My computer was infected with virus and it was popping up with NT Kernel error 1256.
So I did vundofix ,combofix as per the info I got from the messages here.
I'm posting the combofix and hijackthis log
I still have a big X mark next to my C:/
Thankyou in advance for your help
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:36 PM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Aventail\Connect\as32svc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\Program Files\Cisco\Vpn Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\apps\notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SealedMedia\sealmon.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {03F7A64D-C360-4CFF-A90B-25ADD8909E08} - C:\WINDOWS\system32\vtsqp.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco\Vpn Client\vpngui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Program Neighborhood Agent.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://amer-ml36.amer.csc.com/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/25.23/uploader2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://terminal.fedne.amer.csc.com/msrdp.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O23 - Service: Aventail Connect (As32Svc) - Aventail Corporation - C:\Program Files\Aventail\Connect\as32svc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\Cisco\Vpn Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\apps\notes\ntmulti.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: OESH (Office Source Engine Help) - Unknown owner - C:\Program.exe (file missing)
O24 - Desktop Component 0: (no name) - http://clipart.christiansunite.com/1103928...y_Scenes004.jpg
--
End of file - 11328 bytes
ComboFix 08-02-20.2 - saji 2008-02-20 11:18:22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.204 [GMT -5:00]
Running from: C:\Documents and Settings\saji\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\djufttsm.dll
C:\WINDOWS\system32\mllml.dll
C:\Documents and Settings\Guest\Application Data\Starware\Layouts\WeatherLayout.xml
C:\Documents and Settings\Guest\Application Data\Starware\Layouts\WeatherLayout.xml.backup
C:\Documents and Settings\sangeetha\Application Data\ICROSO~1.NET\?icrosoft.NET\
C:\Documents and Settings\sangeetha\Application Data\ICROSO~1.NET\mmc.exe
C:\Documents and Settings\sangeetha\Application Data\SpamBlockerUtility_Icons\MobileSidewalk_2.ico
C:\Documents and Settings\sangeetha\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\sangeetha\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\sangeetha\Start Menu\Programs\MalwareAlarm\MalwareAlarm.lnk
C:\Documents and Settings\sangeetha\Start Menu\Programs\MalwareAlarm\Uninstall.lnk
C:\mydelm.bat
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
C:\Program Files\MSN\woqugesek.dll
C:\Program Files\MSN\woqugesek205.dll
C:\Program Files\MSN\woqugesek232.dll
C:\Program Files\MSN\woqugesek330.dll
C:\Program Files\MSN\woqugesek543.dll
C:\Program Files\MSN\woqugesek753.dll
C:\Program Files\MSN\woqugesek975.dll
C:\Program Files\NetMeeting\pybajonow89104.dll
C:\Program Files\Temporary\InsiDERIns.exe
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19\lPig.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\mywinsys.ini
C:\WINDOWS\system\svchest.exe
C:\WINDOWS\system\svchest.reg
C:\WINDOWS\system32\AlxRes061230.exe
C:\WINDOWS\system32\dd.exe
C:\WINDOWS\system32\djufttsm.dll
C:\WINDOWS\system32\djufttsm.dllbox
C:\WINDOWS\SYSTEM32\gmpaeils.ini
C:\WINDOWS\SYSTEM32\gqglfray.ini
C:\WINDOWS\SYSTEM32\iqucyjnw.ini
C:\WINDOWS\system32\k5\thgd2241dll.exe
C:\WINDOWS\SYSTEM32\kjjlm.ini
C:\WINDOWS\SYSTEM32\kjjlm.ini2
C:\WINDOWS\system32\ljjhhgh.dll
C:\WINDOWS\SYSTEM32\lmllm.ini
C:\WINDOWS\SYSTEM32\lmllm.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mywebhit.ini
C:\WINDOWS\system32\mywebhit.ini.tmp
C:\WINDOWS\system32\nboefnvv.dll
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\nqbdkoac.dll
C:\WINDOWS\system32\p9\liopud89104.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pgcjqwuq.dll
C:\WINDOWS\SYSTEM32\quwqjcgp.ini
C:\WINDOWS\system32\scrsys061230.scr
C:\WINDOWS\system32\scrsys16_061230.scr
C:\WINDOWS\system32\w11\hiba3133.exe
C:\WINDOWS\system32\winsys16_061230.dll
C:\WINDOWS\system32\winsys32_061230.dll
C:\WINDOWS\system32\wthvwwmw.dll
C:\WINDOWS\system32\xydzyh.exe
C:\WINDOWS\system32\yarflgqg.dll
C:\WINDOWS\tk58.exe
C:\WINDOWS\xpupdate.exe
.
