computer slowdown please check Hijackthis log and suggest

My internet is slowing down since few days. I want to know if there is any spyware/virus or any unnecessary process running in background. Below is my Hijackthis Log file: Please analyse and suggest :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:57 AM, on 11/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\LOGTIME\Logtimew.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\MSConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lalit chhalani\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\HJK\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Logtime] "C:\Program Files\LOGTIME\Logtimew.exe" -m
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConf] MSConfig.exe
O4 - HKLM\..\RunServices: [MSConf] MSConfig.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSConf] MSConfig.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1203856435250
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0F974AC-B7D2-4E75-B57C-945C076C550E}: NameServer = 218.248.255.162 218.248.255.139
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5735 bytes

 

Hi lalitA04

Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required.

Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop.

Configuring Malwarebytes

• Click on the tab Settings.
• Make sure only these boxes are checked:

Code:

Terminate Internet Explorer
Automatically save and display logfile after removal
Always scan memory objects
Always scan registry objects
Always scan filesystem
Always scan extra and heuristics objects

Updating Malwarebytes

• Click on the tab Update.
• Press the button Check for Updates
• Wait for Malwarebytes to be fully updated.

Scanning Time

• Click on the tab Scanner.
• Check Perform full scan and click on Scan
• Wait for the scan to complete, and then click on Show Results.
• Make sure all items are checked, then click on Remove Selected.
**If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.

Post A Log

• A text box will pop up after the removal process is over. Post the contents of the text here.
• If no text box pops up, launch Malwarebytes, and click on the tab Logs.
• The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open.
• Post the log here.

Best Regards

 

Thanx for your prompt reply. I have done as per your instruction. Following is the log file.Kindly check and advice:

Malwarebytes' Anti-Malware 1.30
Database version: 1437
Windows 5.1.2600 Service Pack 3

11/30/2008 04:13:33 PM
mbam-log-2008-11-30 (16-13-33).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 133333
Time elapsed: 48 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\stfngdvw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
E:\UTILITIE\repairing softwares\PCBUGDOCTOR\BugdoctorSetup.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ActMon.ini (Spyware.ActMon) -> Quarantined and deleted successfully.

 

Hey lalitA04

Right now I cannot say if your computer is infected or not. We'll have to do a little more analysis.

Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Save it to your Desktop.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.

• Run Combo-Fix.exe and follow the prompts.
• Accept the End-User License Agreement.
• Allow the Recovery Console to be installed.
• When you see the window below, click on Yes.

• When the Recovery Console has been installed, click on Yes to start the scan.


**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
• Wait for the scan to be fully completed.
• If it requires a reboot, please do so.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the ComoboFix window, as it may cause it to stall.

Best Regards

 

Many many thanks for your prompt replies. Here is the log file of Combo-Fix.Kindly make me sure if my pc is free from any malware:
ComboFix 08-11-30.01 - Lalit chhalani 2008-12-01 12:47:22.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.206 [GMT 5.5:30]
Running from: c:\documents and settings\Lalit chhalani\Desktop\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\update.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 )))))))))))))))))))))))))))))))
.

