win 32 cryptor virus(Trojan.Vundo)

Hi, my computer seems to be infected with the win 32/cryptor virus and unable to remove it
I did all update and run hijack.exe and scanned through Malwarebytes' Anti-Malware as said in previous forum of win32 and also run avenger.exe and deleted
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0
Airtel NetXpert 2.1
Ares 2.1.1
please find logs of files and update me what should i do to remove it ASAP

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.


hijack logs:
Airtel NetXpert 2.1
Ask Toolbar
AVG Free 8.0
Conexant HDA D330 MDC V.92 Modem
Dell Resource CD
Dell Wireless WLAN Card
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
FileASSASSIN
Google Talk (remove only)
Google Talk Plugin
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
Internet Download Manager
Java(TM) 6 Update 3
Kundli for Windows (Professional Edition)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Marvell Miniport Driver
McAfee SecurityCenter
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.8)
Nero OEM
PowerDVD
RealPlayer
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
SigmaTel Audio
ToggleEN Toolbar
True Sword 5
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
WIDCOMM Bluetooth Software
Winamp (remove only)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows XP Service Pack 3
WinRAR archiver
WinZip 12.0
Yahoo! Messenger




MBAM log:
Malwarebytes' Anti-Malware 1.36
Database version: 2087
Windows 5.1.2600 Service Pack 3

5/10/2009 12:57:08 AM
mbam-log-2009-05-10 (00-57-04).txt

Scan type: Quick Scan
Objects scanned: 7737
Time elapsed: 1 hour(s), 7 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fca574ec-e90b-4140-8a12-17c5831b29d6} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\chanwhds (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fca574ec-e90b-4140-8a12-17c5831b29d6} (Trojan.Vundo.H) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\wkidkcc.dll (Trojan.Vundo.H) -> No action taken.

please reply so that i can solve my problem

Hello.

I strongly recommend you to remove Ask from your computer because it's:

• Promoting its toolbars on sites targeted to kids.
  
• Promoting its toolbars through ads that appear to be part of other companies' sites.
  
• Promoting its toolbars through other companies' spyware.
  
• Installing without any disclosure whatsoever and without any consent whatsoever.
  
• Soliciting installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  
• Making confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
  

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

• Ask Toolbar
  
• Java(TM) 6 Update 3
  

Next,

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

please find copied DDS.text,posted message is too big so I am sending u whole file in two messages

1 Part
DDS (Ver_09-03-16.01) - NTFSx86
Run by Kopal_PC at 23:51:12.87 on Sun 05/10/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1063 [GMT 5.5:30]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SiteAdvisor\6173\SAService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kopal_PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kopal_PC\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Kopal_PC\Desktop\dds.pif

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = hxxp://www.ask.com/?o=13928&l=dis
uSearch Page = hxxp://in.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://in.search.yahoo.com
mDefault_Page_URL = hxxp://in.yahoo.com
mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
mSearch Page = hxxp://in.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://in.search.yahoo.com
mStart Page = hxxp://in.yahoo.com
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
uURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
BHO: l, - No File
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6173\SiteAdv.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {fca574ec-e90b-4140-8a12-17c5831b29d6} - c:\windows\system32\wkidkcc.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6173\SiteAdv.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [Google Update] "c:\documents and settings\kopal_pc\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [nxpclient] c:\program files\airtel\netxpert\bin\sprtcmd.exe /P nxpclient
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SiteAdvisor] c:\program files\siteadvisor\6173\SiteAdv.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRunServices: [TrojanShield Protector] c:\program files\trojanshield\Port.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\a.bat
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-system: DisableLockWorkstation = 1 (0x1)
IE: &Search
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241346463031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {11F4B425-3C6A-446C-80F7-F94578ACE88C} = 202.56.215.6,202.56.230.6
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6173\SiteAdv.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: chanwhds - wkidkcc.dll
Notify: igfxcui - igfxdev.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kopal_pc\applic~1\mozilla\firefox\profiles\h4da35jt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=13928&l=dis
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&SearchSource=2&q=
FF - component: c:\documents and settings\kopal_pc\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\program files\siteadvisor\6173\ff\components\FFHook.dll
FF - plugin: c:\documents and settings\kopal_pc\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\kopal_pc\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----

