[quote name=\'guestolo\' post=\'446159\' date=\'Nov 4 2008, 10:47 PM\']<br />Download this file - <a href="
http://download.bleepingcomputer.com/sUBs/ComboFix.exe" target="_blank" rel="nofollow">Combofix.exe</a> and save it ONLY to your desktop<br /><br />Temporarily disable any AntiVirus, Anti-Spyware or Firewall software so it won't interfere with the next step<br /><br />Double click <b>combofix.exe</b> & follow the prompts.<br />When finished, it shall produce a log for you.<br />By default it will save a copy to C:\Combofix.txt<br />I'll need to see this log later<br />Note:<br />Do not mouseclick combofix's window whilst it's running. That may cause it to stall<br /><br />Post the log from ComboFix and a fresh Hijackthis log<br />[/quote]<br /><br /><br />
I think my problem is solved thank you
But still if their are any malwares left in my pc then plz help me clean them plz
this is my combofix log file :ComboFix 08-11-04.02 - nilesh 2008-11-05 4:53:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.487 [GMT 5.5:30]
Running from: c:\documents and settings\nilesh\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\windows\system32\amvo.exe
c:\windows\system32\amvo0.dll
C:\x.com
D:\Autorun.inf
D:\x.com
E:\Autorun.inf
E:\x.com
F:\Autorun.inf
F:\x.com
.
((((((((((((((((((((((((( Files Created from 2008-10-04 to 2008-11-04 )))))))))))))))))))))))))))))))
.
2008-11-04 22:07 . 2008-11-04 22:07 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2008-10-28 16:40 . 2008-10-28 16:40 <DIR> d-------- c:\program files\System32
2008-10-28 16:40 . 2008-11-04 22:07 <DIR> d-------- c:\documents and settings\Administrator
2008-10-25 16:43 . 2008-10-25 16:43 <DIR> d-------- c:\program files\Xilisoft
2008-10-21 19:40 . 2008-10-21 19:40 <DIR> d-------- c:\documents and settings\nilesh\Application Data\123 Free Solitaire
2008-10-09 19:14 . 2008-10-09 19:14 31 --a------ c:\windows\warhead.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-04 22:38 --------- d-----w c:\documents and settings\nilesh\Application Data\Broadband
2008-11-01 19:39 --------- d-----w c:\program files\Sify Broadband
2008-10-10 18:03 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2008-10-10 18:03 --------- d-----w c:\documents and settings\All Users\Application Data\Avg7
2008-10-03 14:19 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-09-22 17:38 --------- d-----w c:\documents and settings\nilesh\Application Data\dvdcss
2008-09-14 04:33 --------- d-----w c:\program files\Trend Micro
2008-09-12 23:49 --------- d-----w c:\program files\C-Media 3D Audio
2008-09-06 18:40 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-09-05 17:39 --------- d-----w c:\program files\Symantec AntiVirus
2008-09-05 17:39 --------- d-----w c:\program files\Symantec
2008-09-05 17:39 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-09-05 17:39 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-09-04 10:52 --------- d-----w c:\documents and settings\nilesh\Application Data\vlc
2008-09-04 10:50 --------- d-----w c:\program files\VideoLAN
2008-09-04 09:44 --------- d-----w c:\program files\Counter Strike - Condition Zero (Ultimate Edition)
2008-09-01 11:34 1,127,881 ----a-w c:\windows\Counter Strike - Condition Zero (Ultimate Edition) Uninstaller.exe
2008-08-19 17:23 81,920 ------r c:\windows\bwUnin-6.1.4.68-8876480L.exe
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-09-05_14.59.40.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-11 18:39:39 683,520 ----a-w c:\windows\$hf_mig$\KB951066\SP2QFE\inetcomm.dll
+ 2008-04-11 19:04:26 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3GDR\inetcomm.dll
+ 2008-04-11 18:52:26 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3QFE\inetcomm.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951066\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951066\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951066\update\spcustom.dll
+ 2007-12-03 15:25:31 755,576 ----a-w c:\windows\$hf_mig$\KB951066\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951066\update\updspapi.dll
+ 2004-08-03 19:56:44 678,400 -c----w c:\windows\$NtUninstallKB951066$\inetcomm.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB951066$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB951066$\spuninst\updspapi.dll
- 2004-08-03 19:56:44 678,400 -c--a-w c:\windows\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 -c--a-w c:\windows\system32\dllcache\inetcomm.dll
+ 2008-06-19 12:17:58 17,144 ----a-w c:\windows\system32\drivers\mbam.sys
+ 2008-06-19 12:18:04 34,296 ----a-w c:\windows\system32\drivers\mbamcatchme.sys
+ 2007-01-24 12:15:46 102,800 ----a-w c:\windows\system32\drivers\tmcomm.sys
+ 2006-11-14 06:44:04 73,288 ----a-w c:\windows\system32\drivers\tmtdi.sys
- 2004-08-03 19:56:44 678,400 ----a-w c:\windows\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w c:\windows\system32\inetcomm.dll
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