2008-11-30 15:20 . 2008-11-30 15:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-30 15:20 . 2008-11-30 15:20 <DIR> d-------- c:\documents and settings\Lalit chhalani\Application Data\Malwarebytes
2008-11-30 15:20 . 2008-11-30 15:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-30 15:20 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-30 15:20 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-30 12:38 . 2008-11-30 12:38 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-29 17:05 . 2008-11-29 17:05 <DIR> d-------- C:\HJK
2008-11-27 13:39 . 2008-11-27 13:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-11-27 12:56 . 2008-11-27 12:56 <DIR> dr-h----- C:\AHCache
2008-11-26 10:07 . 2008-11-26 10:07 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-24 20:11 . 2008-11-14 18:05 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-14 18:03 . 2008-11-14 18:03 <DIR> d-------- c:\documents and settings\Lalit chhalani\.housecall6.6
2008-11-13 15:02 . 2008-11-13 15:02 118 --a------ c:\windows\system32\MRT.INI
2008-11-13 09:57 . 2008-10-24 16:51 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 09:56 . 2008-09-04 22:45 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 18:14 . 2008-11-14 11:31 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-12 18:14 . 2008-11-12 18:14 1,409 --a------ c:\windows\QTFont.for
2008-11-09 10:22 . 2008-11-09 10:23 9,609,305 --a------ c:\windows\system32\Themes For Windows XP.exe
2008-11-06 20:11 . 2008-11-06 20:11 <DIR> d-------- c:\documents and settings\Lalit chhalani\Application Data\Uniblue
2008-11-06 20:11 . 2008-11-06 20:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2008-11-01 19:24 . 2008-11-16 12:54 116 --a------ c:\windows\NeroDigital.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 11:15 --------- d-----w c:\program files\Common Files\Ahead
2008-10-30 11:15 --------- d-----w c:\program files\Ahead
2008-10-30 08:08 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-30 07:03 --------- d-----w c:\documents and settings\Lalit chhalani\Application Data\Nero
2008-10-30 06:58 --------- d-----w c:\program files\Common Files\Nero
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 11:13 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 03:07 12,528,593 ------w C:\avg7qt.dat
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-02-10 01:55 6,656 --sha-w c:\program files\Thumbs.db
2008-04-14 00:12 180,274 --sh--r c:\windows\system32\MSConfig.exe
2008-08-21 04:16 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082120080822\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-06-16 3334144]
"MSConf"="MSConfig.exe" [2008-04-14 c:\windows\system32\MSConfig.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Logtime"="c:\program files\LOGTIME\Logtimew.exe" [2002-08-23 208896]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-22 590848]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-26 136600]
"MSConf"="MSConfig.exe" [2008-04-14 c:\windows\system32\MSConfig.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"MSConf"="MSConfig.exe" [2008-04-14 c:\windows\system32\MSConfig.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-04-14 219136]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.NSGSM"= NSGSM32.ACM
"MSACM.NSTSP"= NSTSP32.ACM
"MSACM.sx5363s"= sx5363s.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WarpSpeeder Tray Icon.lnk]
backup=c:\windows\pss\WarpSpeeder Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lalit chhalani^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Lalit chhalani^Start Menu^Programs^Startup^Screen Saver Control.lnk]
backup=c:\windows\pss\Screen Saver Control.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapFax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto EPSON Stylus C58 Series on JAIN3]
--a------ 2006-02-23 00:30 131072 c:\windows\system32\spool\drivers\w32x86\3\E_FATIBHS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C43 Series]
--a------ 2002-12-10 08:36 75776 c:\windows\system32\spool\drivers\w32x86\3\E_S10IC2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C58 Series]
--a------ 2006-02-23 00:30 131072 c:\windows\system32\spool\drivers\w32x86\3\E_FATIBHS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a------ 2008-11-20 20:41 133104 c:\documents and settings\Lalit chhalani\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfraDrive Carbosign Updates]
--a------ 2007-09-12 01:22 1147016 c:\program files\InfraDrive\Carbosign\Carbosign.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 05:42 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-13 19:59 155648 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-12-18 17:32 25365032 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-05-18 11:35 36972 c:\program files\Java\jre1.5.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-28 12:16 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-06-16 14:37 3334144 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-01-11 15:08 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Documents and Settings\\Lalit chhalani\\Application Data\\Thinstall\\Alcohol_120%_v1.9.6.5429\\4000004900003i\\StarWindServiceAE.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\SAGENT4.EXE"=
"c:\\WINDOWS\\System32\\MSConfig.exe"=
"c:\\Documents and Settings\\Lalit chhalani\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Lalit chhalani\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\TTAdvance\\TTAdv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 BIOS;BIOS;\??\c:\windows\system32\drivers\BIOS.sys [2007-02-23 13696]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2007-02-26 2368]
R3 iadusb;USB IAD LAN Modem;c:\windows\system32\DRIVERS\glauiad.sys [2008-01-26 30336]
S3 acfva;acfva;c:\windows\system32\DRIVERS\acfva.sys [2007-04-04 51168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d6baee2-9d09-11dd-a7a6-00085cc0bc18}]
\Shell\AutoRun\command - I:\kinza.exe
\Shell\explore\Command - I:\kinza.exe
\Shell\open\Command - I:\kinza.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d17d386-224e-11dc-a04a-00e04d005426}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f674e67-4fd8-11dc-a163-00e04d005426}]
\Shell\AutoRun\command - K:\smss.exe
.
Contents of the 'Scheduled Tasks' folder