2 part

============= SERVICES / DRIVERS ===============

R0 ruhnabhu;ruhnabhu;c:\windows\system32\drivers\ruhnabhu.sys [2001-10-5 23424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-9 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-9 27784]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-9 214024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-9 298776]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-9 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-9 144704]
R2 sprtsvc_nxpclient;SupportSoft Sprocket Service (nxpclient);c:\program files\airtel\netxpert\bin\sprtsvc.exe [2009-2-9 202800]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-1-24 105984]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-9 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-9 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-9 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-9 34216]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-9 40552]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2009-3-24 34064]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2009-05-10 15:05 --d-h--- c:\windows\PIF
2009-05-10 12:40 356,352 a------- c:\windows\eSellerateEngine.dll
2009-05-10 12:40 81,920 a------- c:\windows\eSellerateControl350.dll
2009-05-10 12:40 --d----- c:\program files\True Sword 5
2009-05-10 11:40 --d----- c:\program files\AskSearch
2009-05-10 11:39 --d----- c:\program files\uTorrent
2009-05-10 11:39 --d----- c:\docume~1\kopal_pc\applic~1\uTorrent
2009-05-10 09:32 --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-05-10 09:31 --d----- c:\program files\common files\iS3
2009-05-10 09:31 --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-05-09 16:40 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-09 16:40 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-09 16:40 --d----- c:\windows\system32\drivers\Avg
2009-05-09 16:40 --d----- c:\docume~1\kopal_pc\applic~1\AVGTOOLBAR
2009-05-09 16:40 --d----- c:\program files\AVG
2009-05-09 16:05 --d----- c:\program files\FileASSASSIN
2009-05-09 15:49 8,747 a------- c:\windows\system32\Config.MPF
2009-05-09 15:46 --d----- c:\program files\SiteAdvisor
2009-05-09 15:46 --d----- c:\docume~1\kopal_pc\applic~1\SiteAdvisor
2009-05-09 15:44 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-05-09 15:44 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-05-09 15:44 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-05-09 15:44 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-05-09 15:44 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-05-09 15:44 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-05-09 15:44 --d----- c:\program files\common files\McAfee
2009-05-09 14:30 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-05-09 14:30 499,712 a------- c:\windows\system32\MSVCP71.dll
2009-05-09 13:24 --d----- c:\program files\McAfee
2009-05-09 13:24 --d----- c:\docume~1\alluse~1\applic~1\McAfee.com
2009-05-09 13:20 --d----- c:\program files\McAfee.com
2009-05-08 00:11 --d----- c:\program files\ATS2
2009-05-07 23:36 --d----- c:\program files\RegistryFix7
2009-05-07 22:16 61,440 a------- c:\windows\system32\drivers\mfksatfj.sys
2009-05-07 21:55 --d----- c:\program files\Trend Micro
2009-05-07 14:48 --d----- c:\docume~1\kopal_pc\applic~1\Malwarebytes
2009-05-07 14:48 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-07 14:48 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-07 14:48 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-07 14:48 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-07 14:28 --d----- c:\docume~1\kopal_pc\applic~1\IObit
2009-05-07 13:43 --d----- c:\docume~1\kopal_pc\applic~1\True Sword
2009-05-07 12:20 --d----- c:\docume~1\kopal_pc\applic~1\TrojanHunter
2009-05-07 11:02 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-07 11:02 --d----- c:\program files\SUPERAntiSpyware
2009-05-07 11:02 --d----- c:\docume~1\kopal_pc\applic~1\SUPERAntiSpyware.com
2009-05-07 10:24 --d----- c:\docume~1\kopal_pc\applic~1\IDM
2009-05-07 10:24 --d----- c:\docume~1\kopal_pc\applic~1\DMCache
2009-05-07 10:24 --d----- c:\program files\Internet Download Manager
2009-05-06 22:54 --d----- c:\documents and settings\kopal_pc\.housecall6.6
2009-05-06 21:33 --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-05-06 21:11 --d----- c:\program files\NoAdware
2009-05-05 23:20 4,431,904 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-05 23:20 345,120 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-05-05 23:20 55,100 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-05 23:20 36,560 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-05-05 22:30 --d----- c:\program files\common files\ParetoLogic
2009-05-05 22:05 221,184 a------- c:\windows\system32\wmpns.dll
2009-05-05 21:28 --d----- c:\windows\system32\scripting
2009-05-05 21:28 --d----- c:\windows\l2schemas
2009-05-05 21:28 --d----- c:\windows\system32\en
2009-05-05 21:28 --d----- c:\windows\system32\bits
2009-05-05 21:25 --d----- c:\windows\ServicePackFiles
2009-05-05 21:22 --d----- c:\windows\network diagnostic
2009-05-04 21:41 268,648 a------- c:\windows\system32\mucltui.dll
2009-05-04 21:41 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-05-03 16:24 --d-h--- C:\$AVG8.VAULT$
2009-05-03 15:50 --d----- c:\docume~1\alluse~1\applic~1\Avg8
2009-05-03 15:29 303,616 a------- c:\windows\IsUninst.exe
2009-05-03 15:06 --d----- c:\docume~1\kopal_pc\applic~1\xunsfzxt
2009-04-29 17:50 210,352 a------- c:\windows\system32\idmmbc.dll
2009-04-17 21:33 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-17 21:33 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 21:33 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-17 21:33 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-17 21:33 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 21:33 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-17 21:33 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-17 21:33 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 21:33 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-17 21:33 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-17 21:33 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-17 21:33 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-17 19:03 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-17 19:03 2,560 -------- c:\windows\system32\xpsp4res.dll

