Google search getting redirected - log outputs 1 of 2

Resolved
By sarva
Jun 11, 2011
Topic Status:
Not open for further replies.
  1. I am encountering the issue of redirection to other websites when clicking on google search results. I have followed the steps advised in this forum and I am pasting the results below. While Malwarebytes has quarantined some items, I still face the issue of redirection to other websites. PLEASE HELP!

    Quick scan log output from Malwarebytes
    ----------------------------------------------------

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6834

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    6/11/2011 9:10:14 AM
    mbam-log-2011-06-11 (09-10-14).txt

    Scan type: Quick scan
    Objects scanned: 258472
    Time elapsed: 29 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 17
    Registry Values Infected: 1
    Registry Data Items Infected: 2
    Folders Infected: 2
    Files Infected: 13

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{04A38F6B-006F-4247-BA4C-02A139D5531C} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX.1 (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A26F07F-0D60-4835-91CF-1E1766A0EC56} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{037088C5-38A1-456B-B094-DE8A11E79F3d} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037088C5-38A1-456B-B094-DE8A11E79F3D} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037088C5-38A1-456B-B094-DE8A11E79F3D} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Value: UID -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    c:\cleansweep.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\WINDOWS\SYSTEM32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

    Files Infected:
    c:\WINDOWS\SYSTEM32\dmloader32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\localservice\application data\02000000891543c11270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\localservice\application data\02000000891543c11270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\localservice\application data\02000000891543c11270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\localservice\application data\02000000891543c11270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\WINDOWS\SYSTEM32\02000000891543c11270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\WINDOWS\SYSTEM32\02000000891543c11270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\WINDOWS\SYSTEM32\02000000891543c11270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\WINDOWS\SYSTEM32\02000000891543c11270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\WINDOWS\SYSTEM32\atmlib32.dll (Trojan.Agent) -> Delete on reboot.
    c:\cleansweep.exe\config.bin (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\WINDOWS\SYSTEM32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
    c:\WINDOWS\SYSTEM32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.

    -------------------------------------------------------------------------------------------------------
    Full scan output from Malwarebytes did not have any errors. Not pasting it.
    -------------------------------------------------------------------------------------------------------

    ------------------------------------------------------------------------------------------------------
    GMER.log output below
    ------------------------------------------------------------------------------------------------------
    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-11 13:24:33
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1200JB-75CRA0 rev.16.06V16
    Running: m7trbcz0.exe; Driver: C:\DOCUME~1\SARAVA~1\LOCALS~1\Temp\uxtdypob.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7BB52A2]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7BB51FC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7BB51D4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7BB51E8]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF7BB5278]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7BB52B8]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7BB528C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0509.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat SSFS0509.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
    AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \Driver\Tcpip \Device\Ip 8A3829A0
    Device \Driver\Tcpip \Device\Ip 8A222DC0
    Device \Driver\Tcpip \Device\Ip 8A406530
    Device \Driver\Tcpip \Device\Ip 89F9DFA8
    Device \Driver\Tcpip \Device\Ip 8A065020

    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    Device \Driver\Tcpip \Device\Tcp 8A3829A0
    Device \Driver\Tcpip \Device\Tcp 8A222DC0
    Device \Driver\Tcpip \Device\Tcp 8A406530
    Device \Driver\Tcpip \Device\Tcp 89F9DFA8
    Device \Driver\Tcpip \Device\Tcp 8A065020

    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    Device \Driver\Tcpip \Device\Udp 8A3829A0
    Device \Driver\Tcpip \Device\Udp 8A222DC0
    Device \Driver\Tcpip \Device\Udp 8A406530
    Device \Driver\Tcpip \Device\Udp 89F9DFA8
    Device \Driver\Tcpip \Device\Udp 8A065020