2007-12-12 c:\windows\Tasks\Scan.job
- c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe []

2008-11-30 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Lalit chhalani\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-20 20:41]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Lalit chhalani\Application Data\Mozilla\Firefox\Profiles\rov6glu2.default\
FF -: plugin - c:\documents and settings\Lalit chhalani\Application Data\Mozilla\plugins\npgoogletalk.dll
FF -: plugin - c:\documents and settings\Lalit chhalani\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 12:48:30
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-01 12:49:04
ComboFix-quarantined-files.txt 2008-12-01 07:19:04

Pre-Run: 1,485,570,048 bytes free
Post-Run: 1,510,146,048 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

207 --- E O F --- 2008-11-13 09:32:19

 

Many many thanks for your prompt replies. Here is the log file of Combo-Fix.Kindly make me sure if my pc is free from any malware:
ComboFix 08-11-30.01 - Lalit chhalani 2008-12-01 12:47:22.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.206 [GMT 5.5:30]
Running from: c:\documents and settings\Lalit chhalani\Desktop\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\update.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 )))))))))))))))))))))))))))))))
.

2008-11-30 15:20 . 2008-11-30 15:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-30 15:20 . 2008-11-30 15:20 <DIR> d-------- c:\documents and settings\Lalit chhalani\Application Data\Malwarebytes
2008-11-30 15:20 . 2008-11-30 15:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-30 15:20 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-30 15:20 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-30 12:38 . 2008-11-30 12:38 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-29 17:05 . 2008-11-29 17:05 <DIR> d-------- C:\HJK
2008-11-27 13:39 . 2008-11-27 13:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-11-27 12:56 . 2008-11-27 12:56 <DIR> dr-h----- C:\AHCache
2008-11-26 10:07 . 2008-11-26 10:07 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-24 20:11 . 2008-11-14 18:05 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-14 18:03 . 2008-11-14 18:03 <DIR> d-------- c:\documents and settings\Lalit chhalani\.housecall6.6
2008-11-13 15:02 . 2008-11-13 15:02 118 --a------ c:\windows\system32\MRT.INI
2008-11-13 09:57 . 2008-10-24 16:51 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 09:56 . 2008-09-04 22:45 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 18:14 . 2008-11-14 11:31 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-12 18:14 . 2008-11-12 18:14 1,409 --a------ c:\windows\QTFont.for
2008-11-09 10:22 . 2008-11-09 10:23 9,609,305 --a------ c:\windows\system32\Themes For Windows XP.exe
2008-11-06 20:11 . 2008-11-06 20:11 <DIR> d-------- c:\documents and settings\Lalit chhalani\Application Data\Uniblue
2008-11-06 20:11 . 2008-11-06 20:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2008-11-01 19:24 . 2008-11-16 12:54 116 --a------ c:\windows\NeroDigital.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 11:15 --------- d-----w c:\program files\Common Files\Ahead
2008-10-30 11:15 --------- d-----w c:\program files\Ahead
2008-10-30 08:08 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-30 07:03 --------- d-----w c:\documents and settings\Lalit chhalani\Application Data\Nero
2008-10-30 06:58 --------- d-----w c:\program files\Common Files\Nero
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 11:13 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 03:07 12,528,593 ------w C:\avg7qt.dat
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-02-10 01:55 6,656 --sha-w c:\program files\Thumbs.db
2008-04-14 00:12 180,274 --sh--r c:\windows\system32\MSConfig.exe
2008-08-21 04:16 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082120080822\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-06-16 3334144]
"MSConf"="MSConfig.exe" [2008-04-14 c:\windows\system32\MSConfig.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Logtime"="c:\program files\LOGTIME\Logtimew.exe" [2002-08-23 208896]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-22 590848]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-26 136600]
