win 32 cryptor

Hi

I am akshay singh, my laptop got infected with win 32 cryptor virus , avg antivirus detects this but can't do anything about it ,avg cannot get automatically updated and other antivursus like symantic and spware doctor..my system is also getting slow.....[url=][/url]

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Now, start The Avenger program by clicking on its icon on your desktop.

• Leave the script box empty.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

3. Please copy/paste the content of c:\avenger.txt into your reply.

hi after following the steps i got this info

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "gaopdxserv.sys" found!
ImagePath: \systemroot\system32\drivers\gaopdxwritbuimixvvfevbyorbvqqworiptkuf.sys
Driver disabled successfully.

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

Hello.
Lets kill this rootkit.

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
gaopdxserv.sys

Files to delete:
C:\WINDOWS\system32\drivers\gaopdxwritbuimixvvfevbyorbvqqworiptkuf.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "gaopdxserv.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\gaopdxwritbuimixvvfevbyorbvqqworiptkuf.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Okay, the rootkit is gone, lets get MBAM going now.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 6.0.6001 Service Pack 1

3/19/2009 4:48:56 PM
mbam-log-2009-03-19 (16-48-56).txt

Scan type: Quick Scan
Objects scanned: 71172
Time elapsed: 8 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 12
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.154,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0e42a751-d642-48b3-8ef8-1ef2267a27d8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.154,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5c292f06-864f-4986-95e1-e93afc36a37c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.154,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d8e1f82f-a46e-474f-85dd-f5494bf92fef}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.154,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.154,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0e42a751-d642-48b3-8ef8-1ef2267a27d8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.154,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5c292f06-864f-4986-95e1-e93afc36a37c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.154,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d8e1f82f-a46e-474f-85dd-f5494bf92fef}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.154,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.154,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0e42a751-d642-48b3-8ef8-1ef2267a27d8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.154,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5c292f06-864f-4986-95e1-e93afc36a37c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.154,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d8e1f82f-a46e-474f-85dd-f5494bf92fef}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.154,85.255.112.227 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-8-3-15-100001616-100024110-100013844-2079.com (Trojan.Agent) -> Quarantined and deleted successfully.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Akshay at 17:10:14.84 on Thu 03/19/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.3573.2030 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning disabled* (Outdated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Symantec Endpoint Protection *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Users\Akshay\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apntex.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Akshay\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.daemon-search.com/startpage
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080911
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - h:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTorr.dll
mURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTorr.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - h:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTorr.dll
BHO: EndNote Web: {82d2e569-25a7-4e4d-9fa3-c5025b4b7912} - c:\program files\endnote web\ENWIEPlug.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: EndNote Web: {945c8270-a848-11d5-a805-00b0d092f45b} - c:\program files\endnote web\ENWIEPlug.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - h:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTorr.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {56CF4856-ECB4-4E46-A897-A378821F97B9} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [googletalk] c:\users\akshay\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2E5E800E-6AC0-411E-940A-369530A35E43} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll,avgrsstx.dll c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\akshay\appdata\roaming\mozilla\firefox\profiles\bi20xucu.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\daemon tools toolbar\firefoxdtt\components\DTToolbarFF.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: h:\google\picasa3\npPicasa2.dll
FF - plugin: h:\google\picasa3\npPicasa3.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-19 130424]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-10 325128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-9-11 73728]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-10 298264]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-3-19 348752]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-9-11 179712]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-9-11 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-9-11 7424]

=============== Created Last 30 ================

2009-03-19 16:38 --d----- c:\users\akshay\appdata\roaming\Malwarebytes
2009-03-19 16:38 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-19 16:38 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-19 16:38 --d----- c:\programdata\Malwarebytes
2009-03-19 16:38 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-19 16:38 --d----- c:\progra~2\Malwarebytes
2009-03-19 15:07 --d----- c:\users\akshay\appdata\roaming\True Sword
2009-03-19 15:05 356,352 a------- c:\windows\eSellerateEngine.dll
2009-03-19 15:05 81,920 a------- c:\windows\eSellerateControl350.dll
2009-03-19 15:05 --d----- c:\program files\True Sword 5
2009-03-19 14:34 19,456 a------- c:\windows\system32\gaopdxmrmnsxtbteynoegcpxjhpkngvibtcnyy.dll
2009-03-19 14:27 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-03-19 14:27 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-19 14:27 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-19 14:27 a-d----- c:\programdata\TEMP
2009-03-19 14:26 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-03-19 14:26 --d----- c:\program files\common files\PC Tools
2009-03-19 14:26 --d----- c:\users\akshay\appdata\roaming\PC Tools
2009-03-19 14:26 --d----- c:\programdata\PC Tools
2009-03-19 14:26 --d----- c:\program files\Spyware Doctor
2009-03-19 14:26 --d----- c:\progra~2\PC Tools
2009-03-19 14:26 506,368 a------- c:\windows\system32\msxml.dll
2009-03-19 13:58 91,008 a------- c:\windows\system32\drivers\SysPlant.sys
2009-03-19 13:58 136,496 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-19 13:58 10,652 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-19 13:58 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-03-19 13:53 --d----- c:\programdata\Symantec
2009-03-19 13:53 --d----- c:\program files\Symantec
2009-03-19 13:53 --d----- c:\program files\common files\Symantec Shared
2009-03-19 13:53 --d----- c:\progra~2\Symantec
2009-03-16 14:01 4 a------- c:\windows\system32\gaopdxcounter
2009-03-11 01:14 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-11 01:14 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-11 01:14 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-11 01:14 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-11 01:14 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-11 01:14 268,288 a------- c:\windows\system32\schannel.dll
2009-03-04 23:02 351,427 a------- C:\tic tack.zip
2009-02-27 23:15 --d----- c:\program files\LizardTech

