Hi, thanks a lot for quick response on this.......
i run fixit on my system and rebooted as instructed by you.....but i think still its not fixed yet...cause it has again taken more time to reboot and i got the same runDLL error message "Error Loading C:\WINDOWS\system32\rtahihuk.dll The specified module could not be found."

Please find the a fresh HijackThis log and a fixwareout report as given below.....

HijackThis LOG

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:50 PM, on 07/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [SystemRestoreStatus] rundll32.exe "C:\WINDOWS\system32\rtahihuk.dll",sitypnow
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [DVDXGhost] C:\Program Files\DVD Ghost\DVDGhost.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.loksatta.com/daily/dynamic/wfplayer/tdserver.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{00F50F14-1715-484B-87A8-EEFF4D47AE8B}: NameServer = 202.88.130.15,202.88.130.67,202.88.130.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{00F50F14-1715-484B-87A8-EEFF4D47AE8B}: NameServer = 202.88.130.15,202.88.130.67,202.88.130.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{00F50F14-1715-484B-87A8-EEFF4D47AE8B}: NameServer = 202.88.130.15,202.88.130.67,202.88.130.5
O17 - HKLM\System\CS3\Services\Tcpip\..\{00F50F14-1715-484B-87A8-EEFF4D47AE8B}: NameServer = 202.88.130.15,202.88.130.67,202.88.130.5
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 8134 bytes

and the Fixwareout report

Username "user" - 07/09/2007 22:37:31 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.
 
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""
"SigmatelSysTrayApp"="stsystra.exe"
"vmware-tray"="C:\\Program Files\\VMware\\VMware Workstation\\vmware-tray.exe"
"VMware hqtray"="\"C:\\Program Files\\VMware\\VMware Workstation\\hqtray.exe\""
"SystemRestoreStatus"="rundll32.exe \"C:\\WINDOWS\\system32\\rtahihuk.dll\",sitypnow"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDXGhost"="C:\\Program Files\\DVD Ghost\\DVDGhost.EXE"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Acrobat\\AdobeUpdateManager.exe\" AcPro7_0_9 -reboot 1"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

 

Hi,

 

I ve done the changes as per your instructions....now i am not getting the run DLL error but i am still not able to get rid of advt. poppping up every now and then...and again internet explorer suddenly gives some error messages and the whole system freezes up...sometimes i need to hardboot the system or sometime i need to close it directly without saving the work from task manager. Kindly suggest some solution..

 

Please find the latest HijackThis log....

=====================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:42 PM, on 09/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [DVDXGhost] C:\Program Files\DVD Ghost\DVDGhost.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 7054 bytes

Hi

Please find the attached ComboFix log as below.

 

ComboFix 07-09-10.6 - "user" 2007-09-10 18:06:33.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.418 [GMT 1:00]
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\user\APPLIC~1\macromedia\Flash Player\#SharedObjects\3A9J4X7U\iforex.com
C:\DOCUME~1\user\APPLIC~1\macromedia\Flash Player\#SharedObjects\3A9J4X7U\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\DOCUME~1\user\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\DOCUME~1\user\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bqfrcbxf.dll
C:\WINDOWS\system32\brvowwef.dll
C:\WINDOWS\system32\fmquvktp.dll
C:\WINDOWS\system32\giadgjiw.dll
C:\WINDOWS\system32\gpxmsydx.dll
C:\WINDOWS\system32\kjgwddsq.dll
C:\WINDOWS\system32\kkvlrljp.dll
C:\WINDOWS\system32\pjlrlvkk.ini
C:\WINDOWS\system32\xdysmxpg.ini
C:\WINDOWS\system32\ycdhxpla.dll

(((((((((((((((((((((((((   Files Created from 2007-08-10 to 2007-09-10  )))))))))))))))))))))))))))))))
.