"MSConf"="MSConfig.exe" [2008-04-14 c:\windows\system32\MSConfig.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"MSConf"="MSConfig.exe" [2008-04-14 c:\windows\system32\MSConfig.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-04-14 219136]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.NSGSM"= NSGSM32.ACM
"MSACM.NSTSP"= NSTSP32.ACM
"MSACM.sx5363s"= sx5363s.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WarpSpeeder Tray Icon.lnk]
backup=c:\windows\pss\WarpSpeeder Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lalit chhalani^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Lalit chhalani^Start Menu^Programs^Startup^Screen Saver Control.lnk]
backup=c:\windows\pss\Screen Saver Control.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapFax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto EPSON Stylus C58 Series on JAIN3]
--a------ 2006-02-23 00:30 131072 c:\windows\system32\spool\drivers\w32x86\3\E_FATIBHS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C43 Series]
--a------ 2002-12-10 08:36 75776 c:\windows\system32\spool\drivers\w32x86\3\E_S10IC2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C58 Series]
--a------ 2006-02-23 00:30 131072 c:\windows\system32\spool\drivers\w32x86\3\E_FATIBHS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a------ 2008-11-20 20:41 133104 c:\documents and settings\Lalit chhalani\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfraDrive Carbosign Updates]
--a------ 2007-09-12 01:22 1147016 c:\program files\InfraDrive\Carbosign\Carbosign.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 05:42 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-13 19:59 155648 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-12-18 17:32 25365032 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-05-18 11:35 36972 c:\program files\Java\jre1.5.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-28 12:16 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-06-16 14:37 3334144 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-01-11 15:08 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Documents and Settings\\Lalit chhalani\\Application Data\\Thinstall\\Alcohol_120%_v1.9.6.5429\\4000004900003i\\StarWindServiceAE.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\SAGENT4.EXE"=
"c:\\WINDOWS\\System32\\MSConfig.exe"=
"c:\\Documents and Settings\\Lalit chhalani\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Lalit chhalani\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\TTAdvance\\TTAdv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 BIOS;BIOS;\??\c:\windows\system32\drivers\BIOS.sys [2007-02-23 13696]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2007-02-26 2368]
R3 iadusb;USB IAD LAN Modem;c:\windows\system32\DRIVERS\glauiad.sys [2008-01-26 30336]
S3 acfva;acfva;c:\windows\system32\DRIVERS\acfva.sys [2007-04-04 51168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d6baee2-9d09-11dd-a7a6-00085cc0bc18}]
\Shell\AutoRun\command - I:\kinza.exe
\Shell\explore\Command - I:\kinza.exe
\Shell\open\Command - I:\kinza.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d17d386-224e-11dc-a04a-00e04d005426}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f674e67-4fd8-11dc-a163-00e04d005426}]
\Shell\AutoRun\command - K:\smss.exe
.
Contents of the 'Scheduled Tasks' folder

2007-12-12 c:\windows\Tasks\Scan.job
- c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe []

2008-11-30 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Lalit chhalani\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-20 20:41]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Lalit chhalani\Application Data\Mozilla\Firefox\Profiles\rov6glu2.default\
FF -: plugin - c:\documents and settings\Lalit chhalani\Application Data\Mozilla\plugins\npgoogletalk.dll
FF -: plugin - c:\documents and settings\Lalit chhalani\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 12:48:30
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-01 12:49:04
ComboFix-quarantined-files.txt 2008-12-01 07:19:04

Pre-Run: 1,485,570,048 bytes free
Post-Run: 1,510,146,048 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

207 --- E O F --- 2008-11-13 09:32:19

 

Hey lalitA04

Are you willing to uninstall AVG for a better antivirus? If not, pleae do not follow these instructions and tell me.