    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    Device \Driver\Tcpip \Device\RawIp 8A3829A0
    Device \Driver\Tcpip \Device\RawIp 8A222DC0
    Device \Driver\Tcpip \Device\RawIp 8A406530
    Device \Driver\Tcpip \Device\RawIp 89F9DFA8
    Device \Driver\Tcpip \Device\RawIp 8A065020

    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----

    -------------------------------------------------------------------------------------------------------
    DDS.txt output below
    -------------------------------------------------------------------------------------------------------
    .
    DDS (Ver_2011-06-11.01) - NTFSx86
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
    Run by Saravanan at 13:27:39 on 2011-06-11
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.661 [GMT -4:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://my.screenname.aol.com/_cqr/...aol.com&pv:AOL&lc:en-us&ud:aol.com&checkAIM=1
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://www.dellnet.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    mWinlogon: userinit=userinit.exe,
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: b4b5e918: {0982e0c7-06a0-6a44-c6f8-81b80ec954af} - c:\windows\system32\mdminst32.dll
    BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
    BHO: IeCaptureBho Object: {7c1ce531-09e9-4fc5-9803-1c2956615786} - c:\program files\google\google desktop search\GoogleDesktopIE.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110511114642.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\saravanan\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
    mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\2\printray.exe
    mRun: [nwiz] "nwiz.exe" /install
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe"
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hposol08.exe
    mPolicies-explorer: <NO NAME> =
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycdict.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    Trusted Zone: ameritrade.com
    Trusted Zone: aol.com\free
    Trusted Zone: internet
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: mcafee.com
    Trusted Zone: tdameritrade.com
    Trusted Zone: turbotax.com
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
    DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://sify.com/eot/tdserver.cab
    DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} - hxxp://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
    DPF: {16FD824B-8E7B-11D2-9855-00802962956C} - hxxp://coop.mlxchange.com/Control/Specfile.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - hxxps://mailtr02.gcr.com/iNotes.cab
    DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} - hxxp://www.toolkitcma.com/tkweb/tkweb.cab
    DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} - hxxp://coop.mlxchange.com/Control/SISC.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
    DPF: {42442236-3673-4054-89C0-A7408BC51EFC} - hxxps://methodology.accenture.com/codebase/SDLnSrvr_ChainMaster.cab
    DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} - hxxp://coop.mlxchange.com/Control/MultiSelectComboBox.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/2489e2959ce42579be23/netzip/RdxIE601.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125572562187
    DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://coop.mlxchange.com/Control/MLXClientUtils.cab
    DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} - hxxp://coop.mlxchange.com/Control/LiteGrid.cab
    DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://coop.mlxchange.com/Control/IRCSharc.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - hxxp://www.costcophotocenter.com/CostcoUpload.cab
    DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37743.7155902778
    DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} - hxxp://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://webmail1.gcr.com/dwa7W.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{47D34A9A-2404-4D3E-A73D-D7B3E4AAC768} : NameServer = 208.67.222.222,208.67.220.220
    TCP: Interfaces\{47D34A9A-2404-4D3E-A73D-D7B3E4AAC768} : DhcpNameServer = 192.168.1.1
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp3.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: WRNotifier - WRLogonNTF.dll
    AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll, c:\windows\system32\mdminst32.dll
    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\saravanan\application data\mozilla\firefox\profiles\bezqmprr.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\documents and settings\saravanan\application data\mozilla\firefox\profiles\bezqmprr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\documents and settings\saravanan\application data\mozilla\firefox\profiles\bezqmprr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - plugin: c:\documents and settings\saravanan\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-10 64160]
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-2-18 387480]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-2 84200]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-2-18 88176]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-2 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-2 271480]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-2 271480]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-2 171168]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-2 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-2 141792]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2006-11-26 3297792]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-2 56064]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-2-18 153280]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-2-18 52320]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-2 314088]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-2 88736]
    R3 PD1030VID;Creative WebCam Pro;c:\windows\system32\drivers\p1030vid.sys [2003-5-24 167673]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-2 88736]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-2 84488]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-2-18 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-2-18 40552]
    .
    =============== Created Last 30 ================
    .
    2011-06-11 13:53:14 -------- d-----w- c:\program files\EMCO
    2011-06-11 12:01:34 0 ---ha-w- c:\documents and settings\saravanan\xcqnfduunj.tmp
    2011-06-11 11:49:47 -------- d-----w- c:\documents and settings\saravanan\application data\Malwarebytes
    2011-06-11 11:49:10 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-11 11:49:04 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-06-11 11:48:58 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-11 11:48:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-10 01:05:26 171008 ----a-w- c:\windows\system32\mdminst32.dll
    .
    ==================== Find3M ====================
    .
    2011-04-14 18:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-04-14 18:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-04-14 18:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-04-14 18:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-04-14 18:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-04-14 18:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-04-14 18:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-04-14 18:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-04-14 18:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-04-14 18:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-04-14 18:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
    2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
    .
    ============= FINISH: 13:29:39.37 ===============
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Welcome to Techspot! I'll help you with the malware:

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Reminder to be patient

    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    There is another log from DDS- it is named Attach.txt. Please include it in your next reply. Do not zip it.
    ====================================
    Please remove all of these from your Trusted Zone:
    Nothing needs to be in the Trusted Zone. The security is lower in that zone. You have put the internet in that zone- you need to get it out ASAP:

    Open Internet Options from either the Control Panel or Tools in Internet Explorer> Click on the Security tab> Trusted Sites> Sites> click to highlight each of the entries in the Web Sites box> Click on Remove for each> When through> OK> Apply> OK. Reboot your computer.

    These domains don't need to be in this zone for you to access them. But while they are in there, your system is at risk
    ==================================
    You have a considerable amount of malware- some of it is from Backdoor Bots. We can not always remove all the of this infection:

    What is a Backdoor.bot?
    And yes- it makes Registry changes to the firewall, the Security Center. It can do or cause:
    1. Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-of-service attacks)
    2. Data theft (e.g. retrieving passwords or credit card information)
    3. Installation of software, including third-party malware
    4. Downloading or uploading of files on the user's computer
    5. Modification or deletion of files
    6. Keystroke logging
    7. Watching the user's screen
    8. Wasting the computer's storage space
    9. Crashing the computer

    Being advised of this, would you rather consider a reformat/reinstall instead of an attempt to clean which may not find or remove all if it's code?
    ==========================================
    If you would like to continue, being advised of this risk:
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    ========================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ====================================
    I would advise you to change all of your passwords and monitor any online financial transactions you may have.
  3. sarva

    sarva Newcomer, in training Topic Starter

    Thanks Bobbye for the help! I am pasting the Attach.txt and ComboFix output. Also, pasting the ESET output. Unfortunately, there are still issues.