2007-09-10 18:04 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-09 11:39 230,432 --a------ C:\PA7311.DAT
2007-09-09 11:34 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-09-09 11:34 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-09-09 11:34 53,248 --a------ C:\WINDOWS\system32\PAStiSvc.exe
2007-09-09 11:18   d-------- C:\WINDOWS\Pixart
2007-09-09 11:18   d-------- C:\Program Files\PC VGA Camera
2007-09-09 11:18   d-------- C:\Program Files\Common Files\PCCamera
2007-09-06 23:18   d-------- C:\Program Files\MegauploadToolbar
2007-09-06 23:18   d-------- C:\DOCUME~1\user\APPLIC~1\MegauploadToolbar
2007-09-06 15:08   d-------- C:\Program Files\Trend Micro
2007-09-06 14:44 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-05 23:34 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-05 17:27   d-------- C:\Program Files\Lavasoft
2007-09-05 17:27   d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-04 21:04 512 --a------ C:\ScanSectorLog.dat
2007-09-04 16:25 5,365,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-04 16:25 148,512 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-04 16:24   d-------- C:\DOCUME~1\user\APPLIC~1\MailFrontier
2007-09-04 16:17 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-09-04 14:20 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-09-04 14:15   d-------- C:\WINDOWS\Internet Logs
2007-09-04 09:16 1,581,027 ---hs---- C:\WINDOWS\system32\rqtss.bak2
2007-09-03 20:27 6,456 --ahs---- C:\WINDOWS\system32\rqtss.bak1
2007-09-03 20:27 297,568 --------- C:\WINDOWS\system32\sstqr.dll
2007-09-03 20:19 50,992 -ra------ C:\WINDOWS\system32\vmnetbridge.dll
2007-09-03 20:19 437,040 --a------ C:\WINDOWS\system32\vnetlib.dll
2007-09-03 20:19 28,592 -ra------ C:\WINDOWS\system32\drivers\vmnetbridge.sys
2007-09-03 20:19 25,264 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys
2007-09-03 20:19 17,712 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys
2007-09-03 20:19 16,816 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys
2007-09-03 20:19 150,320 --a------ C:\WINDOWS\system32\vmnat.exe
2007-09-03 20:19 13,104 -ra------ C:\WINDOWS\system32\vnetinst.dll
2007-09-03 20:19 121,648 --a------ C:\WINDOWS\system32\vmnetdhcp.exe
2007-09-03 20:18 21,040 --a------ C:\WINDOWS\system32\drivers\VMkbd.sys
2007-09-03 20:16   d-------- C:\Program Files\Common Files\VMware
2007-08-30 14:42   d-------- C:\PST
2007-08-29 18:25   d-------- C:\Program Files\FileOpen
2007-08-29 18:24   d-------- C:\DOCUME~1\user\APPLIC~1\FileOpen
2007-08-29 18:24   d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FileOpen
2007-08-28 05:26   d-------- C:\Program Files\Dell Support Center
2007-08-28 05:26   d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
2007-08-21 16:20 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-08-21 16:20 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-08-21 16:20 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-08-21 16:20 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-08-21 16:20 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-08-21 16:20 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-10 18:17 --------- d-------- C:\DOCUME~1\user\APPLIC~1\VMware
2007-09-10 18:12 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\VMware
2007-09-10 18:12 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\VMware
2007-09-10 18:11 79148 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-10 18:11 15968 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-09 11:19 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-04 21:38 --------- d-------- C:\Program Files\CyberLink
2007-09-04 21:36 --------- d-------- C:\Program Files\iPod
2007-09-04 21:15 --------- d-------- C:\Program Files\QuickTime
2007-09-04 20:59 --------- d-------- C:\Program Files\Network Associates
2007-09-04 20:59 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
2007-09-04 16:27 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-09-03 20:16 --------- d-------- C:\Program Files\VMware
2007-08-30 19:53 --------- d-------- C:\Program Files\Google
2007-08-30 14:20 --------- d-------- C:\DOCUME~1\user\APPLIC~1\Yahoo!
2007-08-30 14:20 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-08-30 14:19 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-29 18:22 --------- d-------- C:\DOCUME~1\user\APPLIC~1\AdobeUM
2007-08-25 06:43 --------- d-------- C:\Program Files\Yahoo!
2007-07-31 03:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-31 03:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-31 03:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-31 03:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-31 03:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-31 03:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-31 03:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-31 03:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-25 07:16 --------- d-------- C:\Program Files\CONEXANT
2007-07-24 18:43 --------- d-------- C:\DOCUME~1\user\APPLIC~1\dvdcss
2007-07-23 06:40 --------- d-------- C:\Program Files\Metasploit
2007-07-23 06:18 --------- d-------- C:\Program Files\ACD
2007-07-15 10:23 --------- d-------- C:\Program Files\Crystal Decisions
2007-07-15 10:23 --------- d-------- C:\Program Files\Common Files\Crystal Decisions
2007-07-13 06:25 --------- d-------- C:\DOCUME~1\user\APPLIC~1\Help
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 11:23 1033216 --a------ C:\WINDOWS\explorer.exe
2002-09-09 13:02 221184 --a------ C:\Program Files\Common Files\keycode.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25E23417-CE89-43B2-B04C-1E4CF7F8DCEF}]
2007-09-03 20:27 297568 --------- C:\WINDOWS\system32\sstqr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 18:08]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 21:48]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 20:50]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 04:52]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 12:00]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 01:30 C:\WINDOWS\stsystra.exe]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2007-05-01 22:52]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2007-05-01 22:52]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-10 23:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDXGhost"="C:\Program Files\DVD Ghost\DVDGhost.EXE" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-21 00:30]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-31 00:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomjhih]
qomjhih.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqr]
C:\WINDOWS\system32\sstqr.dll 2007-09-03 20:27 297568 C:\WINDOWS\system32\sstqr.dll

