Inactive [InActive] Malware disabled windows xp startup process

Hi

I have Dell XPS M140 laptop and recently had a malware/spyware attack which disabled the XP startup process. I tried running Norton and few other virus and spywares , but it is getting disabled. Below is the DDS log, can someone please help to fix this issue? Thanks in advance.


DDS (Ver_09-01-18.01) - NTFSx86 MINIMAL
Run by X at 13:52:39.43 on Sun 01/18/2009
Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: {1bc4466b-a618-4f09-9efc-70c9df39020f} - c:\windows\system32\geBtRljg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.1.0.33\IPSBHO.DLL
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\khfCuRkk.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [prunnet] "c:\windows\system32\prunnet.exe "
uRun: [gadcom] "c:\documents and settings\dushmanthi\application data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [prunnet] "c:\windows\system32\prunnet.exe "
mRun: [a-squared] "c:\program files\a-squared anti-malware\a2guard.exe "
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRunOnce: [ashMaiSv] c:\progra~1\alwils~1\avast4\ashMaiSv.exe /i
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: khfCuRkk - khfCuRkk.dll
AppInit_DLLs: ewrluo.dll ftmiss.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\khfCuRkk.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\geBtRljg

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-01-16 15:00 <DIR> --d----- c:\program files\XoftSpySE
2008-12-21 17:27 <DIR> --d----- c:\program files\a-squared Anti-Malware
2008-12-21 16:33 61,440 a------- c:\windows\system32\~.exe
2008-12-20 21:21 35,888 a----r-- c:\windows\system32\drivers\SymIM.sys
2008-12-20 21:21 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-20 21:21 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2008-12-20 21:21 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-20 21:21 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-12-20 21:21 <DIR> --d----- c:\program files\Symantec
2008-12-20 21:20 <DIR> --d----- c:\windows\system32\drivers\NAV
2008-12-20 21:20 <DIR> --d----- c:\program files\Norton AntiVirus
2008-12-20 21:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2008-12-20 21:20 <DIR> --d----- c:\program files\NortonInstaller
2008-12-20 21:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2008-12-20 19:18 1,661,209 ---sh--- c:\windows\system32\wbeijlwv.ini
2008-12-20 19:18 93,696 a------- c:\windows\system32\vwljiebw.dll
2008-12-20 19:16 135,168 a------- c:\windows\system32\ftmiss.dll
2008-12-20 19:16 135,168 a------- c:\windows\system32\retxxgeg.dll
2008-12-20 19:12 <DIR> --d----- c:\temp\REX81
2008-12-20 19:11 57,856 a------- c:\windows\system32\xxyxWNHw.dll
2008-12-20 19:11 135,168 a------- c:\windows\system32\ewrluo.dll
2008-12-20 19:11 135,168 a------- c:\windows\system32\fcywvyxe.dll
2008-12-20 19:09 11,990 a--sh--- c:\windows\system32\gjlRtBeg.ini2
2008-12-20 19:09 11,990 a--sh--- c:\windows\system32\gjlRtBeg.ini
2008-12-20 19:09 286,208 a------- c:\windows\system32\geBtRljg.dll
2008-12-20 19:05 57,856 a------- c:\windows\system32\awttutQg.dll
2008-12-20 19:04 <DIR> --d----- c:\docume~1\dushma~1\applic~1\gadcom
2008-12-20 19:04 45,056 a------- c:\windows\system32\hgGASifG.dll
2008-12-20 19:04 57,856 a------- c:\windows\system32\ljJAQIXq.dll
2008-12-20 19:04 57,856 a------- c:\windows\system32\khfCuRkk.dll
2008-12-20 19:03 70,656 a------- c:\windows\system32\prunnet.exe

==================== Find3M ====================

2008-12-13 01:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-06 18:52 6,788 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-11-17 15:04 2,306,113 a------- c:\windows\system32\GPhotos.scr
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-06-07 14:08 269 a------- c:\program files\common files\ladu
2008-06-07 13:05 269 a------- c:\program files\common files\ladu915
2007-07-24 17:37 56,912 a------- c:\documents and settings\dushmanthi\g2mdlhlpx.exe
2006-08-11 10:11 56 ---shr-- c:\windows\system32\135A9A902A.sys
2008-09-21 16:33 0 a--sh--- c:\windows\system32\ninukoso.dll
2008-09-21 16:33 0 a--sh--- c:\windows\system32\segorado.dll
2008-09-21 16:33 0 a--sh--- c:\windows\system32\zojetiru.dll
2008-09-03 21:03 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090320080904\index.dat

============= FINISH: 13:56:02.48 ===============



==== Installed Programs ======================

a-squared Anti-Malware 4.0
ABC (remove only)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Reader 8.1.2
Advertisement Service
altcompare
Anti-Trojan Shield 2
AOLIcon
avast! Antivirus
Broadcom Management Programs
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro X
Corel Photo Album 6
CueCard (remove only)
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support Center (Support Software)
DellSupport
Digital Line Detect
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
EarthLink setup files
ELIcon
ESPNMotion
FastStone Photo Resizer 2.6
GemMaster Mystic
Get High Speed Internet!
Glary Utilities 2.5.3
Google Earth
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
HTML Executable IERuntime

 

Welcome to WindowsBBS njgirl

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix


Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.