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-11.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\Harddisk0\DP(2)0x2738a00-0x1bee05f000+2
    Install Date: 4/27/2003 5:35:59 PM
    System Uptime: 6/11/2011 9:12:15 AM (4 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0H0678
    Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2386/533mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 112 GiB total, 38.494 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (FAT) - 0 GiB total, 0.032 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1964: 3/14/2011 3:12:49 AM - System Checkpoint
    RP1965: 3/15/2011 4:12:51 AM - System Checkpoint
    RP1966: 3/16/2011 3:00:23 AM - Software Distribution Service 3.0
    RP1967: 3/17/2011 3:07:49 AM - System Checkpoint
    RP1968: 3/18/2011 4:07:49 AM - System Checkpoint
    RP1969: 3/19/2011 5:07:48 AM - System Checkpoint
    RP1970: 3/20/2011 6:08:04 AM - System Checkpoint
    RP1971: 3/21/2011 7:43:19 AM - System Checkpoint
    RP1972: 3/22/2011 8:07:53 AM - System Checkpoint
    RP1973: 3/23/2011 9:07:40 AM - System Checkpoint
    RP1974: 3/24/2011 10:07:37 AM - System Checkpoint
    RP1975: 3/25/2011 3:00:19 AM - Software Distribution Service 3.0
    RP1976: 3/26/2011 3:07:37 AM - System Checkpoint
    RP1977: 3/27/2011 4:07:53 AM - System Checkpoint
    RP1978: 3/28/2011 5:07:38 AM - System Checkpoint
    RP1979: 3/29/2011 6:07:37 AM - System Checkpoint
    RP1980: 3/30/2011 7:46:29 AM - System Checkpoint
    RP1981: 3/31/2011 7:54:38 AM - System Checkpoint
    RP1982: 4/1/2011 8:54:38 AM - System Checkpoint
    RP1983: 4/2/2011 9:47:40 AM - System Checkpoint
    RP1984: 4/3/2011 9:54:39 AM - System Checkpoint
    RP1985: 4/4/2011 10:54:38 AM - System Checkpoint
    RP1986: 4/5/2011 11:54:38 AM - System Checkpoint
    RP1987: 4/6/2011 11:55:36 AM - System Checkpoint
    RP1988: 4/7/2011 12:54:31 PM - System Checkpoint
    RP1989: 4/8/2011 1:54:31 PM - System Checkpoint
    RP1990: 4/9/2011 2:54:32 PM - System Checkpoint
    RP1991: 4/10/2011 3:54:33 PM - System Checkpoint
    RP1992: 4/11/2011 4:54:30 PM - System Checkpoint
    RP1993: 4/12/2011 5:54:30 PM - System Checkpoint
    RP1994: 4/13/2011 6:54:20 PM - System Checkpoint
    RP1995: 4/14/2011 7:54:21 PM - System Checkpoint
    RP1996: 4/15/2011 3:00:53 AM - Software Distribution Service 3.0
    RP1997: 4/16/2011 3:58:23 AM - System Checkpoint
    RP1998: 4/17/2011 4:02:54 AM - System Checkpoint
    RP1999: 4/18/2011 5:02:54 AM - System Checkpoint
    RP2000: 4/19/2011 6:02:59 AM - System Checkpoint
    RP2001: 4/20/2011 7:14:51 AM - System Checkpoint
    RP2002: 4/21/2011 8:58:58 AM - System Checkpoint
    RP2003: 4/22/2011 9:56:28 AM - System Checkpoint
    RP2004: 4/23/2011 10:54:31 AM - System Checkpoint
    RP2005: 4/24/2011 11:54:32 AM - System Checkpoint
    RP2006: 4/25/2011 12:54:31 PM - System Checkpoint
    RP2007: 4/26/2011 7:07:31 AM - Software Distribution Service 3.0
    RP2008: 4/26/2011 9:56:35 PM - Software Distribution Service 3.0
    RP2009: 4/27/2011 10:21:04 PM - System Checkpoint
    RP2010: 4/28/2011 11:21:08 PM - System Checkpoint
    RP2011: 4/30/2011 9:32:24 AM - System Checkpoint
    RP2012: 5/1/2011 10:08:57 AM - System Checkpoint