R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver;\??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
R3 vmkbd;VMware kbd;\??\C:\WINDOWS\system32\drivers\VMkbd.sys
S3 PAC7311;VGA SoC PC-Camera;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS
S3 ufad-ws60;VMware Agent Service;"C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-10 18:14:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-10 18:21:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-10 18:21
.
 --- E O F ---

Done the same....please find the log

 

==========================================================================

ComboFix 07-09-10.6 - "user" 2007-09-10 23:03:21.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.492 [GMT 1:00]
Command switches used ::  C:\Documents and Settings\user\Desktop\CFScript.txt
 * Created a new restore point

FILE::
C:\WINDOWS\system32\rqtss.bak2
C:\WINDOWS\system32\rqtss.bak1
C:\WINDOWS\system32\sstqr.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\argwejlk.ini
C:\WINDOWS\system32\eocireaq.dll
C:\WINDOWS\system32\eysfwuvi.ini
C:\WINDOWS\system32\ivuwfsye.dll
C:\WINDOWS\system32\kljewgra.dll
C:\WINDOWS\system32\rqtss.bak1
C:\WINDOWS\system32\rqtss.bak2
C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\vodfqksq.dll

(((((((((((((((((((((((((   Files Created from 2007-08-10 to 2007-09-10  )))))))))))))))))))))))))))))))
.