==================== Find3M ====================

2009-03-19 16:50 1,660 a------- c:\windows\bthservsdp.dat
2009-03-19 14:17 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-19 14:17 51,200 a------- c:\windows\inf\infpub.dat
2009-03-19 14:17 86,016 a------- c:\windows\inf\infstor.dat
2009-03-13 18:01 149,768 a------- c:\windows\system32\drivers\WpsHelper.sys
2009-02-13 15:19 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-13 15:19 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-15 01:11 827,392 a------- c:\windows\system32\wininet.dll
2009-01-05 17:33 3,751,995 a------- c:\windows\system32\GPhotos.scr
2008-11-29 14:31 8,346,560 a------- c:\users\akshay\appdata\roaming\DataSafeDotNet.exe
2008-09-29 16:23 2,355 a------- c:\program files\Harshal_Raut_Resume.lnk
2008-09-29 12:37 560 a------- c:\program files\HARSHAL RAUT.lnk
2008-09-28 23:38 630 a------- c:\program files\Harshal_Raut_CV_for Interns.lnk
2008-09-28 23:32 570 a------- c:\program files\Harshal_Raut_CV (2).lnk
2008-09-26 21:20 325 a------- c:\program files\HARSHAL_RAUT_CV.lnk
2008-09-26 21:20 190 a------- c:\program files\HARSHALRAUT (J).lnk
2008-09-11 12:08 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 21:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-09-11 09:30 76 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 17:12:59.63 ===============

Hello.
Do you know what this zip file is?
C:\tic tack.zip

Lets finish this off now.

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
c:\windows\system32\gaopdxmrmnsxtbteynoegcpxjhpkngvibtcnyy.dll
c:\windows\system32\gaopdxcounter

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

the tick tack.zip is my intelligent system project ...does it contain a virus??

Don't think so, just asking in case you didn't know, and that it might have been dropped by malware.
Run the latest avenger script.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\gaopdxmrmnsxtbteynoegcpxjhpkngvibtcnyy.dll" deleted successfully.
File "c:\windows\system32\gaopdxcounter" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Hello.
The malware is gone now, but I see you are running two AV's, so I want to get an uninstall list.

• Open HijackThis
  
• Click "Open the Misc Tools section"
  
• Click "Open Uninstall Manager"
  
• Click "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acronis Disk Director Server
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player
Advanced Audio FX Engine
Advanced Video FX Engine
AOL Install
AVG Free 8.0
BitLord 1.1
Broadcom Management Programs
Browser Address Error Redirector
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Crystal Reports Basic for Visual Studio 2008
CutePDF Writer 2.7
DAEMON Tools Toolbar
Dell Best of Web
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
Dell-eBay
Dev-C++ 5 beta 9 release (4.9.9.2)
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Web Player
EarthLink Setup Files
EDocs
EndNote Web 2.3
Free PDF to Word Doc Converter v1.1
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)
GDR 3077 for SQL Server Tools and Workstation Components 2005 ENU (KB960089)
Google Desktop
Google Toolbar for Internet Explorer
GSview 4.9
Halo 2 for Windows Vista
HijackThis 2.0.2
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB952241)
IrfanView (remove only)
Java DB 10.4.1.3
Java(TM) 6 Update 11
Java(TM) 6 Update 5
Java(TM) SE Development Kit 6 Update 10
K-Lite Mega Codec Pack 1.45
Laptop Integrated Webcam Driver (1.04.01.1011)
LEd Beta 0.52
LimeWire PRO 4.8.1
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
LiveUpdate 3.3 (Symantec Corporation)
Lizardtech DjVu Control
Malwarebytes' Anti-Malware
MediaDirect
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft Works
Modem Diagnostic Tool
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Need for Speed Most Wanted
NetWaiting
NetZeroInstallers
OutlookAddinSetup
PeaZip 2.3a
Picasa 3
QuickSet
RealPlayer
Registry Mechanic 8.0
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Skype 3.8
Spyware Doctor 6.0
Symantec Endpoint Protection
The Weather Channel Desktop 6
The Weather Channel Toolbar
TorrentMan Toolbar
True Sword 5
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
VC Runtimes MSI
Veoh Web Player Beta
VideoLAN VLC media player 0.8.6
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime
WIDCOMM Bluetooth Software 6.0.1.3100
Windows Media Player Firefox Plugin
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR archiver
Yahoo! Messenger
Yahoo! Toolbar

You are running two AV's, this is a bad idea as they can conflict and cause problems. I see Symantec and AVG.
I would recommend that you remove Symantec to avoid conflict and other future problems.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

• Adobe Reader 8.1.3
  
• BitLord 1.1
  
• LimeWire PRO 4.8.1
  
• LiveUpdate 3.3 (Symantec Corporation)
  
• Symantec Endpoint Protection
  
• TorrentMan Toolbar
  
• VideoLAN VLC media player 0.8.6
  

Then please find and delete this folder in bold (if present):
C:\Program Files\Limewire

There are some updates to be done to keep you safe now. I have highlighted the old software in question using blue.

Please download and install Adobe Reader version 9 from here:
http://get.adobe.com/uk/reader/

Please download and install VLC Player 0.9.8a from here:
http://www.videolan.org/vlc/download-windows.html

Let me know how the machine is running now.

thx a lot ...my system is working fine ....

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.