDOWS\system32\eraseme_51380.exe - Deleted
C:\WINDOWS\system32\i - Deleted
C:\WINDOWS\system32\plscd.exe - Deleted
C:\WINDOWS\system32\setup_23367.exe - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:



Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\WINDOWS\system32\FC5303FB6F.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\LastGood.Tmp\INF\oem5.inf
C:\WINDOWS\LastGood.Tmp\INF\oem5.PNF

Finished

2) NEW HIJACKTHIS LOG:
Logfile of HijackThis v1.99.1
Scan saved at 12:27:02 PM, on 2/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\PROGRA~1\eScan\avpm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\PROGRA~1\eScan\AVPMWrap.EXE
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\eScan\kavss.exe
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\eScan\AvpM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {481E7983-1F2B-4250-951A-44E0902DF978} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F2496031-4FE4-497E-8F75-04E0A180366E} - C:\WINDOWS\System32\vtsqn.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\GlobespanVirata\Adsl\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\GlobespanVirata\Adsl\dslagent.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] "C:\PROGRA~1\eScan\TRAYICOS.EXE" /App
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] "D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Samsung Multimedia Keyboard.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Advanced Email Extractor - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/link.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{17BBF687-1141-4522-B007-EF63C7F4B7EE}: NameServer = 202.54.6.60,202.54.29.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A1DA16E-B943-4E3A-A5A8-FF298FFD2041}: NameServer = 202.54.29.5 202.54.6.60
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Next please visit SpyKillers forum here

http://www.thespykiller.co.uk/forum/index.php?board=1.0

Read the instructions for uploading files which is the first topic on the forum then start a new Topic named 'Files From CCleaners Forum' , please then post a link to this thread and upload the SDFix backups folder which is located here:

C:\SDFix\backups\backups.zip

Once they are uploaded you can delete the C:\SDFix folder to remove the infected backups from your system

---------

Run Kaspersky WebScanner

• Please go HERE and click Kaspersky Online Scanner
• Read and Accept the Agreement
• You will be promted to install an ActiveX component from Kaspersky, Click Yes.
• If you see a Windows dialog asking if you want to install this software, click the Install button.
• The program will launch and then begin downloading the latest definition files,
• When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
• Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
• Under "Please select a target to scan:", click My Computer to start the scan.
• When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
• Paste kaspersky log onto forum.

THANKS RRIDGELY, BELOW ARE THE REPORTS:
PLEASE STUDY AND REVERT ME THE NEXT STEP.

1) LINK FOR THE SDFIX UPLOAD FILE:
http://www.thespykiller.co.uk/forum/index....mp;topic=3599.0

2) KAVSCAN.TXT FILE:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, February 12, 2007 5:54:43 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/02/2007
Kaspersky Anti-Virus database records: 267015
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 71641
Number of viruses found: 7
Number of infected objects: 34 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:34:49

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sys\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Sys\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Sys\Desktop\BMK\SmitfraudFix\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Sys\Desktop\BMK\SmitfraudFix\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Sys\Desktop\BMK\SmitfraudFix\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Sys\Desktop\BMK\SmitfraudFix\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\Sys\Desktop\SPYWARE\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Sys\Desktop\SPYWARE\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Sys\Desktop\SPYWARE\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Sys\Desktop\SPYWARE\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\Sys\Desktop\SPYWARE\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Sys\Desktop\SPYWARE\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Sys\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Sys\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Sys\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sys\Local Settings\History\History.IE5\MSHist012007021220070213\index.dat Object is locked skipped
C:\Documents and Settings\Sys\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sys\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Sys\ntuser.dat.LOG Object is locked skipped
C:\Program Files\eScan\MAILDISP.LCK Object is locked skipped
C:\Program Files\eScan\MAILDSP1.LCK Object is locked skipped
C:\Program Files\eScan\SPOOLER.LCK Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-823518204-839522115-1003\Dc9\backups\backups.zip/backups/i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\RECYCLER\S-1-5-21-1085031214-823518204-839522115-1003\Dc9\backups\backups.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0052115.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0052116.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0052119.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0052156.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053390.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053405.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053420.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053467.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053498.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053531.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053553.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053569.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053586.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053603.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053647.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP217\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\ajj.exe Infected: not-a-virus:AdWare.Win32.Aureate.d skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\eraseme_21230.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\kav1.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
D:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP217\change.log Object is locked skipped
F:\Zip\GDiVX 1.9.1.exe/data0007/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.w skipped
F:\Zip\GDiVX 1.9.1.exe/data0007/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
F:\Zip\GDiVX 1.9.1.exe/data0007 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
F:\Zip\GDiVX 1.9.1.exe NSIS: infected - 3 skipped

Scan process completed.