Please download Avira AntiVir Personal and install it. Follow the prompts and reboot if required.

Launch Avira AntiVir Personal either by running C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe or right-click on the Antivir icon in your task bar (it looks like a white umbrella with a red background) and click on Start AntiVir.

Configuring AntiVir

• Click on Configuration.
• Make sure Expert mode is checked
• Expand +Scanner > +Scan.
• Click on Action for concerning files.
• Check Automatic, and set Primary Action: to repair, then Secondary Action to quarantine.
• Click on Heuristic.
• Make sure Macrovirus heuristic, Win32 file heuristic, and High detection level are checked.

• Expand +General and click on Extended threat categories.
• Check everything off the list except Application (APPL).
• Click on the button OK at the bottom of the window.

Updating AntiVir

• At the main window, click on Start update.
• Wait for AntiVir to be fully updated.

Scanning Time

• Boot into safe mode by repeatedly pressing the F8 key after you press the power button. If safe mode does not work, tell me and do the scan in normal mode.
• Launch AntiVir.
• At the main window, click on Scan system now.
• Wait for the scan to complete, and then click on Report. A Notepad window will pop up. Save this onto your computer.
• Click on End, and reboot your computer.

Post A Log

• Post the contents of the report you saved.

If you didn't save the report,
• Launch AntiVir
• Under Overview, click on Reports.
• Choose the report listed at the top, and right-click on it.
• Click on Display report.
• Click on Report file.
• Copy and paste the contents of the log here in your next post.

Best Regards

 

Actually previously I had Norton and then i changed to Mcafee,But I found my net slower and so I changed to AVG , Now I donot want to change AVG, I feel comfortable with it because last week I had done online scan of my pc by Trendmicro's housecall and now I prefer to do online scan by some popular antivirus periodically because it doesnt create load on my pc. If you know any better online antivirus scanner you can suggest one.
But before that I want to know that what is the result of logfile of combofix and do not take otherwise but first you told me to install Malwarebytes Anti-Malware and when i had done then you suggested combofix afterthat you are suggesting one more antivirus and that's making me confused. If previous ones were not sufficient then why you suggested those. I do not want to install bunch of softwares.Do you feel that my pc is infected or any unnecessary process is running in background making my net slow?
Just please answer this and please do not tell me to install softwares as trial and error.
Thanx for your attention but again
Sorry but I got frustrated by your one one after another software suggestions?Is there not a single software which can make me sure about by pc. I have already spybot search and destroy and its not showing any infection.So I think there are some unnecessary processes which are consuming my memory. Kindly suggest about those also if you can.
Thanx again

 

Hey lalitA04

Sorry... I should have known better than to recommend software after software.

The thing is, I still see some traces of malware on your system, and to remove these manually will be less efficient than using a program. No one program can detect every malware out there! That was why I had to recommend both an antispyware and an antivirus. I would tell you to use an online antivirus check, but Antivir does not have an online scan service.

I will try my best to make do with the programs you already have (i.e. Malwarebytes, HijackThis, ComboFix), and rest assured; these programs combined will not take up very much space or even hog any CPU or RAM.

To confirm if malware is still on your system, I will have to do a little more analysis. After that, we can begin the cleanup and speedup of your system.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

Open Notepad and copy/paste the text in the code box below into it:

Code:

FileLook::
c:\windows\system32\drivers\BIOS.sys 
c:\windows\system32\SVKP.sys
c:\windows\system32\DRIVERS\acfva.sys
I:\kinza.exe 
K:\smss.exe 
c:\windows\system32\MSConfig.exe 
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe

• Save this as CFScript.txt in the same folder as ComboFix.
• Then drag the CFScript.txt into Combo-Fix.exe.
• This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt).