    RP2013: 5/2/2011 10:20:49 AM - System Checkpoint
    RP2014: 5/3/2011 3:00:20 AM - Software Distribution Service 3.0
    RP2015: 5/4/2011 3:00:20 AM - Software Distribution Service 3.0
    RP2016: 5/5/2011 7:42:48 PM - System Checkpoint
    RP2017: 5/6/2011 7:43:53 PM - System Checkpoint
    RP2018: 5/7/2011 7:54:13 PM - System Checkpoint
    RP2019: 5/8/2011 8:29:29 PM - System Checkpoint
    RP2020: 5/9/2011 9:28:24 PM - System Checkpoint
    RP2021: 5/10/2011 10:28:24 PM - System Checkpoint
    RP2022: 5/11/2011 11:28:19 PM - System Checkpoint
    RP2023: 5/12/2011 3:00:33 AM - Software Distribution Service 3.0
    RP2024: 5/13/2011 3:33:37 AM - System Checkpoint
    RP2025: 5/14/2011 4:33:35 AM - System Checkpoint
    RP2026: 5/15/2011 8:55:09 AM - System Checkpoint
    RP2027: 5/16/2011 9:33:36 AM - System Checkpoint
    RP2028: 5/17/2011 9:46:22 AM - System Checkpoint
    RP2029: 5/18/2011 10:33:30 AM - System Checkpoint
    RP2030: 5/19/2011 11:33:29 AM - System Checkpoint
    RP2031: 5/20/2011 11:48:00 AM - System Checkpoint
    RP2032: 5/21/2011 12:33:30 PM - System Checkpoint
    RP2033: 5/22/2011 1:33:30 PM - System Checkpoint
    RP2034: 5/23/2011 2:33:30 PM - System Checkpoint
    RP2035: 5/24/2011 3:33:31 PM - System Checkpoint
    RP2036: 5/25/2011 3:34:26 PM - System Checkpoint
    RP2037: 5/26/2011 3:59:01 PM - System Checkpoint
    RP2038: 5/27/2011 4:58:57 PM - System Checkpoint
    RP2039: 5/29/2011 9:39:25 AM - System Checkpoint
    RP2040: 5/30/2011 10:03:33 AM - System Checkpoint
    RP2041: 5/31/2011 10:11:54 AM - System Checkpoint
    RP2042: 6/1/2011 10:31:18 AM - System Checkpoint
    RP2043: 6/2/2011 6:08:13 PM - System Checkpoint
    RP2044: 6/3/2011 6:34:34 PM - System Checkpoint
    RP2045: 6/4/2011 9:07:36 PM - System Checkpoint
    RP2046: 6/5/2011 9:22:25 PM - System Checkpoint
    RP2047: 6/6/2011 10:34:22 PM - System Checkpoint
    RP2048: 6/7/2011 11:22:24 PM - System Checkpoint
    RP2049: 5/31/2011 7:08:51 AM - System Checkpoint
    RP2050: 6/9/2011 9:57:30 PM - System Checkpoint
    RP2051: 6/10/2011 10:24:33 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    Ad-Aware
    Ad-Aware SE Personal
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.3
    AnswerWorks 5.0 English Runtime
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft TotalMedia Backup & Record
    AT&T Yahoo! Applications
    Audit Support Center 1.0
    Banctec Service Agreement
    BCM V.92 56K Modem
    Bonjour
    Button Manager v1.874
    CardRd81
    CCHelp
    CCScore
    Compatibility Pack for the 2007 Office system
    CR2
    Creative PC-CAM Center
    Creative WebCam Monitor
    Creative WebCam Pro Manual (English)
    Cucusoft YouTube Mate 8.03
    Dell Solution Center
    Dell Support Center (Support Software)
    DellSupport
    DVD Shrink 3.2
    EMCO Malware Destroyer 6
    ESSAdpt
    ESSANUP
    ESSBrwr
    ESSCAM
    ESSCDBK
    ESScore
    ESSCT
    ESSgui
    ESShelp
    ESSini
    ESSPCD
    ESSPDock
    ESSSONIC
    ESSTUTOR
    ESSvpaht
    ESSvpot
    FileOpen Plug-in for Adobe Acrobat® and Acrobat Reader®
    Google Chrome
    Google Desktop
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Updater