- 2008-07-29 11:03:59 74,137 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-10-31 16:37:12 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-07-31 15:02:14 41,040 ----a-w c:\windows\system32\perfc009.dat
+ 2008-10-16 01:00:27 41,040 ----a-w c:\windows\system32\perfc009.dat
- 2008-07-31 15:02:14 314,838 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-16 01:00:27 314,838 ----a-w c:\windows\system32\perfh009.dat
+ 2001-08-17 08:28:02 35,840 ----a-w c:\windows\system32\ReinstallBackups\
0000\DriverFiles\i386\isapnp.sys
+ 2004-08-03 17:38:44 57,600 ----a-w c:\windows\system32\ReinstallBackups\
0001\DriverFiles\i386\usbhub.sys
+ 2004-08-03 17:38:44 142,976 ----a-w c:\windows\system32\ReinstallBackups\
0001\DriverFiles\i386\usbport.sys
+ 2004-08-03 17:38:38 20,480 ----a-w c:\windows\system32\ReinstallBackups\
0001\DriverFiles\i386\usbuhci.sys
+ 2004-08-03 19:26:48 74,240 ----a-w c:\windows\system32\ReinstallBackups\
0001\DriverFiles\i386\usbui.dll
- 2004-08-03 18:08:44 57,600 ----a-w c:\windows\system32\ReinstallBackups\
0002\DriverFiles\i386\usbhub.sys
+ 2004-08-03 17:38:44 57,600 ----a-w c:\windows\system32\ReinstallBackups\
0002\DriverFiles\i386\usbhub.sys
- 2004-08-03 18:08:44 142,976 ----a-w c:\windows\system32\ReinstallBackups\
0002\DriverFiles\i386\usbport.sys
+ 2004-08-03 17:38:44 142,976 ----a-w c:\windows\system32\ReinstallBackups\
0002\DriverFiles\i386\usbport.sys
- 2004-08-03 18:08:38 20,480 ----a-w c:\windows\system32\ReinstallBackups\
0002\DriverFiles\i386\usbuhci.sys
+ 2004-08-03 17:38:38 20,480 ----a-w c:\windows\system32\ReinstallBackups\
0002\DriverFiles\i386\usbuhci.sys
- 2004-08-04 00:56:48 74,240 ----a-w c:\windows\system32\ReinstallBackups\
0002\DriverFiles\i386\usbui.dll
+ 2004-08-03 19:26:48 74,240 ----a-w c:\windows\system32\ReinstallBackups\
0002\DriverFiles\i386\usbui.dll
+ 2004-08-03 17:29:44 95,360 ----a-w c:\windows\system32\ReinstallBackups\
0004\DriverFiles\i386\atapi.sys
+ 2001-08-17 08:21:52 3,328 ----a-w c:\windows\system32\ReinstallBackups\
0004\DriverFiles\i386\pciide.sys
+ 2004-08-03 17:29:42 25,088 ----a-w c:\windows\system32\ReinstallBackups\
0004\DriverFiles\i386\pciidex.sys
+ 2002-06-13 03:37:16 45,568 ----a-w c:\windows\system32\ReinstallBackups\
0006\DriverFiles\R8139n51.sys
+ 2004-08-03 17:37:48 68,224 ----a-w c:\windows\system32\ReinstallBackups\
0012\DriverFiles\i386\pci.sys
+ 2003-04-15 02:40:46 78,752 ----a-w c:\windows\system32\ReinstallBackups\
0013\DriverFiles\ialmkchw.sys
+ 2003-04-15 02:39:54 11,319 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\a302.sys
+ 2003-04-15 02:39:58 29,239 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\a303.sys
+ 2003-04-15 02:40:04 46,647 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\a304.sys
+ 2003-04-15 02:40:08 11,831 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\a305.sys
+ 2003-04-15 02:40:12 16,439 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\a306.sys
+ 2003-04-15 02:40:16 21,559 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\a307.sys
+ 2003-04-15 02:40:20 10,807 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\a308.sys
+ 2003-04-15 02:40:24 25,655 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\a309.sys
+ 2003-04-15 02:40:28 33,335 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\a310.sys
+ 2003-04-15 02:40:32 32,823 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\a311.sys
+ 2003-04-15 02:41:00 37,431 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\a313.sys
+ 2003-04-15 02:41:04 10,807 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\a314.sys
+ 2003-04-06 16:05:16 118,784 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\hccutils.dll
+ 2003-04-06 16:07:38 114,688 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\hkcmd.exe
+ 2003-04-15 02:39:48 65,536 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\iAlmCoIn.dll
+ 2003-04-15 02:39:10 459,330 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\ialmdd5.dll
+ 2003-04-15 02:39:36 187,963 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\ialmdev5.dll
+ 2003-04-15 02:39:44 115,772 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\ialmdnt5.dll
+ 2003-04-15 02:20:48 188,416 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\ialmgdev.dll
+ 2003-04-15 02:20:12 1,859,584 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\ialmgicd.dll
+ 2003-04-15 02:40:46 78,752 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\ialmkchw.sys
+ 2003-04-15 02:39:46 90,907 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\ialmnt5.sys
+ 2003-04-15 02:40:40 73,728 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\ialmrem.dll
+ 2003-04-15 02:40:56 33,792 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\ialmrnt5.dll
+ 2003-04-15 02:40:54 113,504 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\ialmsbw.sys
+ 2003-04-06 16:13:58 487,424 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\igfxcfg.exe
+ 2003-04-06 16:04:54 147,456 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\igfxdev.dll