Do not click on the ComoboFix window, as it may cause it to stall.

Best Regards

 

Thanks for your suggestion. So I installed AVira replacing AVG. I hope this will be the last one. Here is the report.(I already configured , updated and scanned in safe mode as per your suggestion) :



Avira AntiVir Personal
Report file date: Wednesday, December 03, 2008 08:37

Scanning for 1069442 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Save mode
Username: Administrator
Computer name: JAIN1

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 03:51:28
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 03:26:42
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 08:14:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 03:28:54
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 07:00:38
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 11/9/2008 12:27:14
ANTIVIR2.VDF : 7.1.0.160 571392 Bytes 11/30/2008 02:58:18
ANTIVIR3.VDF : 7.1.0.176 132608 Bytes 12/2/2008 02:58:50
Engineversion : 8.2.0.36
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 05:35:58
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 09:30:08
AESCN.DLL : 8.1.1.5 123251 Bytes 11/7/2008 10:36:42
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 09:28:40
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 05:11:40
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 11/7/2008 10:36:42
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 11/7/2008 10:36:42
AEHELP.DLL : 8.1.2.0 119159 Bytes 12/3/2008 03:00:00
AEGEN.DLL : 8.1.1.6 323955 Bytes 12/3/2008 02:59:46
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 05:35:58
AECORE.DLL : 8.1.5.2 172405 Bytes 12/3/2008 02:59:08
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 05:35:58
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 04:10:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 04:58:02
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 07:32:16
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 06:56:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 03:59:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 07:57:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 12:58:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 08:19:42
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 07:35:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 09:18:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 09:04:38

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: repair
Secondary action.................: quarantine
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +GAME,+JOKE,+PCK,+SPR,

Start of the scan: Wednesday, December 03, 2008 08:37

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\MSConfig.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] TR/Dropper.Gen:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<MSConf>=sz:MSConfig.exe
[NOTE] The file was moved to '4978f835.qua'!