==================== Find3M ====================

2009-05-05 21:31 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-29 00:10 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 19:52 284,160 a------- c:\windows\system32\pdh.dll
2009-02-20 13:40 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 13:40 81,920 a------- c:\windows\system32\ieencode.dll

============= FINISH: 23:52:20.75 ===============

Hello.
The vundo won't go away because a rootkit is protecting it. Before we kill it, there is another junk that needs to go too.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Hi,
I have already send u hijack file(uninstall_list.txt) in my first post
well I am sending you again ,please find and resolve the issue

Airtel NetXpert 2.1
AVG Free 8.5
Conexant HDA D330 MDC V.92 Modem
Dell Resource CD
Dell Wireless WLAN Card
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
FileASSASSIN
Google Talk (remove only)
Google Talk Plugin
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
Internet Download Manager
Kundli for Windows (Professional Edition)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Marvell Miniport Driver
McAfee SecurityCenter
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.8)
Nero OEM
PowerDVD
RealPlayer
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
SigmaTel Audio
ToggleEN Toolbar
True Sword 5
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
WIDCOMM Bluetooth Software
Winamp (remove only)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows XP Service Pack 3
WinRAR archiver
WinZip 12.0
Yahoo! Messenger

You are running two antivirus', I see from the uninstall list you have Mcafee installed, along with AVG. This is a bad idea as they can conflict and cause more problems. I would recommend that you remove Mcafee to avoid conflict and other future problems.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

• LiveUpdate 1.80 (Symantec Corporation)
  
• McAfee SecurityCenter
  
• True Sword 5
  

I see that you are running uTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to disable:
ruhnabhu

Drivers to delete:
ruhnabhu

Files to delete:
C:\WINDOWS\system32\drivers\ruhnabhu.sys
c:\windows\system32\wkidkcc.dll

Folders to delete:
c:\program files\AskSearch
c:\program files\NoAdware
c:\docume~1\kopal_pc\applic~1\xunsfzxt
c:\program files\AskSearch
c:\docume~1\kopal_pc\applic~1\uTorrent
c:\program files\uTorrent
c:\program files\ares

Registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fca574ec-e90b-4140-8a12-17c5831b29d6}
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\chanwhds

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

3. Please copy/paste the content of c:\avenger.txt into your reply.

Hey Thanks Its work
finally all infected file removed from my PC
but no avenger.txt stored in my PC even in C: .It was generated when I restarted my system but somehow I lost it.
please find latest mba log file results

Malwarebytes' Anti-Malware 1.36
Database version: 2103
Windows 5.1.2600 Service Pack 3

5/11/2009 11:18:07 PM
mbam-log-2009-05-11 (23-18-07).txt

Scan type: Quick Scan
Objects scanned: 77006
Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fca574ec-e90b-4140-8a12-17c5831b29d6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\chanwhds (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fca574ec-e90b-4140-8a12-17c5831b29d6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\windows\system32\wkidkcc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-602162358-2111687655-725345543-1003\Dc18.exe (Rogue.Installer) -> Quarantined and deleted successfully.