Download Killbox from Here

Click killbox.exe

Select the option "Delete on reboot".

Click the button: All Files (Important!)
Now it should flash green.

Next copy the contents of the code box to clipboard by left clicking and covering the text then right click inside the highlighted area and choose Copy:



After copying the above text to Clipboard click File on the killbox menu bar and choose Paste From Clipboard

Then press the Delete File button (Red Circle with a White X).
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.

Your computer should reboot now.

Then after reboot upload the C:\!Killbox folder to the same topic they opened at Spykillers, may also be worth trying a different scanner such as panda to make sure there's nothing else to remove

[code]Run Panda Activescan from Here.

Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan
(Note: It may take a couple of minutes)
- When the download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location so you can post it back.

1) I RAN KILLBOX.EXE AND FOLLOWED YOUR INSTRUCTIONS, BUT I COULDN'T UPLOAD IKILL FOLDER, MY INTERNET CONNECTION GETTING VERY SLOW!!!!! ANY SUGGESTION ABOUT HOW TO CORRECT THIS DEAD SLOW INTERNET CONNECTION? PLEASE ADVISE.

2) PANDA SCAN REPORT:

Incident Status Location

Adware:adware/ipinsight Not disinfected c:\windows\system32\sentry.sys
Adware:adware/powerstrip Not disinfected Windows Registry
Virus:W32/Sdbot.ftp.worm Disinfected C:\!KillBox\( 1)
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Sys\Cookies\sys@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Sys\Cookies\sys@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sys\Cookies\sys@atdmt[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Sys\Cookies\sys@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Sys\Cookies\sys@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Sys\Cookies\sys@fastclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Sys\Cookies\sys@media.fastclick[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sys\Cookies\sys@overture[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Sys\Cookies\sys@tribalfusion[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sys\Desktop\BMK\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sys\Desktop\BMK\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sys\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sys\Desktop\SPYWARE\SmitFraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sys\Desktop\SPYWARE\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-1085031214-823518204-839522115-1003\Dc9\apps\Process.exe
Virus:W32/Sdbot.ftp.worm Disinfected C:\RECYCLER\S-1-5-21-1085031214-823518204-839522115-1003\Dc9\backups\backups.zip[backups/i]
Adware:Adware/Aureate-Radiate Not disinfected C:\WINDOWS\system32\GMAGlue.exe
Virus:W32/Sdbot.ftp.worm Disinfected C:\WINDOWS\system32\i
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Adware:Adware/Aureate-Radiate Not disinfected D:\Program Files\Group Mail\BACKUP\GMAGlue.exe
Adware:Adware/Aureate-Radiate Not disinfected D:\Program Files\Group Mail\BACKUP\GMAGlue.001
Adware:Adware/Aureate-Radiate Not disinfected F:\Zip\Group Mail Plus v3.4.071 with serial\infactagmplus.exe[GMAGLUE.EXE]

Hi Buchi and RRidgely

Buchi can you right click the C:\!Killbox folder and choose Send To > Compressed (zipped) Folder then upload the C:!Killbox.zip folder to Spykillers, the file that has been uploaded is a log file from killbox but its the files inside the folder that Id like to test,

You appear to still have an active backdoor infection on your system, SDFix removed the i file in the system32 folder but it was then found again by Kaspersky, Killbox was then used to remove it and now its been found again by Pandascan so something is putting the file back each time its removed

Anytime a backdoor is found a format and reinstall of the OS should be considered as it means the attacker has full access to your system (in this case using IRC channels), we will of course do our best to clean the computer of any infections that we can see but depending on what this system is used for you may want to consider reinstalling Windows to be sure its safe to use in the future (for logging into confidential sites such as banking, Paypal, Ebay, Email etc... )

Please read through this topic as it applies to your situation:

When Should I Format, How Should I Reinstall

Should you wish to continue with the cleanup then please upload the C:\Killbox.zip folder to SpyKillers so I can check the eraseme_(random number) file as its a backdoor trojan installer, I can then see what files or services its attempting to add which may help to find the solution, please also post a new HijackThis log into this thread and let us know if this system is connected to a home network,

Finally please post the contents of the Add/Remove screen to make sure there is no additional malware programs listed

Open Hijackthis, and click the Misc Tools button.
Then click the Open Uninstall Manager... button.
The Add/Remove Programs Manager panel should appear.
In this panel click the Save list button.
Save the uninstall_list.txt file to your desktop and copy and paste the contents back in your next reply.