    Help and Support Customization
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    HLPCCTR
    HLPIndex
    HLPPDOCK
    HLPRFO
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Driver Diagnostics
    hp instant support
    HP Memories Disc
    hp officejet 6100 series
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    HP Photo and Imaging 2.0 - hp officejet 6100 series
    Imprint
    Intel(R) PRO Ethernet Adapter and Software
    Intel(R) PROSet II
    iTunes
    Java(TM) 6 Update 17
    Java(TM) 6 Update 6
    Karaoke CD+G Creator
    Kodak EasyShare software
    KODAK Picture CD
    KSU
    Macromedia Shockwave Player
    Malwarebytes' Anti-Malware version 1.51.0.1200
    McAfee SecurityCenter
    Microsoft .NET Framework (English)
    Microsoft .NET Framework (English) v1.0.3705
    Microsoft .NET Framework 1.0 Hotfix (KB928367)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Data Access Components KB870669
    Microsoft FrontPage 98
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office XP Professional with FrontPage
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    MobileMe Control Panel
    Modem Helper
    MOV Download Tool 1.1.0
    Mozilla Firefox 4.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Murasu Anjal2000
    Nero Suite
    Network Magic
    Notifier
    NVIDIA Display Driver
    NVIDIA Windows 2000/XP Display Drivers
    Options Investigator 1.0
    OTtBP
    OTtBPSDK
    Paint Shop Pro 7
    Palm Desktop
    PCDLNCH
    PDFCreator
    Perfect Uninstaller v6.3.1
    Picasa 3
    PocketMirror 2.0 for Outlook
    Position Simulator
    PowerDVD
    Quicken 2005
    QuickTime
    RealPlayer
    Revo Uninstaller 1.75
    SBC Self Support Tool
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SFR
    SFR2
    Sound Blaster Live!
    Spy Sweeper
    StorageSync Backup Software
    Tamil Kuyil Book 1
    ToolkitCMA
    Turbo Tax Audit Support Center 3.0
    TurboTax 2005
    TurboTax 2008
    TurboTax 2008 wctiper
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wrapper
    TurboTax 2009
    TurboTax 2009 wctiper
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wrapper
    TurboTax 2010
    TurboTax 2010 wctiper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    TurboTax Deluxe Deduction Maximizer 2006
    TurboTax ItsDeductible 2005
    TurboTax ItsDeductible 2006
    Uninstall AOL Emergency Connect Utility 1.0
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Outlook 2007 Junk Email Filter (KB2536413)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VCAMCEN
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VPRINTOL
    WebFldrs XP
    WildTangent Web Driver
    Windows Driver Package - Pure Networks, Inc. Network Magic Device Discovery Driver (03/23/2007 4.1.7082.0)
    Windows Driver Package - Pure Networks, Inc. Network Magic Wireless Driver (03/23/2007 4.1.7082.0)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Live OneCare safety scanner
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    WinZip
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/9/2011 5:56:28 AM, error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the file specified.
    .
    ==== End Of File ===========================