Should I need to do anything more?
Thanks again

Can you re-run DDS for me, I just wanna get an updated log and make sure there's no more malware showing.

For ur kind concern I amsending u DDS log.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Kopal_PC at 22:07:46.74 on Tue 05/12/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1487 [GMT 5.5:30]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\\WINDOWS\\system32\\svchost -k DcomLaunch
svchost.exe
C:\\WINDOWS\\System32\\svchost.exe -k netsvcs
C:\\Program Files\\WIDCOMM\\Bluetooth Software\\bin\\btwdins.exe
svchost.exe
svchost.exe
C:\\WINDOWS\\System32\\WLTRYSVC.EXE
C:\\WINDOWS\\System32\\bcmwltry.exe
C:\\WINDOWS\\system32\\spoolsv.exe
svchost.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe
C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE
C:\\Program Files\\Airtel\\NetXpert\\bin\\sprtsvc.exe
C:\\Program Files\\SigmaTel\\C-Major Audio\\DellXPM_5515v131\\WDM\\STacSV.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgrsx.exe
C:\\WINDOWS\\system32\\svchost.exe -k imgsvc
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe
C:\\Program Files\\SigmaTel\\C-Major Audio\\WDM\\stsystra.exe
C:\\WINDOWS\\system32\\igfxsrvc.exe
C:\\WINDOWS\\system32\\igfxpers.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Documents and Settings\\Kopal_PC\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe
C:\\Program Files\\Messenger\\msmsgs.exe
C:\\Program Files\\Internet Download Manager\\IDMan.exe
C:\\Program Files\\WinZip\\WZQKPICK.EXE
C:\\Program Files\\Internet Download Manager\\IEMonitor.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe
C:\\Documents and Settings\\Kopal_PC\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe
C:\\Documents and Settings\\Kopal_PC\\Desktop\\dds.pif

============== Pseudo HJT Report ===============

uLocal Page = \\blank.htm
uStart Page = hxxp://www.ask.com/?o=13928&l=dis
uSearch Page = hxxp://in.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://in.search.yahoo.com
mDefault_Page_URL = hxxp://in.yahoo.com
mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
mSearch Page = hxxp://in.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://in.search.yahoo.com
mStart Page = hxxp://in.yahoo.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\\program files\\toggleen\\tbTog0.dll
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\\program files\\asksearch\\bin\\DefaultSearch.dll
BHO: l, - No File
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\\program files\\internet download manager\\IDMIECC.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\\program files\\toggleen\\tbTog0.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\\program files\\avg\\avg8\\avgssie.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\\progra~1\\avg\\avg8\\AVGTOO~1.DLL
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\\program files\\toggleen\\tbTog0.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\\progra~1\\avg\\avg8\\AVGTOO~1.DLL
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\\windows\\system32\\ctfmon.exe
uRun: [ares] "c:\\program files\\ares\\Ares.exe" -h
uRun: [Google Update] "c:\\documents and settings\\kopal_pc\\local settings\\application data\\google\\update\\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\\program files\\yahoo!\\messenger\\YahooMessenger.exe" -quiet
uRun: [MSMSGS] "c:\\program files\\messenger\\msmsgs.exe" /background
uRun: [IDMan] c:\\program files\\internet download manager\\IDMan.exe /onboot
mRun: [TkBellExe] "c:\\program files\\common files\\real\\update_ob\\realsched.exe" -osboot
mRun: [SigmatelSysTrayApp] %ProgramFiles%\\SigmaTel\\C-Major Audio\\WDM\\stsystra.exe
mRun: [IgfxTray] c:\\windows\\system32\\igfxtray.exe
mRun: [Persistence] c:\\windows\\system32\\igfxpers.exe
mRun: [nxpclient] c:\\program files\\airtel\\netxpert\\bin\\sprtcmd.exe /P nxpclient
mRun: [googletalk] c:\\program files\\google\\google talk\\googletalk.exe /autostart
mRun: [AVG8_TRAY] c:\\progra~1\\avg\\avg8\\avgtray.exe
mRunServices: [TrojanShield Protector] c:\\program files\\trojanshield\\Port.exe
StartupFolder: c:\\documents and settings\\all users\\start menu\\programs\\startup\\a.bat
StartupFolder: c:\\docume~1\\alluse~1\\startm~1\\programs\\startup\\blueto~1.lnk - c:\\program files\\widcomm\\bluetooth software\\BTTray.exe
StartupFolder: c:\\docume~1\\alluse~1\\startm~1\\programs\\startup\\winzip~1.lnk - c:\\program files\\winzip\\WZQKPICK.EXE
uPolicies-system: DisableLockWorkstation = 1 (0x1)
IE: &Search
IE: Download all links with IDM - c:\\program files\\internet download manager\\IEGetAll.htm
IE: Download FLV video content with IDM - c:\\program files\\internet download manager\\IEGetVL.htm
IE: Download with IDM - c:\\program files\\internet download manager\\IEExt.htm
IE: E&xport to Microsoft Excel - c:\\progra~1\\micros~2\\office11\\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\\program files\\widcomm\\bluetooth software\\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\\program files\\widcomm\\bluetooth software\\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\\program files\\messenger\\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\\progra~1\\micros~2\\office11\\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241346463031
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {11F4B425-3C6A-446C-80F7-F94578ACE88C} = 202.56.215.6,202.56.230.6
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\\program files\\avg\\avg8\\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