2007-09-10 18:04 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-09 11:39 230,432 --a------ C:\PA7311.DAT
2007-09-09 11:34 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-09-09 11:34 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-09-09 11:34 53,248 --a------ C:\WINDOWS\system32\PAStiSvc.exe
2007-09-09 11:18   d-------- C:\WINDOWS\Pixart
2007-09-09 11:18   d-------- C:\Program Files\PC VGA Camera
2007-09-09 11:18   d-------- C:\Program Files\Common Files\PCCamera
2007-09-06 23:18   d-------- C:\Program Files\MegauploadToolbar
2007-09-06 23:18   d-------- C:\DOCUME~1\user\APPLIC~1\MegauploadToolbar
2007-09-06 15:08   d-------- C:\Program Files\Trend Micro
2007-09-06 14:44 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-05 23:34 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-05 17:27   d-------- C:\Program Files\Lavasoft
2007-09-05 17:27   d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-04 21:04 512 --a------ C:\ScanSectorLog.dat
2007-09-04 16:25 5,542,688 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-04 16:25 154,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-04 16:24   d-------- C:\DOCUME~1\user\APPLIC~1\MailFrontier
2007-09-04 16:17 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-09-04 14:20 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-09-04 14:15   d-------- C:\WINDOWS\Internet Logs
2007-09-03 20:19 50,992 -ra------ C:\WINDOWS\system32\vmnetbridge.dll
2007-09-03 20:19 437,040 --a------ C:\WINDOWS\system32\vnetlib.dll
2007-09-03 20:19 28,592 -ra------ C:\WINDOWS\system32\drivers\vmnetbridge.sys
2007-09-03 20:19 25,264 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys
2007-09-03 20:19 17,712 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys
2007-09-03 20:19 16,816 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys
2007-09-03 20:19 150,320 --a------ C:\WINDOWS\system32\vmnat.exe
2007-09-03 20:19 13,104 -ra------ C:\WINDOWS\system32\vnetinst.dll
2007-09-03 20:19 121,648 --a------ C:\WINDOWS\system32\vmnetdhcp.exe
2007-09-03 20:18 21,040 --a------ C:\WINDOWS\system32\drivers\VMkbd.sys
2007-09-03 20:16   d-------- C:\Program Files\Common Files\VMware
2007-08-30 14:42   d-------- C:\PST
2007-08-29 18:25   d-------- C:\Program Files\FileOpen
2007-08-29 18:24   d-------- C:\DOCUME~1\user\APPLIC~1\FileOpen
2007-08-29 18:24   d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FileOpen
2007-08-28 05:26   d-------- C:\Program Files\Dell Support Center
2007-08-28 05:26   d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
2007-08-21 16:20 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-08-21 16:20 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-08-21 16:20 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-08-21 16:20 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-08-21 16:20 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-08-21 16:20 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-10 23:12 --------- d-------- C:\DOCUME~1\user\APPLIC~1\VMware
2007-09-10 23:11 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\VMware
2007-09-10 23:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\VMware
2007-09-10 23:10 81548 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-10 23:10 16568 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-09 11:19 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-04 21:38 --------- d-------- C:\Program Files\CyberLink
2007-09-04 21:36 --------- d-------- C:\Program Files\iPod
2007-09-04 21:15 --------- d-------- C:\Program Files\QuickTime
2007-09-04 20:59 --------- d-------- C:\Program Files\Network Associates
2007-09-04 20:59 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
2007-09-04 16:27 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-09-03 20:16 --------- d-------- C:\Program Files\VMware
2007-08-30 19:53 --------- d-------- C:\Program Files\Google
2007-08-30 14:20 --------- d-------- C:\DOCUME~1\user\APPLIC~1\Yahoo!
2007-08-30 14:20 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-08-30 14:19 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-29 18:22 --------- d-------- C:\DOCUME~1\user\APPLIC~1\AdobeUM
2007-08-25 06:43 --------- d-------- C:\Program Files\Yahoo!
2007-07-31 03:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-31 03:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-31 03:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-31 03:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-31 03:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-31 03:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-31 03:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-31 03:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-25 07:16 --------- d-------- C:\Program Files\CONEXANT
2007-07-24 18:43 --------- d-------- C:\DOCUME~1\user\APPLIC~1\dvdcss
2007-07-23 06:40 --------- d-------- C:\Program Files\Metasploit
2007-07-23 06:18 --------- d-------- C:\Program Files\ACD
2007-07-15 10:23 --------- d-------- C:\Program Files\Crystal Decisions
2007-07-15 10:23 --------- d-------- C:\Program Files\Common Files\Crystal Decisions
2007-07-13 06:25 --------- d-------- C:\DOCUME~1\user\APPLIC~1\Help
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 11:23 1033216 --a------ C:\WINDOWS\explorer.exe
2002-09-09 13:02 221184 --a------ C:\Program Files\Common Files\keycode.dll
.

