Hi,
Thanks for your reply. As per your instruction I have run combofix and their log files are shown below. Some how I was not able to disable my McAffe antivirus enterprise, so I did run combofix twice before and after removing antivirus.
Below is the lof file before removing antivirus. Log file after removing antivirus is attached with this message as a log-2.txt. In the same way combofis.txt is before removing antivirus and combofix-2.txt is after removing antivirus. Hope this information will be helpful to fix my issue.
ComboFix 10-03-10.08 - PULIN 03/11/2010 11:34:46.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1331 [GMT -6:00]
Running from: c:\documents and settings\PULIN\Desktop\pulinCF.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-1644491937-1292428093-725345543-1003
c:\recycler\S-1-5-21-1682508817-1800803623-1141150777-1003
c:\recycler\S-1-5-21-2290454960-2953975225-4089710087-1003
c:\recycler\S-1-5-21-246832256-3006914963-493307199-1003
c:\recycler\S-1-5-21-3293920870-4118683337-1468059775-1003
c:\recycler\S-1-5-21-939244760-1862961615-370437480-1003
C:\Thumbs.db
c:\windows\regsvr32.exe
c:\windows\setup.exe
c:\windows\system\oeminfo.ini
c:\windows\system32\Thumbs.db
----- BITS: Possible infected sites -----
hxxp://SCCMSITESRV.MATRIX.TXSTATE.EDU:80
.
((((((((((((((((((((((((( Files Created from 2010-02-11 to 2010-03-11 )))))))))))))))))))))))))))))))
.
2010-03-08 20:03 . 2010-03-08 20:03 -------- d-----w- C:\spoolerlogs
2010-03-03 22:59 . 2010-03-03 22:59 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-02 22:53 . 2010-03-02 22:53 -------- d-----w- c:\documents and settings\Temp\Application Data\PC Tools
2010-03-02 22:39 . 2010-03-02 22:39 -------- d-----w- c:\documents and settings\Temp\Local Settings\Application Data\Identities
2010-03-02 22:38 . 2010-03-02 22:38 -------- d-----w- c:\documents and settings\Temp\Local Settings\Application Data\Ahead
2010-03-02 22:38 . 2010-03-02 22:38 -------- d-----w- c:\documents and settings\Temp\Local Settings\Application Data\Symantec
2010-03-02 17:27 . 2010-03-02 17:27 -------- d-----w- c:\program files\McAfee Security Scan
2010-03-02 17:26 . 2010-03-11 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-03-01 20:37 . 2010-03-01 20:37 -------- d-----w- c:\documents and settings\PULIN\Local Settings\Application Data\Symantec
2010-03-01 20:35 . 2010-03-02 22:43 40 ----a-w- c:\windows\system32\profile.dat
2010-03-01 20:28 . 2010-03-03 22:57 -------- d-----w- c:\program files\Symantec
2010-03-01 20:27 . 2010-03-03 22:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-01 20:27 . 2010-03-01 20:27 -------- d-----w- c:\program files\Symantec Client Security
2010-03-01 20:07 . 2010-03-01 20:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-03-01 17:14 . 2010-03-01 17:38 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-28 23:54 . 2010-02-28 23:54 -------- d-----w- c:\program files\Trend Micro
2010-02-27 19:48 . 2010-03-11 16:50 -------- d-----w- c:\program files\Crawler
2010-02-27 04:00 . 2010-02-27 04:00 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2010-02-27 04:00 . 2010-02-27 04:00 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2010-02-27 04:00 . 2010-02-27 04:00 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-02-27 04:00 . 2010-02-27 20:07 -------- d-----w- c:\documents and settings\PULIN\Application Data\Spyware Terminator
2010-02-27 04:00 . 2010-02-28 06:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-02-27 04:00 . 2010-02-28 06:28 -------- d-----w- c:\program files\Spyware Terminator
2010-02-27 03:56 . 2009-08-19 17:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-27 03:56 . 2010-03-11 16:54 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-27 03:55 . 2010-03-11 16:49 -------- d-----w- c:\program files\PC Tools AntiVirus
2010-02-25 19:57 . 2010-02-25 19:57 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-25 19:56 . 2010-02-25 19:56 -------- d-----w- c:\documents and settings\PULIN\Application Data\Malwarebytes
2010-02-25 19:56 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-25 19:56 . 2010-02-25 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-25 19:56 . 2010-02-25 19:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-25 19:56 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-23 17:33 . 2010-02-23 17:33 -------- d-----w- c:\documents and settings\PULIN\Local Settings\Application Data\Threat Expert
2010-02-23 16:47 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-02-23 16:46 . 2009-11-27 16:07 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2010-02-23 16:46 . 2009-11-27 16:07 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2010-02-23 15:46 . 2010-02-24 04:36 -------- d-----w- c:\program files\Spyware Doctor