    ComboFix 11-06-11.01 - Saravanan 06/11/2011 18:34:03.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.375 [GMT -4:00]
    Running from: c:\documents and settings\Saravanan\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\Alli\WINDOWS
    c:\documents and settings\cscontrol\WINDOWS
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\Guest1\Application Data\Mozilla\Firefox\Profiles\42n5h0aa.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}
    c:\documents and settings\Guest1\Application Data\Mozilla\Firefox\Profiles\42n5h0aa.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome.manifest
    c:\documents and settings\Guest1\Application Data\Mozilla\Firefox\Profiles\42n5h0aa.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome\xulcache.jar
    c:\documents and settings\Guest1\Application Data\Mozilla\Firefox\Profiles\42n5h0aa.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\defaults\preferences\xulcache.js
    c:\documents and settings\Guest1\Application Data\Mozilla\Firefox\Profiles\42n5h0aa.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\install.rdf
    c:\documents and settings\Guest1\WINDOWS
    c:\documents and settings\Kadir\Application Data\Mozilla\Firefox\Profiles\z38wa232.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}
    c:\documents and settings\Kadir\Application Data\Mozilla\Firefox\Profiles\z38wa232.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome.manifest
    c:\documents and settings\Kadir\Application Data\Mozilla\Firefox\Profiles\z38wa232.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome\xulcache.jar
    c:\documents and settings\Kadir\Application Data\Mozilla\Firefox\Profiles\z38wa232.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\defaults\preferences\xulcache.js
    c:\documents and settings\Kadir\Application Data\Mozilla\Firefox\Profiles\z38wa232.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\install.rdf
    c:\documents and settings\Kadir\WINDOWS
    c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\bezqmprr.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}
    c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\bezqmprr.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome.manifest
    c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\bezqmprr.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome\xulcache.jar
    c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\bezqmprr.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\defaults\preferences\xulcache.js
    c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\bezqmprr.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\install.rdf
    c:\documents and settings\Saravanan\My Documents\DPE.DUS
    c:\documents and settings\Saravanan\WINDOWS
    c:\windows\Downloaded Program Files\RdXIe.dll
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\Data
    c:\windows\system32\spool\prtprocs\w32x86\LXAIPP5C.DLL
    .
    .
    \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_RKHIT
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-11 13:53 . 2011-06-11 13:53 -------- d-----w- c:\program files\EMCO
    2011-06-11 12:01 . 2011-06-11 12:01 0 ---ha-w- c:\documents and settings\Saravanan\xcqnfduunj.tmp
    2011-06-11 11:49 . 2011-06-11 11:49 -------- d-----w- c:\documents and settings\Saravanan\Application Data\Malwarebytes
    2011-06-11 11:49 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-11 11:49 . 2011-06-11 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-06-11 11:48 . 2011-06-11 11:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-11 11:48 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-10 01:05 . 2011-06-10 01:05 171008 ----a-w- c:\windows\system32\mdminst32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-14 18:01 . 2011-03-02 16:13 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-04-14 18:01 . 2011-03-02 16:13 141792 ----a-w- c:\windows\system32\mfevtps.exe
    2011-04-14 18:01 . 2011-03-02 16:13 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-04-14 18:01 . 2011-03-02 16:13 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-04-14 18:01 . 2011-03-02 16:13 84200 ------w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-04-14 18:01 . 2011-03-02 16:13 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-04-14 18:01 . 2011-03-02 16:13 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-04-14 18:01 . 2011-03-02 16:13 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-04-14 18:01 . 2010-02-18 13:54 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-04-14 18:01 . 2010-02-18 13:54 387480 ------w- c:\windows\system32\drivers\mfehidk.sys
    2011-04-14 18:01 . 2010-02-18 13:54 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
    2011-05-01 13:15 . 2011-03-26 21:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2007-07-14 22:15 . 2006-01-11 12:29 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2011-04-14 18:01 . 2011-03-02 16:13 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0982E0C7-06A0-6A44-C6F8-81B80EC954AF}]
    2011-06-10 01:05 171008 ----a-w- c:\windows\SYSTEM32\mdminst32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
    "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
    "diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-12-01 36864]
    "nwiz"="nwiz.exe" [2003-10-06 741376]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
    officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-9 147456]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
    backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2007-07-16 01:10 1836544 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