Thanks

Andy

Thank you Rridgely & Andy, I decided to format my system and install the components again, as it is safe & secure for important data.
Besides my knowledge is also not sufficient enough to do more tougher works.
I really appreciate Rridgely for his best support offered to me, but I think my system is highly infected.
THANK YOU SO MUCH RRIDGELY AND ANDY

Thanks Buchi,

Its always difficult to decide when a format should be done, in this case there is a backdoor clearly still open even after running multiple scanners so I think you have made the right decision to wipe the hard drive and start again, if it was on my pc I would do the same and format if there was still a open backdoor after running fixes, before connecting to the internet after reinstalling be sure to get your firewall and antivirus programs in place and updated then visit Windows updates to get all the security updates available as the system is very vulnerable just after reinstalling the OS until you have them in place, hopefully it will not take you too long to get up and running again but if we can help more in anyway just let us know,

Kind Regards

Andy

Thanks Andy, I formatted my system and re-installed the firewall and e-scan anti-virus program and Spyware nuker and Xsoftspy.
My system worked nice for two days, but since yesterday I was getting an error:
"SVCHOST.EXE - The exception unknown software exception (0xc0000409) occured in the application at location 0x5b86a510"

Again today, when I got the same error, I re-started my system... suddenly a blue screen (something like DOS screen) came with many text information on it... I just remember one line in it "BEGINNING PHYSICAL DUMP OF MEMORY"

So i have to press reset button and start my system again.....then I got a error message saying "AVMPWRAP.EXE - Corrupt File -The file or directory \AVPcallback.log is corrupt and unreadable. Please run the chkdsk utility"

Would you please inform what is happening to my system...is this a virus again??? Please advise.

Hi Buchi,

Im not really sure what's going on there ?

Lets try afew things then take it from there,

run the system file checking feature to make sure none of the protected Windows files are damaged or corrupt.

Goto Start Menu -> Run -> type

SFC /SCANNOW

(There's a space after SFC) , Press OK and it will run the System File Checker. Follow the prompts, and insert your Windows installation CD if requested then reboot the computer after it has finished

Next try running the checkdisk feature on your system and see if it finds any errors on your drive,

Goto Start Menu > Run > Type

cmd

Press OK and it will open the command prompt screen. Type (or copy and paste) this onto the cmd screen

CHKDSK

Press Enter and it will scan the drive for errors and it will look like this :

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

If it does show errors as the example above shows then type

CHKDSK /F /R

Press Enter and it may show a message similar this:

The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another
process. Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N)

Type Y for yes and then Reboot the PC, this may take along time to complete but will hopefully repair any problems that are found on the drive.

I think the AVPcallback.log is connected to eScan but Ive never used the program so cannot be sure, if it continues please uninstall eScan from the Add/Remove screen (Start > Control Panel > Add or Remove Programs) then reboot and reinstall it to see if it solves the issue, let us know how it goes and if your still having problems please then post a new HijackThis log so I can see whats currently installed

Thanks

Andy

Buchi please read
http://www.symantec.com/security_response/...-99&tabid=1

Hi YoKenny,

I think we need to be careful before suggesting someone deletes a program that they may of payed for unless there is proof that its malicious or rogue. It may not be my first choice of spyware remover but neither is Xoftspy however that's just my opinion so isnt a valid reason to suggest removing it and neither is posting links to write ups from 2003