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-17 21:08 . 2010-02-17 21:08 -------- d-----w- c:\program files\Common Files\WexTech Shared
2010-02-17 21:08 . 2010-02-17 21:08 -------- d-----w- c:\program files\Common Files\LHSPF
2010-02-17 21:08 . 1996-08-09 07:30 68880 ----a-w- c:\windows\REGINI.EXE
2010-02-17 21:07 . 1998-10-19 16:11 167424 ----a-w- c:\windows\system32\awrtl30.dll
2010-02-17 21:07 . 1998-06-17 06:00 94285 ----a-w- c:\windows\system32\MSVCIRTD.DLL
2010-02-17 21:07 . 1998-06-17 06:00 516173 ----a-w- c:\windows\system32\MSVCP60D.DLL
2010-02-17 21:07 . 1999-03-23 05:00 929844 ----a-w- c:\windows\system32\MFC42D.DLL
2010-02-17 21:07 . 1999-03-23 05:00 798773 ----a-w- c:\windows\system32\MFCO42D.DLL
2010-02-17 21:07 . 1998-08-04 16:22 111616 ----a-w- c:\windows\system32\Ltih30tb.dll
2010-02-17 21:07 . 1999-03-23 05:00 401484 ----a-w- c:\windows\system32\MSVCRTD.DLL
2010-02-17 21:04 . 2010-02-19 18:05 -------- d-----w- C:\Millennium
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 16:47 . 2008-11-14 19:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-10 21:28 . 2007-02-15 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-07 22:27 . 2007-01-14 19:28 -------- d-----w- c:\documents and settings\PULIN\Application Data\U3
2010-03-07 18:34 . 2006-01-02 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-07 18:19 . 2006-11-21 17:57 131816 -c--a-w- c:\documents and settings\PULIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-01 20:27 . 2005-07-23 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-22 15:53 . 2005-07-13 20:38 -------- d-----w- c:\program files\Google
2010-02-13 22:55 . 2007-06-18 15:34 99516 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-02-05 16:39 . 2010-02-05 16:39 251376 ----a-w- c:\documents and settings\PULIN\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-01-28 00:30 . 2010-01-28 00:30 -------- d-----w- c:\program files\DIFX
2010-01-28 00:29 . 2010-01-28 00:29 -------- d-----w- c:\program files\Keyspan
2010-01-28 00:29 . 2005-07-13 18:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-28 00:26 . 2010-01-28 00:26 -------- d-----w- c:\program files\Common Files\Polymer Laboratories
2010-01-28 00:26 . 2010-01-28 00:26 -------- d-----w- c:\program files\Polymer Laboratories
2010-01-28 00:24 . 2010-01-28 00:24 -------- d-----w- c:\program files\Renaissance
2010-01-27 21:31 . 2010-01-27 21:30 -------- d-----w- c:\program files\iTunes
2010-01-27 21:30 . 2006-04-22 04:26 -------- d-----w- c:\program files\iPod
2010-01-27 21:30 . 2007-09-07 21:25 -------- d-----w- c:\program files\Common Files\Apple
2010-01-27 21:25 . 2010-01-27 21:24 -------- d-----w- c:\program files\QuickTime
2010-01-27 21:19 . 2010-01-27 21:19 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-31 16:50 . 2008-02-12 08:51 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2008-02-12 19:59 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 21:00 . 2008-04-10 21:36 256 -c--a-w- c:\windows\system32\pool.bin
2009-12-16 18:43 . 2005-07-13 18:08 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-02-12 19:58 33280 ----a-w- c:\windows\system32\csrsrv.dll
2008-09-29 14:07 . 2009-01-14 16:30 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2007-06-27 16:46 . 2007-06-27 16:46 88 -csha-r- c:\windows\system32\C956A61D0F.sys
2007-06-27 16:49 . 2007-06-27 16:46 2828 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-09 6746112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
c:\documents and settings\Visitor\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 22:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-02 19:43 133104 ----atw- c:\documents and settings\PULIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-06-09 23:56 6746112 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2010-02-27 04:00 2166784 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-02-27 04:00 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-03-30 17:18 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 3]
2007-05-16 01:46 551032 ----a-w- c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Sony\\VAIO Media 4.0\\Vc.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\PULIN\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2004\\ChemDraw\\ChemDraw.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Common Files\\Sony Shared\\VAIO Entertainment Platform\\VCSW\\VCSW.exe"=
"c:\\Program Files\\Sony\\VAIO Media Registration Tool\\VmpClient.exe"=
"c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\SV_Httpd.exe"=
"c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\UPnPFramework.exe"=