---- Previous Run -------
.
C:\Documents and Settings\Guest\Application Data\Starware
C:\Documents and Settings\Guest\Application Data\Starware\Layouts\WeatherLayout.xml
C:\Documents and Settings\Guest\Application Data\Starware\Layouts\WeatherLayout.xml.backup
C:\Documents and Settings\sangeetha\Application Data\ICROSO~1.NET
C:\Documents and Settings\sangeetha\Application Data\ICROSO~1.NET\?icrosoft.NET\
C:\Documents and Settings\sangeetha\Application Data\ICROSO~1.NET\mmc.exe
C:\Documents and Settings\sangeetha\Application Data\SpamBlocker
C:\Documents and Settings\sangeetha\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\sangeetha\Application Data\SpamBlockerUtility_Icons\MobileSidewalk_2.ico
C:\Documents and Settings\sangeetha\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\sangeetha\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\sangeetha\Start Menu\Programs\MalwareAlarm
C:\Documents and Settings\sangeetha\Start Menu\Programs\MalwareAlarm\MalwareAlarm.lnk
C:\Documents and Settings\sangeetha\Start Menu\Programs\MalwareAlarm\Uninstall.lnk
C:\mydelm.bat
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
C:\Program Files\MSN\woqugesek.dll
C:\Program Files\MSN\woqugesek205.dll
C:\Program Files\MSN\woqugesek232.dll
C:\Program Files\MSN\woqugesek330.dll
C:\Program Files\MSN\woqugesek543.dll
C:\Program Files\MSN\woqugesek753.dll
C:\Program Files\MSN\woqugesek975.dll
C:\Program Files\NetMeeting\pybajonow89104.dll
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERIns.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\mywinsys.ini
C:\WINDOWS\system\svchest.exe
C:\WINDOWS\system\svchest.reg
C:\WINDOWS\system32\a1
C:\WINDOWS\system32\AlxRes061230.exe
C:\WINDOWS\system32\dd.exe
C:\WINDOWS\system32\djufttsm.dllbox
C:\WINDOWS\SYSTEM32\gmpaeils.ini
C:\WINDOWS\SYSTEM32\gqglfray.ini
C:\WINDOWS\SYSTEM32\iqucyjnw.ini
C:\WINDOWS\system32\k5
C:\WINDOWS\system32\k5\thgd2241dll.exe
C:\WINDOWS\SYSTEM32\kjjlm.ini
C:\WINDOWS\SYSTEM32\kjjlm.ini2
C:\WINDOWS\system32\ljjhhgh.dll
C:\WINDOWS\SYSTEM32\lmllm.ini
C:\WINDOWS\SYSTEM32\lmllm.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mywebhit.ini
C:\WINDOWS\system32\mywebhit.ini.tmp
C:\WINDOWS\system32\nboefnvv.dll
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\nqbdkoac.dll
C:\WINDOWS\system32\p9
C:\WINDOWS\system32\p9\liopud89104.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pgcjqwuq.dll
C:\WINDOWS\SYSTEM32\quwqjcgp.ini
C:\WINDOWS\system32\scrsys061230.scr
C:\WINDOWS\system32\scrsys16_061230.scr
C:\WINDOWS\system32\v6
C:\WINDOWS\system32\w11
C:\WINDOWS\system32\w11\hiba3133.exe
C:\WINDOWS\system32\winsys16_061230.dll
C:\WINDOWS\system32\winsys32_061230.dll
C:\WINDOWS\system32\wthvwwmw.dll
C:\WINDOWS\system32\xydzyh.exe
C:\WINDOWS\system32\yarflgqg.dll
C:\WINDOWS\tk58.exe
C:\windows\xpupdate.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Indexingbox
((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.
2008-02-19 20:48 . 2008-02-19 21:30 <DIR> d-------- C:\VundoFix Backups
2008-02-19 10:11 . 2008-02-20 10:42 <DIR> d-------- C:\Program Files\MalwareAlarm
2008-02-18 23:20 . 2008-02-18 23:50 <DIR> d-------- C:\Program Files\xInsIDE
2008-02-18 11:49 . 2008-02-18 11:49 <DIR> d-------- C:\Documents and Settings\saji\Application Data\HP
2008-02-18 11:43 . 2008-02-18 11:43 <DIR> d-------- C:\Documents and Settings\saji\Application Data\Yahoo!