The registry was scanned ( '53' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Lalit chhalani\Application Data\dxdlls\dxdlg.exe
[DETECTION] Contains recognition pattern of the SPR/ActMon.511.4 program
[NOTE] The file was moved to '4999fc07.qua'!
C:\Documents and Settings\Lalit chhalani\Application Data\dxdlls\imapd.exe
[DETECTION] Contains recognition pattern of the SPR/ActMon.511 program
[NOTE] The file was moved to '4996fbfd.qua'!
C:\Documents and Settings\Lalit chhalani\Application Data\dxdlls\imapdb.dll
[DETECTION] Contains recognition pattern of the SPR/ActMon.511.8 program
[NOTE] The file was moved to '481d639e.qua'!
C:\Documents and Settings\Lalit chhalani\Application Data\dxdlls\imapdb.exe
[DETECTION] Contains recognition pattern of the SPR/ActMon.511.6 program
[NOTE] The file was moved to '4996fbff.qua'!
C:\Documents and Settings\Lalit chhalani\Application Data\dxdlls\imapdc.dll
[DETECTION] Contains recognition pattern of the SPR/ActMon.511.5 program
[NOTE] The file was moved to '4996fbfe.qua'!
C:\Documents and Settings\Lalit chhalani\.housecall6.6\Quarantine\dxdlg.exe.bac_a03148
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\Lalit chhalani\.housecall6.6\Quarantine\dxdlg.exe.bac_a03148
[DETECTION] Contains recognition pattern of the SPR/ActMon.511.4 program
[NOTE] The file was moved to '4999fc2e.qua'!
C:\Documents and Settings\Lalit chhalani\.housecall6.6\Quarantine\imapd.exe.bac_a03148
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\Lalit chhalani\.housecall6.6\Quarantine\imapd.exe.bac_a03148
[DETECTION] Contains recognition pattern of the SPR/ActMon.511 program
[NOTE] The file was moved to '4996fc23.qua'!
C:\Documents and Settings\Lalit chhalani\.housecall6.6\Quarantine\imapdb.dll.bac_a03148
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\Lalit chhalani\.housecall6.6\Quarantine\imapdb.dll.bac_a03148
[DETECTION] Contains recognition pattern of the SPR/ActMon.511.8 program
[NOTE] The file was moved to '4996fc24.qua'!
C:\Documents and Settings\Lalit chhalani\.housecall6.6\Quarantine\imapdb.exe.bac_a03148
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\Lalit chhalani\.housecall6.6\Quarantine\imapdb.exe.bac_a03148
[DETECTION] Contains recognition pattern of the SPR/ActMon.511.6 program
[NOTE] The file was moved to '481d6445.qua'!
C:\Documents and Settings\Lalit chhalani\.housecall6.6\Quarantine\imapdc.dll.bac_a03148
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\Lalit chhalani\.housecall6.6\Quarantine\imapdc.dll.bac_a03148
[DETECTION] Contains recognition pattern of the SPR/ActMon.511.5 program
[NOTE] The file was moved to '4996fc26.qua'!
C:\System Volume Information\_restore{7A5A379F-132F-47FC-9AC1-C8B07BF1791A}\RP2\A0000012.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4965fe16.qua'!
C:\System Volume Information\_restore{7A5A379F-132F-47FC-9AC1-C8B07BF1791A}\RP2\A0000028.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program
[NOTE] The file was moved to '4965fe17.qua'!
C:\System Volume Information\_restore{7A5A379F-132F-47FC-9AC1-C8B07BF1791A}\RP2\A0000056.exe
[0] Archive type: RAR SFX (self extracting)
--> 32788R22FWJFW\hidec.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program
[NOTE] The file was moved to '4965fe1f.qua'!
C:\System Volume Information\_restore{7A5A379F-132F-47FC-9AC1-C8B07BF1791A}\RP5\A0000205.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4965fe30.qua'!
C:\System Volume Information\_restore{7A5A379F-132F-47FC-9AC1-C8B07BF1791A}\RP5\A0000206.exe
[DETECTION] Contains recognition pattern of the SPR/ActMon.511.4 program
[NOTE] The file was moved to '48ef6ef1.qua'!
C:\System Volume Information\_restore{7A5A379F-132F-47FC-9AC1-C8B07BF1791A}\RP5\A0000207.exe
[DETECTION] Contains recognition pattern of the SPR/ActMon.511 program
[NOTE] The file was moved to '4965fe31.qua'!
C:\System Volume Information\_restore{7A5A379F-132F-47FC-9AC1-C8B07BF1791A}\RP5\A0000208.dll
[DETECTION] Contains recognition pattern of the SPR/ActMon.511.8 program
[NOTE] The file was moved to '48ef6ef2.qua'!
C:\System Volume Information\_restore{7A5A379F-132F-47FC-9AC1-C8B07BF1791A}\RP5\A0000209.exe
[DETECTION] Contains recognition pattern of the SPR/ActMon.511.6 program
[NOTE] The file was moved to '4965fe33.qua'!
C:\System Volume Information\_restore{7A5A379F-132F-47FC-9AC1-C8B07BF1791A}\RP5\A0000210.dll