"c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\VMConsole.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Documents and Settings\\PULIN\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\PULIN\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\DELL\\Dell Laser MFP 1600n\\NetworkScan\\DNSCST.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/6/2009 1:45 PM 64160]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2/26/2010 10:00 PM 142592]
R2 Impressionist Server;Impressionist Server;c:\program files\Renaissance\Impressionist\ImpServer.exe [2/5/2004 4:34 PM 90112]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/31/2008 7:09 AM 93320]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [9/29/2008 8:07 AM 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/14/2009 10:30 AM 67904]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [12/2/2006 12:47 PM 7424]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [6/17/2009 2:17 PM 434864]
R3 VAIO TV Tuner Library Service;VAIO TV Tuner Library Service;c:\program files\Common Files\Sony Shared\TVTunerLib\TunerLibSvc.exe [2/20/2007 10:27 AM 61440]
S2 OracleServiceMIL3;OracleServiceMIL3;c:\millennium\ora\bin\oracle80.exe MIL3 --> c:\millennium\ora\bin\oracle80.exe MIL3 [?]
S2 OracleStartMIL3;OracleStartMIL3;c:\millennium\Ora\BIN\STRTDB80.EXE [2/17/2010 3:07 PM 5632]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [7/13/2005 12:28 PM 16194]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 3:34 PM 1029456]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/14/2009 10:30 AM 64432]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [5/31/2008 12:31 PM 91830]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
Contents of the 'Scheduled Tasks' folder
2010-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:46]
2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
2010-03-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-20 14:20]
2010-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1447914817-3732023553-1120123104-1006Core.job
- c:\documents and settings\PULIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 19:43]
2010-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1447914817-3732023553-1120123104-1006UA.job
- c:\documents and settings\PULIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 19:43]
2005-12-30 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-07-13 19:59]
2010-03-11 c:\windows\Tasks\User_Feed_Synchronization-{299DFD4A-CC3E-42DD-9257-2F105002A4BE}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
2010-03-11 c:\windows\Tasks\User_Feed_Synchronization-{E5961BAD-FF14-43F3-8343-6B4120A4CF7E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
2010-03-11 c:\windows\Tasks\User_Feed_Synchronization-{F037AA34-1C4F-4D26-BFF4-3CD731AEC1AD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Copy to &Lightning Note - c:\program files\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: Crawler Search - tbr:iemenu
IE: Download all by NetXfer - c:\program files\Xi\NetXfer\NXAddList.html
IE: Download by NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm
Trusted Zone: localhost
Trusted Zone: txstate.edu\*.jupiter
Trusted Zone: txstate.edu\*.sap
Trusted Zone: txstate.edu\bobcatmail
Trusted Zone: txstate.edu\bobcatshare
Trusted Zone: txstate.edu\catsweb
Trusted Zone: txstate.edu\sccmsitesrv.matrix
Trusted Zone: txstate.edu\share.it
Trusted Zone: txstate.edu\synergy
Trusted Zone: txstate.edu\uweb
Trusted Zone: txstate.edu\www
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://amrut1.na.baps.org/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\documents and settings\PULIN\Application Data\Mozilla\Firefox\Profiles\5hqjwzny.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\documents and settings\PULIN\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\PULIN\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npSfAppM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera\program\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Opera\program\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-iKill - c:\program files\ArpanTECH\iKill\iKill.exe
ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file)
MSConfigStartUp-PCTAVApp - c:\program files\PC Tools AntiVirus\PCTAV.exe
AddRemove-PAUninstall - c:\program files\NewSoft\PhotoAlbum\DeIsL1.isu
AddRemove-Uninstall VistaShuttle - c:\program files\Newsoft\VistaShuttle\Uninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-03-11 11:44
Windows 5.1.2600 Service Pack 3, v.5857 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1332)
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2010-03-11 11:48:45
ComboFix-quarantined-files.txt 2010-03-11 17:48
Pre-Run: 8,691,343,360 bytes free
Post-Run: 8,835,817,472 bytes free
- - End Of File - - EB1F7682D33AE2F8EB6C257CB8893A21