================= FIREFOX ===================

FF - ProfilePath - c:\\docume~1\\kopal_pc\\applic~1\\mozilla\\firefox\\profiles\\h4da35jt.default\\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://google.co.in
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&SearchSource=2&q=
FF - component: c:\\documents and settings\\kopal_pc\\application data\\idm\\idmmzcc3\\components\\idmmzcc.dll
FF - component: c:\\program files\\avg\\avg8\\firefox\\components\\avgssff.dll
FF - component: c:\\program files\\avg\\avg8\\toolbarff\\components\\vmAVGConnector.dll
FF - plugin: c:\\documents and settings\\kopal_pc\\application data\\mozilla\\plugins\\npgoogletalk.dll
FF - plugin: c:\\documents and settings\\kopal_pc\\local settings\\application data\\google\\update\\1.2.145.5\\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\\windows\\system32\\drivers\\avgldx86.sys [2009-5-9 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\\windows\\system32\\drivers\\avgmfx86.sys [2009-5-9 27784]
R2 avg8wd;AVG Free8 WatchDog;c:\\progra~1\\avg\\avg8\\avgwdsvc.exe [2009-5-9 298776]
R2 sprtsvc_nxpclient;SupportSoft Sprocket Service (nxpclient);c:\\program files\\airtel\\netxpert\\bin\\sprtsvc.exe [2009-2-9 202800]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\\windows\\system32\\drivers\\IntcHdmi.sys [2009-1-24 105984]
S3 NPF;WinPcap Packet Driver (NPF);c:\\windows\\system32\\drivers\\npf.sys [2009-3-24 34064]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2009-05-11 22:30 --d----- c:\\docume~1\\alluse~1\\applic~1\\Downloaded Installations
2009-05-10 15:05 --d-h--- c:\\windows\\PIF
2009-05-10 12:40 356,352 a------- c:\\windows\\eSellerateEngine.dll
2009-05-10 12:40 81,920 a------- c:\\windows\\eSellerateControl350.dll
2009-05-10 12:40 --d----- c:\\program files\\True Sword 5
2009-05-10 09:32 --d----- c:\\docume~1\\alluse~1\\applic~1\\SITEguard
2009-05-10 09:31 --d----- c:\\program files\\common files\\iS3
2009-05-10 09:31 --d----- c:\\docume~1\\alluse~1\\applic~1\\STOPzilla!
2009-05-09 16:40 11,952 a------- c:\\windows\\system32\\avgrsstx.dll
2009-05-09 16:40 325,896 a------- c:\\windows\\system32\\drivers\\avgldx86.sys
2009-05-09 16:40 --d----- c:\\windows\\system32\\drivers\\Avg
2009-05-09 16:40 --d----- c:\\docume~1\\kopal_pc\\applic~1\\AVGTOOLBAR
2009-05-09 16:40 --d----- c:\\program files\\AVG
2009-05-09 14:30 1,060,864 a------- c:\\windows\\system32\\MFC71.dll
2009-05-09 14:30 499,712 a------- c:\\windows\\system32\\MSVCP71.dll
2009-05-09 13:24 --d----- c:\\docume~1\\alluse~1\\applic~1\\McAfee.com
2009-05-08 00:11 --d----- c:\\program files\\ATS2
2009-05-07 23:36 --d----- c:\\program files\\RegistryFix7
2009-05-07 22:16 61,440 a------- c:\\windows\\system32\\drivers\\mfksatfj.sys
2009-05-07 21:55 --d----- c:\\program files\\Trend Micro
2009-05-07 14:48 --d----- c:\\docume~1\\kopal_pc\\applic~1\\Malwarebytes
2009-05-07 14:48 15,504 a------- c:\\windows\\system32\\drivers\\mbam.sys
2009-05-07 14:48 38,496 a------- c:\\windows\\system32\\drivers\\mbamswissarmy.sys
2009-05-07 14:48 --d----- c:\\program files\\Malwarebytes' Anti-Malware