[DETECTION] Contains recognition pattern of the SPR/ActMon.511.5 program
[NOTE] The file was moved to '4965fe32.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\update.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4999fe7a.qua'!
Begin scan in 'D:\'
D:\F Drive\F DRIVE\Roadrash\ROADRASH.EXE
[DETECTION] Contains recognition pattern of the W95/CIH Windows virus
[NOTE] The file was moved to '4976fef5.qua'!
D:\F Drive\F DRIVE\personal\carbosign images\CD2HTML.5.1.3.0.TeaM.iNFLUENCE.-keygen.zip
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
[NOTE] The file was moved to '4967ff09.qua'!
D:\F Drive\F DRIVE\personal\carbosign images\CD2HTML.5.1.3.0.TeaM.iNFLUENCE.-keygen\keygen.exe
[DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
[NOTE] The file was moved to '49aeff2e.qua'!
D:\F Drive\F DRIVE\games\Roadrash\ROADRASH.EXE
[DETECTION] Contains recognition pattern of the W95/CIH Windows virus
[NOTE] The file was moved to '4976ffcd.qua'!
Begin scan in 'E:\'
E:\UTILITIE\MOBILE\NOKIA\N6600\smartguard\New Folder\KEYGEN.RAR
[0] Archive type: RAR
--> keygen.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498f038a.qua'!
E:\UTILITIE\MOBILE\NOKIA\N6600\smartguard\New Folder\callrejector\KEYGEN.RAR
[0] Archive type: RAR
--> keygen.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4801accb.qua'!
E:\UTILITIE\virus cleaner\Combo-Fix.exe
[0] Archive type: RAR SFX (self extracting)
--> 32788R22FWJFW\hidec.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program
[NOTE] The file was moved to '49a30408.qua'!
E:\UTILITIE\YAHOO\Magic-Login-Full++\Magic-Login-Full++.zip
[0] Archive type: ZIP
--> Magic-Login-Full++/Magic-Login-Full.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '499d0446.qua'!
E:\UTILITIE\YAHOO\Magic-Login-Full++\Magic-Login-Full++\Magic-Login-Full.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '499d0447.qua'!
E:\UTILITIE\UTILITIE\BlazeMP-v6.1.rar
[0] Archive type: RAR
--> BlazeMP-v6.1\Cracked.zip
[1] Archive type: ZIP
--> BMP.exe
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The file was moved to '49970464.qua'!
E:\UTILITIE\UTILITIE\BlazeMP-v6.1\BlazeMP-v6.1\Cracked.zip
[0] Archive type: ZIP
--> BMP.exe
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The file was moved to '4997048b.qua'!
E:\System Volume Information\_restore{7A5A379F-132F-47FC-9AC1-C8B07BF1791A}\RP5\A0000214.exe
[0] Archive type: RAR SFX (self extracting)
--> 32788R22FWJFW\hidec.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program
[NOTE] The file was moved to '49660641.qua'!
E:\System Volume Information\_restore{7A5A379F-132F-47FC-9AC1-C8B07BF1791A}\RP5\A0000215.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ec9682.qua'!
E:\Documents\lalit\yahoo\Magic-Login-Full++\Magic-Login-Full++.zip
[0] Archive type: ZIP
--> Magic-Login-Full++/Magic-Login-Full.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '499d0680.qua'!
E:\Documents\lalit\yahoo\Magic-Login-Full++\Magic-Login-Full++\Magic-Login-Full.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4811a681.qua'!
Begin scan in 'F:\' <DISK1_VOL4>
F:\c drive\My Documents\WELCOME TO EARN FROM MOBILE (EFM).mht
[0] Archive type: MIME
--> file4.mim
[1] Archive type: MIME
--> http://www.efmw.co.in/registration/confirmationnote.asp?memno=252321
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '49820878.qua'!


End of the scan: Wednesday, December 03, 2008 09:49
Used time: 1:12:27 Hour(s)

The scan has been done completely.

7668 Scanning directories
397110 Files were scanned
35 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
37 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
397072 Files not concerned
9537 Archives were scanned
1 Warnings
37 Notes

 

Hey lalitA04

Thanks for doing that; it really helped. As you can see, Antivir cleared out more problems that AVG missed. You can keep it as your resident antivirus.

However, Antivir's policy is that it will detect all keygens/cracks, no matter whether they contain malware or not, therefore it may have deleted several of your keygens and cracks. While I will not recommend you using these types of applications, since it is illegal and is a good way for malware to enter your system, you can restore these files from Antivir's quarantine if you want to.

Please also restore Combo-Fix.exe which was detected by Antivir, and follow my instructions regarding ComboFix.

Best Regards