2008-02-09 17:31 . 2006-10-04 09:06 1,197,294 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\sysmain.sdb
2008-02-09 17:31 . 2006-10-04 09:06 764,868 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apph_sp.sdb
2008-02-09 17:31 . 2006-10-04 09:06 217,118 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apphelp.sdb
2008-02-09 17:30 . 2008-02-09 17:30 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-02-09 17:27 . 2008-02-19 21:15 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2008-02-09 17:27 . 2008-02-09 17:28 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2008-02-09 10:10 . 2008-02-09 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-02-09 10:09 . 2008-02-09 10:10 <DIR> d-------- C:\Program Files\Dell Support Center
2008-02-09 10:09 . 2008-02-09 10:09 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-02-04 10:31 . 2008-02-11 07:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 09:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-18 17:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 14:08 --------- d-----w C:\Program Files\eGames
2008-01-11 16:52 --------- d-----w C:\Program Files\Google
2007-12-24 18:31 --------- d-----w C:\Program Files\SCM Microsystems
2007-12-21 02:24 --------- d-----w C:\Program Files\Citrix
2007-12-19 01:29 52,272 ----a-w C:\Documents and Settings\Guest\Application Data\GDIPFONTCACHEV1.DAT
2007-11-14 05:09 28,672 ----a-w C:\Documents and Settings\Guest\atwbxdet.dll
2007-10-23 01:51 52,272 ----a-w C:\Documents and Settings\sangeetha\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03F7A64D-C360-4CFF-A90B-25ADD8909E08}]
C:\WINDOWS\system32\vtsqp.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"P17Helper"="P17.dll" [2004-06-10 12:51 60928 C:\WINDOWS\SYSTEM32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05 122939]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 09:50 53248]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 16:15 139264]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2004-08-17 18:26 245760]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 17:55 180224]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-08-22 16:31 1327104]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2004-06-16 23:33 98304]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2004-08-03 18:18 1083392]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2004-08-17 18:29 184320]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-18 19:46 180269]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36 114688]
"sealmon"="C:\Program Files\SealedMedia\sealmon.exe" [2006-06-19 21:48 94208]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52 49152]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22 3739648]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
C:\Documents and Settings\sangeetha\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2002-08-09 16:36:20 299008]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26 29696]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco\Vpn Client\vpngui.exe [2006-12-10 16:20:33 1524776]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-24 05:42:50 124912]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Program Neighborhood Agent.lnk - C:\WINDOWS\Installer\{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}\Icon80951CEC.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2007-12-19 21:11:26 12390]
R3 Astdi;Astdi;C:\Program Files\Aventail\Connect\asnttdi.sys [2005-08-19 11:47]
S2 Office Source Engine Help;OESH;C:\Program Files\NetMeeting\msmsgs [2008-02-16 09:35]
S3 Ascrypto;Ascrypto;C:\Program Files\Aventail\Connect\ascrypto.sys [2005-08-19 11:47]
S3 SCR131C;SCRx31 Serial Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR131C.sys [2002-11-07 04:04]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR33X2K.sys [2004-04-06 04:24]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
"2008-02-20 16:31:36 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (ADHEENA-saji).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-02-20 16:34:00 C:\WINDOWS\Tasks\McAfee.com Update Check (ADHEENA-Guest).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-02-20 12:24:51 C:\WINDOWS\Tasks\McAfee.com Update Check (ADHEENA-saji).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-02-20 15:32:11 C:\WINDOWS\Tasks\McAfee.com Update Check (ADHEENA-sangeetha).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agen
"2008-02-20 16:35:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D1HQ0F61-Administrator).job"
- c:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- c:\PROGRA~1\mcafee.com\agent
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 11:31:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Aventail\Connect\as32svc.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\Program Files\Cisco\Vpn Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\apps\notes\ntmulti.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\Rundll32.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2008-02-20 11:35:25 - machine was rebooted [saji]
ComboFix-quarantined-files.txt 2008-02-20 16:35:21
.
2008-02-14 08:04:57 --- E O F ---