2009-05-07 14:48 --d----- c:\\docume~1\\alluse~1\\applic~1\\Malwarebytes
2009-05-07 14:28 --d----- c:\\docume~1\\kopal_pc\\applic~1\\IObit
2009-05-07 13:43 --d----- c:\\docume~1\\kopal_pc\\applic~1\\True Sword
2009-05-07 12:20 --d----- c:\\docume~1\\kopal_pc\\applic~1\\TrojanHunter
2009-05-07 11:02 --d----- c:\\docume~1\\alluse~1\\applic~1\\SUPERAntiSpyware.com
2009-05-07 11:02 --d----- c:\\program files\\SUPERAntiSpyware
2009-05-07 11:02 --d----- c:\\docume~1\\kopal_pc\\applic~1\\SUPERAntiSpyware.com
2009-05-07 10:24 --d----- c:\\docume~1\\kopal_pc\\applic~1\\IDM
2009-05-07 10:24 --d----- c:\\docume~1\\kopal_pc\\applic~1\\DMCache
2009-05-07 10:24 --d----- c:\\program files\\Internet Download Manager
2009-05-06 22:54 --d----- c:\\documents and settings\\kopal_pc\\.housecall6.6
2009-05-06 21:33 --d----- c:\\docume~1\\alluse~1\\applic~1\\ParetoLogic
2009-05-05 23:20 4,431,904 a--sh--- c:\\windows\\system32\\drivers\\fidbox.dat
2009-05-05 23:20 345,120 a--sh--- c:\\windows\\system32\\drivers\\fidbox2.dat
2009-05-05 23:20 55,100 a--sh--- c:\\windows\\system32\\drivers\\fidbox.idx
2009-05-05 23:20 36,560 a--sh--- c:\\windows\\system32\\drivers\\fidbox2.idx
2009-05-05 22:30 --d----- c:\\program files\\common files\\ParetoLogic
2009-05-05 22:05 221,184 a------- c:\\windows\\system32\\wmpns.dll
2009-05-05 21:28 --d----- c:\\windows\\system32\\scripting
2009-05-05 21:28 --d----- c:\\windows\\l2schemas
2009-05-05 21:28 --d----- c:\\windows\\system32\\en
2009-05-05 21:28 --d----- c:\\windows\\system32\\bits
2009-05-05 21:25 --d----- c:\\windows\\ServicePackFiles
2009-05-05 21:22 --d----- c:\\windows\\network diagnostic
2009-05-04 21:41 268,648 a------- c:\\windows\\system32\\mucltui.dll
2009-05-04 21:41 27,496 a------- c:\\windows\\system32\\mucltui.dll.mui
2009-05-03 16:24 --d-h--- C:\\$AVG8.VAULT$
2009-05-03 15:50 --d----- c:\\docume~1\\alluse~1\\applic~1\\Avg8
2009-05-03 15:29 303,616 a------- c:\\windows\\IsUninst.exe
2009-04-29 17:50 210,352 a------- c:\\windows\\system32\\idmmbc.dll
2009-04-17 21:33 473,600 -c------ c:\\windows\\system32\\dllcache\\fastprox.dll
2009-04-17 21:33 453,120 -c------ c:\\windows\\system32\\dllcache\\wmiprvsd.dll
2009-04-17 21:33 401,408 -c------ c:\\windows\\system32\\dllcache\\rpcss.dll
2009-04-17 21:33 284,160 -c------ c:\\windows\\system32\\dllcache\\pdh.dll
2009-04-17 21:33 227,840 -c------ c:\\windows\\system32\\dllcache\\wmiprvse.exe
2009-04-17 21:33 110,592 -c------ c:\\windows\\system32\\dllcache\\services.exe
2009-04-17 21:33 2,145,280 -c------ c:\\windows\\system32\\dllcache\\ntkrnlmp.exe
2009-04-17 21:33 729,088 -c------ c:\\windows\\system32\\dllcache\\lsasrv.dll
2009-04-17 21:33 714,752 -c------ c:\\windows\\system32\\dllcache\\ntdll.dll
2009-04-17 21:33 617,472 -c------ c:\\windows\\system32\\dllcache\\advapi32.dll
2009-04-17 21:33 2,189,056 -c------ c:\\windows\\system32\\dllcache\\ntoskrnl.exe
2009-04-17 21:33 2,023,936 -c------ c:\\windows\\system32\\dllcache\\ntkrpamp.exe
2009-04-17 19:03 215,552 -c------ c:\\windows\\system32\\dllcache\\wordpad.exe
2009-04-17 19:03 2,560 -------- c:\\windows\\system32\\xpsp4res.dll