(((((((((((((((((((((((((((((   snapshot_2007-09-10_181952.00   )))))))))))))))))))))))))))))))))))))))))
.
----a-w            61,952 2006-10-17 10:58:20  C:\WINDOWS\system32\icardie.dll
----a-w            26,112 2006-06-29 07:05:44  C:\WINDOWS\system32\idndl.dll
----a-w           180,736 2006-11-07 20:03:36  C:\WINDOWS\system32\ieui.dll
----a-w            12,288 2006-10-17 10:58:32  C:\WINDOWS\system32\msfeedssync.exe
----a-w            24,576 2006-06-28 16:59:26  C:\WINDOWS\system32\nlsdl.dll
----a-w            23,552 2006-06-29 07:05:44  C:\WINDOWS\system32\normaliz.dll
----a-w            42,448 2007-09-10 21:49:42  C:\WINDOWS\system32\perfc009.dat
----a-w           317,760 2007-09-10 21:49:42  C:\WINDOWS\system32\perfh009.dat
----a-w           486,400 2007-09-10 22:11:19  C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
----atw            16,384 2007-09-10 20:56:12  C:\WINDOWS\Temp\Perflib_Perfdata_1a0.dat
.
------w            61,952 2006-10-17 10:58:20  C:\WINDOWS\system32\icardie.dll
------w            26,112 2006-06-29 07:05:44  C:\WINDOWS\system32\idndl.dll
------w           180,736 2006-11-07 20:03:36  C:\WINDOWS\system32\ieui.dll
------w            12,288 2006-10-17 10:58:32  C:\WINDOWS\system32\msfeedssync.exe
------w            24,576 2006-06-28 16:59:26  C:\WINDOWS\system32\nlsdl.dll
------w            23,552 2006-06-29 07:05:44  C:\WINDOWS\system32\normaliz.dll
----a-w            42,448 2007-09-10 17:17:58  C:\WINDOWS\system32\perfc009.dat
----a-w           317,760 2007-09-10 17:17:58  C:\WINDOWS\system32\perfh009.dat
----a-w           483,712 2007-09-10 17:13:14  C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 18:08]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 21:48]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 20:50]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 04:52]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 12:00]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 01:30 C:\WINDOWS\stsystra.exe]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2007-05-01 22:52]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2007-05-01 22:52]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-10 23:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDXGhost"="C:\Program Files\DVD Ghost\DVDGhost.EXE" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-21 00:30]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-31 00:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver;\??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
R3 vmkbd;VMware kbd;\??\C:\WINDOWS\system32\drivers\VMkbd.sys
S3 PAC7311;VGA SoC PC-Camera;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS
S3 ufad-ws60;VMware Agent Service;"C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-10 23:12:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-10 23:15:30 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-10 23:15
C:\ComboFix2.txt ... 2007-09-10 18:21
.
 --- E O F ---

hi, Please find the attached Fresh HiJackThis Log......I am not getting the add popups now and i thinks system speed also got improved.....

 

Just let me know your expert comments....:smileyhappy:

 

also if it is solved then please let me know little bit about the problem and how u analysed it......just for the sake of curiosity.....request you to please write me at  pravesh125@rediffmail.com

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:24 AM, on 11/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [DVDXGhost] C:\Program Files\DVD Ghost\DVDGhost.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 7432 bytes

thanks a lot for all your help.....

 

I have used the CCleaner for removing temp. file and also created new clean restore point also.....the reference materials you have mentioned is of great help for a person like me who is alien to system adminstration and working on OS side.....

 

thanks a lot again.....

 

CHEER!!!!!!!!

Hi,

Just troubling you again....actually the system is still taking very much time to boot and intenet explorer still gives some of the errors and hangs up....i am giving u a Hijackthis log as below.....

also i am having AVG antispyware 7.5 free version and Zone alarm security suite paid version uploaded on my system.....so is it necesssary to keep only one tool running on the system or i can keep both the things....Please let me know ur views.....

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:47:23 PM, on 13/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DVDXGhost] C:\Program Files\DVD Ghost\DVDGhost.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 7429 bytes

pravesh125

 

AVG Antispyware (free version) do you plan on upgrading? I'm not sure I understand your question.

 

Now if you plan on using ZoneAlarm Security suite it may conflict with McAfee and create the problem you are describing, especially if your version of McAfee has a firewall. You should only have one firewall.

 

To some up:

 

Only 1 AntiVirus program

Only 1 Firewall beside the windows firewall

AVG Anti-Spyware program is a nice addition

 

MRU Graduate

"The world is what you make of it"