+ 2003-04-06 16:15:52 45,056 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\igfxdgps.dll
+ 2003-04-06 16:15:50 151,552 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\igfxdiag.exe
+ 2003-04-06 16:04:14 86,016 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\igfxdo.dll
+ 2003-04-06 16:17:44 221,184 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\igfxeud.dll
+ 2003-04-06 16:20:14 32,768 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\igfxexps.dll
+ 2003-04-06 16:20:10 90,112 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\igfxext.exe
+ 2003-04-06 16:07:12 118,784 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\igfxhk.dll
+ 2003-04-06 16:18:56 204,800 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\igfxpph.dll
+ 2003-04-06 16:05:42 503,808 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\igfxress.dll
+ 2003-04-06 16:06:48 315,392 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\igfxsrvc.dll
+ 2003-04-06 16:19:52 155,648 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\igfxtray.exe
+ 2003-04-15 02:40:36 20,533 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\vch.sys
+ 2003-04-15 02:39:50 33,335 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\wa301a.sys
+ 2003-04-15 02:39:50 33,335 ----a-w c:\windows\system32\ReinstallBackups\
0014\DriverFiles\wa301b.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"="c:\program files\Sify Broadband\BBImpSec.exe" [2006-04-21 127085]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-06 114688]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 356352]
"Cmaudio"="cmicnfg.cpl" [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\\WINDOWS\\system32\\userinit.exe,c:\\Program Files\\System32\\database.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\install4j\\bin\\install4j.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Counter Strike - Condition Zero (Ultimate Edition)\\czero.exe"=
R0 pnpshark;pnpshark;c:\windows\system32\DRIVERS\pnpshark.sys [2003-10-02 119552]
R0 st3shark;st3shark;c:\windows\system32\DRIVERS\st3shark.sys [2003-09-27 5504]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);c:\windows\system32\DRIVERS\ss_bus.sys [2005-01-24 52384]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:\windows\system32\DRIVERS\ss_mdfl.sys [2005-01-24 6064]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:\windows\system32\DRIVERS\ss_mdm.sys [2005-01-24 84512]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71f56054-aa37-11dd-9eeb-000b6aea30d5}]
\Shell\AutoRun\command - H:\x.com
\Shell\explore\Command - H:\x.com
\Shell\open\Command - H:\x.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cd01b6f-79e3-11dd-9e24-000b6aea30d5}]
\Shell\AutoRun\command - H:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe8b47c0-5bbe-11dd-9dce-000b6aea30d5}]
\Shell\AutoRun\command - winsystem.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1CB622F9-7299-4245-0705-080208070506}]
c:\windows\system32\SecSystem.exe
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-winsystem - c:\documents and settings\Administrator\WINDOWS\system\winsystem.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\nilesh\Application Data\Mozilla\Firefox\Profiles\13l2jbiy.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.co.in/
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-05 04:54:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-05 4:55:59
ComboFix-quarantined-files.txt 2008-11-04 23:25:53
ComboFix2.txt 2008-09-05 09:30:01
Pre-Run: 1,155,801,088 bytes free
Post-Run: 1,179,709,440 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
233 --- E O F --- 2008-09-10 02:14:57
This is my fresh hijack this log file: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:06:05 AM, on 11/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\System32\database.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Trend Micro\OfficeScan Client\Misc\xpupg.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\nilesh\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.sify.com/?userid=3729&check=838d03a7347f55faR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\System32\database.exe,
O1 - Hosts: 203.27.235.25
www.payseal.icicibank.comO1 - Hosts: 210.210.19.82
www.sifymall.comO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [winsystem] C:\Documents and Settings\Administrator\WINDOWS\system\winsystem.exe
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) -
http://www.acclaim.com/cabs/acclaim_v5.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{4200454F-5193-4FCE-A2EF-DA93D4C4CD0A}: NameServer = 202.144.115.4,202.144.66.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{4200454F-5193-4FCE-A2EF-DA93D4C4CD0A}: NameServer = 202.144.115.4,202.144.66.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{4200454F-5193-4FCE-A2EF-DA93D4C4CD0A}: NameServer = 202.144.115.4,202.144.66.6
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe (file missing)
--
End of file - 5129 bytes