==================== Find3M ====================

2009-05-05 21:31 86,327 a------- c:\\windows\\pchealth\\helpctr\\offlinecache\\index.dat
2009-03-29 00:10 410,984 a------- c:\\windows\\system32\\deploytk.dll
2009-03-06 19:52 284,160 a------- c:\\windows\\system32\\pdh.dll
2009-02-20 13:40 666,112 a------- c:\\windows\\system32\\wininet.dll
2009-02-20 13:40 81,920 a------- c:\\windows\\system32\\ieencode.dll

============= FINISH: 22:08:02.03 ===============

Hello.
DDS looks good, just need to throw out some leftovers.

Can you post a new Hijack This log too please?

log file details:
Airtel NetXpert 2.1
AVG Free 8.5
Conexant HDA D330 MDC V.92 Modem
Dell Resource CD
Dell Wireless WLAN Card
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Google Talk (remove only)
Google Talk Plugin
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
Internet Download Manager
Kundli for Windows (Professional Edition)
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.8)
Nero OEM
PowerDVD
RealPlayer
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
SigmaTel Audio
ToggleEN Toolbar
True Sword 5
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
WIDCOMM Bluetooth Software
Winamp (remove only)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows XP Service Pack 3
WinRAR archiver
WinZip 12.0
Yahoo! Messenger

That's an uninstall log.

Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:18 PM, on 5/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\WIDCOMM\\Bluetooth Software\\bin\\btwdins.exe
C:\\WINDOWS\\System32\\WLTRYSVC.EXE
C:\\WINDOWS\\System32\\bcmwltry.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe
C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE
C:\\Program Files\\Airtel\\NetXpert\\bin\\sprtsvc.exe
C:\\Program Files\\SigmaTel\\C-Major Audio\\DellXPM_5515v131\\WDM\\STacSV.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgrsx.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe
C:\\Program Files\\SigmaTel\\C-Major Audio\\WDM\\stsystra.exe
C:\\WINDOWS\\system32\\igfxsrvc.exe
C:\\WINDOWS\\system32\\igfxpers.exe
C:\\Program Files\\Airtel\\NetXpert\\bin\\sprtcmd.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Documents and Settings\\Kopal_PC\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe
C:\\Program Files\\Messenger\\msmsgs.exe
C:\\Program Files\\Internet Download Manager\\IDMan.exe
C:\\Program Files\\WinZip\\WZQKPICK.EXE
C:\\Program Files\\Internet Download Manager\\IEMonitor.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe
C:\\Documents and Settings\\Kopal_PC\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe
C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://in.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://in.search.yahoo.com
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.ask.com/?o=13928&l=dis
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://in.yahoo.com
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://in.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://in.search.yahoo.com
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://in.yahoo.com
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Local Page = \\blank.htm
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\\Program Files\\ToggleEN\\tbTog0.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\\Program Files\\AskSearch\\bin\\DefaultSearch.dll (file missing)
O2 - BHO: (no name) - l, - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\\Program Files\\Internet Download Manager\\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\\Program Files\\ToggleEN\\tbTog0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\\Program Files\\AVG\\AVG8\\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\\PROGRA~1\\AVG\\AVG8\\AVGTOO~1.DLL
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\\Program Files\\ToggleEN\\tbTog0.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\\PROGRA~1\\AVG\\AVG8\\AVGTOO~1.DLL
O4 - HKLM\\..\\Run: [TkBellExe] "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe" -osboot
O4 - HKLM\\..\\Run: [SigmatelSysTrayApp] %ProgramFiles%\\SigmaTel\\C-Major Audio\\WDM\\stsystra.exe
O4 - HKLM\\..\\Run: [IgfxTray] C:\\WINDOWS\\system32\\igfxtray.exe
O4 - HKLM\\..\\Run: [Persistence] C:\\WINDOWS\\system32\\igfxpers.exe
O4 - HKLM\\..\\Run: [nxpclient] C:\\Program Files\\Airtel\\NetXpert\\bin\\sprtcmd.exe /P nxpclient
O4 - HKLM\\..\\Run: [googletalk] C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart
O4 - HKLM\\..\\Run: [AVG8_TRAY] C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe
O4 - HKLM\\..\\RunServices: [TrojanShield Protector] C:\\Program Files\\TrojanShield\\Port.exe
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [ares] "C:\\Program Files\\Ares\\Ares.exe" -h
O4 - HKCU\\..\\Run: [Google Update] "C:\\Documents and Settings\\Kopal_PC\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe" /c
O4 - HKCU\\..\\Run: [Messenger (Yahoo!)] "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe" -quiet
O4 - HKCU\\..\\Run: [MSMSGS] "C:\\Program Files\\Messenger\\msmsgs.exe" /background
O4 - HKCU\\..\\Run: [IDMan] C:\\Program Files\\Internet Download Manager\\IDMan.exe /onboot
O4 - Global Startup: a.bat
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\\Program Files\\WinZip\\WZQKPICK.EXE
O8 - Extra context menu item: Download all links with IDM - C:\\Program Files\\Internet Download Manager\\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\\Program Files\\Internet Download Manager\\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\\Program Files\\Internet Download Manager\\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\OFFICE11\\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\OFFICE11\\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241346463031
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{11F4B425-3C6A-446C-80F7-F94578ACE88C}: NameServer = 202.56.215.6,202.56.230.6
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG8\\avgpp.dll
O18 - Filter hijack: text/xml - (no CLSID) - (no file)
O20 - Winlogon Notify: avgrsstarter - C:\\WINDOWS\\SYSTEM32\\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\bin\\btwdins.exe
O23 - Service: SupportSoft Sprocket Service (nxpclient) (sprtsvc_nxpclient) - SupportSoft, Inc. - C:\\Program Files\\Airtel\\NetXpert\\bin\\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\\Program Files\\SigmaTel\\C-Major Audio\\DellXPM_5515v131\\WDM\\STacSV.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\\WINDOWS\\System32\\WLTRYSVC.EXE

--
End of file - 8102 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.ask.com/?o=13928&l=dis
  R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
  R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
  R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\\Program Files\\AskSearch\\bin\\DefaultSearch.dll (file missing)
  O2 - BHO: (no name) - l, - (no file)
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
  O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
  O4 - HKCU\\..\\Run: [ares] "C:\\Program Files\\Ares\\Ares.exe" -h
  O4 - Global Startup: a.bat
  O18 - Filter hijack: text/xml - (no CLSID) - (no file)
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

That should do it.

Thanks for ur help and support
I have fixed all points suggested by u,but unable to fix O18 - Filter hijack: text/xml - (no CLSID) - (no file)
Please find latest hijack log file ,and suggest me what can i do to prevent
these types of trojan virus and malware,should I need to install some antispayware?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:25 PM, on 5/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kopal_PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kopal_PC\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://in.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://in.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [nxpclient] C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe /P nxpclient
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunServices: [TrojanShield Protector] C:\Program Files\TrojanShield\Port.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kopal_PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241346463031
O17 - HKLM\System\CCS\Services\Tcpip\..\{11F4B425-3C6A-446C-80F7-F94578ACE88C}: NameServer = 202.56.215.6,202.56.230.6
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/xml - (no CLSID) - (no file)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: SupportSoft Sprocket Service (nxpclient) (sprtsvc_nxpclient) - SupportSoft, Inc. - C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7294 bytes

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

Thanks for updating me and giving me important and useful information javascript:emoticonp('')