Quote Symantec
Quote Eric Howes
http://spywarewarrior.com/rogue_anti-spyware.htm

hi im new to this forum, and im no genius at computers and stuff, but I usually fix my computer on my own somehow, but laely i've been having new, weird, and spontaneous computer problems that have driven me crazy, and made me lose concentration, time, and work efficiency for school. I had Norton Internet Security 2007, but it allowed a lot of trojans, adware, spyware, and pop-up cookies get loaded to my computer, so i uninstalled it, and installed McAfee Anti-Virus. I installed everything, and developed a problem. My internet didn't work. I tried changing settings, and everything, but nothing worked. I uninstalled McAfee, and my internet worked. So i called a friend up whose suppsoed to be smarter than me, but he didn't help, cuz he switched over to Macs. I installed just the anti-virus and firewall, and my internet worked. the spamkiller interuppted the internet. But the main reason for my switch was because i was experiencing weird problems. I kept getting these messages:
1.RUNDLL ERROR-(these files i think i figured to be trojans and deleted, the 3 dll errors)C:\Documents and Settings\Michael\Local Settings\Application Data\polqot.dll
2.RUNDLL ERROR-C:\Documents and Settings\Michael\Local Settings\Application Data\paudgi.dll
3.RUNDLL ERROR-C:\Documents and Settings\Michael\Local Settings\Application Data\snfelxf.dll
4.nd this error was something to do with awtuusp.dll
ive had the followin programs now some of which like hijackthis i dont know how to use because i dont know what is good or bad:
McAfee Security Center
Norton System Works
Spybot Search and Destroy
XoftSpySE
a-squared Free
blbeta.exe
ADSSpy.exe
HijackThis.exe
and i downloaded some programs after reading this thread such as:
VundoFix.exe
SmitfraudFix.zip
SDFix.exe
KillBox.exe
and the VundoFix.exe found 5 infected files on my computer, one of which was the awtuusp.dll file, but can some one explain why i could never find these dll files when i manually looked in the right folders?
and now after installing McAfee, my computer has started using an internet gateway, even though it never did this before, is this normal?
and the other files the VundoFix.eve found are:
mljgfcc.dll,mljiihe.dll,opnmkl.dll,rqrsttq.dll (all these files are in the system 32 folder, but you probably already know that)
I subscribed to this forum, cuz i searched the file awtuusp.dll and found this forum, and because you people are like incredibly smart,lol, if i have any more problems il ask for help. By the way, can some one tell me where all of you got all you knowledge about computers, the different programs you have and use, and the shortcuts for like checkdisk and other things? thanks a lot guys.

Hi bigmike,
Please start a new topic with a hijackthis log. Look in the malware removal guide in my signature if you don't know how to do that.

Hi rridgely and Andy

Sorry, i took long time to follow your instructions as I don't have XP installation CD. Unfortunately still after running scan disk and check disk, the problem "SVCHOST.EXE - The exception unknown software exception (0xc0000409) occured in the application at location 0x5b86a510" is still persisting. Please study my below hijackthis log and advise me about how to correct this problem.


Logfile of HijackThis v1.99.1
Scan saved at 2:47:32 PM, on 3/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\PROGRA~1\eScan\AVPMWrap.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\PROGRA~1\eScan\avpm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\PROGRA~1\eScan\kavss.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\eScan\AvpM.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] D:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=031907 serial=DR12WNP-9936859-UJJ lang=EN
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Advanced Email Extractor - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/link.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E53D72FA-C1E5-46F4-9ECF-5E41651DBFB9}: NameServer = 202.54.60.6,202.54.29.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Hi Buchi

I'm not sure how you formatted the system without a Windows disc but if there is error's with windows files then a Windows disc will likely be needed to either run sfc /scannow and replace files or perform a repair install of Windows if the problem continues, the isnt a problem that HijackThis can help with as its not clear whats causing the error's, if you did format the system then you may need to reinstall drivers for graphics card, soundcard etc.., if you didnt then that could be causing problems, if you have the disks for them then try to reinstall the drivers, if you do not have the disk then you will have to visit their websites and try to download the correct drivers for the cards you have. It's also worth visiting Windows Updates to make sure there isnt any security updates available that may help resolve the problem,

Their is topics on the net regarding the same error but the cause and solution doesnt seem to be clear

http://www.help2go.com/component/option,co...ght,0xc0000409/

http://www.tombraiderforums.com/showthread.php?t=72150

http://forum.sysinternals.com/forum_posts....;PN=0&TPN=2

http://forums.tomcoyote.org/index.php?showtopic=67986

If the problem continues even after reinstalling the drivers and visiting Windows Updates then you may have to perform a repair install of Windows which is explained here

http://www.michaelstevenstech.com/XPrepairinstall.htm

Andy

"I'm not sure how you formatted the system without a Windows disc"....

Andy, my desktop never came with an installation CD, it has a little partition installed, so whenever I had to format, I simply rebooted and followed the prompts and it installed Windows. Handy in some instances, and annoying in others. My new laptop came with the CD's, so I am sure at some point I will learn how to use them.

Thanks 1984

I'd be lost without my Windows disks, especially in cases like this as Id assume that makes it more difficult to run sfc scan or do a repair install but I can see how it may help people so they can format without the need for disks, All the PC's Ive had were built rather than bought so Ive always got used to getting OEM XP disks when buying other things so I now have a couple of spare disks incase I need them anytime or want to install it on different pc's,

I wouldnt have a clue though how to check windows files using sfc without the disc apart from copying the folder from the disk to the hard drive and then modifying the registry so it looks in the folder rather than at the cdrom drive but thats not much use without the disk to copy from and isnt really needed then as you could just run it using the disk Same with performing a repair install without the disk I wouldnt know where to start so if it is prebuilt it maybe best to contact the supplier unless other members have more experience with them and can help Buchi (assuming its not a conflicting/ missing driver or a corrupt install of one of their programs thats causing it)