    2003-12-10 08:52 380928 ----a-w- c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrgSync.exe]
    2005-10-08 03:01 3032576 ----a-w- c:\program files\StorageSync\StrgSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WebrootSpySweeperService"=2 (0x2)
    "GoogleDesktopManager"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\aol\\1228655110\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\AOL 9.1\\waol.exe"=
    "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1368:UDP"= 1368:UDP:Windows Media Format SDK (iexplore.exe)
    "1369:UDP"= 1369:UDP:Windows Media Format SDK (iexplore.exe)
    "1395:UDP"= 1395:UDP:Windows Media Format SDK (iexplore.exe)
    "1394:UDP"= 1394:UDP:Windows Media Format SDK (iexplore.exe)
    .
    R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [2/10/2009 9:50 PM 64160]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [3/2/2011 12:13 PM 84200]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2/18/2010 9:57 AM 88176]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/2/2011 12:12 PM 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [3/2/2011 12:12 PM 271480]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [3/2/2011 12:13 PM 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\SYSTEM32\mfevtps.exe [3/2/2011 12:13 PM 141792]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 9:27 AM 24652]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [3/2/2011 12:13 PM 56064]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [3/2/2011 12:13 PM 314088]
    R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [3/2/2011 12:13 PM 88736]
    R3 PD1030VID;Creative WebCam Pro;c:\windows\SYSTEM32\DRIVERS\p1030vid.sys [5/24/2003 3:30 PM 167673]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [3/2/2011 12:13 PM 88736]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [3/2/2011 12:13 PM 84488]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 01:49]
    .
    2011-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
    .
    2009-02-05 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p officejet 6100 series272A572217594EBCF1CEE215E352B92AD073FDE4225836199.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]
    .
    2011-06-11 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-23 05:19]
    .
    2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2088599135-342736887-113321996-1006Core.job
    - c:\documents and settings\Saravanan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-18 21:18]
    .
    2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2088599135-342736887-113321996-1006UA.job
    - c:\documents and settings\Saravanan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-18 21:18]
    .
    2003-04-27 c:\windows\Tasks\ISP signup reminder 1.job
    - c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://my.screenname.aol.com/_cqr/...aol.com&pv:AOL&lc:en-us&ud:aol.com&checkAIM=1
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycdict.htm
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{47D34A9A-2404-4D3E-A73D-D7B3E4AAC768}: NameServer = 208.67.222.222,208.67.220.220
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {42442236-3673-4054-89C0-A7408BC51EFC} - hxxps://methodology.accenture.com/codebase/SDLnSrvr_ChainMaster.cab
    DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} - hxxp://coop.mlxchange.com/Control/MultiSelectComboBox.cab
    DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://coop.mlxchange.com/Control/MLXClientUtils.cab
    DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://coop.mlxchange.com/Control/IRCSharc.cab
    FF - ProfilePath - c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\bezqmprr.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
    MSConfigStartUp-YOP - c:\progra~1\Yahoo!\YOP\yop.exe
    .
    .
    .
    **************************************************************************
    .
    disk not found C:\
    .
    please note that you need administrator rights to perform deep scan
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1080)
    c:\windows\system32\WRLogonNTF.dll
    .
    - - - - - - - > 'explorer.exe'(1772)
    c:\windows\system32\WININET.dll
    c:\progra~1\mcafee\SITEAD~1\saHook.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\ieframe.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\System32\CTsvcCDA.exe
    c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\drivers\KodakCCS.exe
    c:\windows\System32\nvsvc32.exe
    c:\windows\System32\HPZipm12.exe
    c:\windows\System32\snmp.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
    c:\windows\System32\MsPMSPSv.exe
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\program files\Pure Networks\Network Magic\nmsrvc.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    .
    **************************************************************************
    .
    Completion time: 2011-06-11 19:17:23 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-11 23:17
    .
    Pre-Run: 41,185,366,016 bytes free
    Post-Run: 41,806,143,488 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - 9FE1D41AC02233111A42700EE2EE20A4

    ESET threat list
    --------------------

    C:\Documents and Settings\Saravanan\Application Data\Sun\Java\Deployment\cache\6.0\31\781da39f-4289d320 Java/TrojanDownloader.Agent.NBU trojan
    C:\Documents and Settings\Saravanan\Application Data\Sun\Java\Deployment\cache\6.0\42\58c5086a-35c21101 a variant of Java/Exploit.Agent.NAC trojan
    C:\Documents and Settings\Saravanan\Application Data\Sun\Java\Deployment\cache\6.0\46\4a35472e-2f398fbb a variant of Java/Exploit.Agent.NAC trojan
    C:\Documents and Settings\Saravanan\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\pjeldcbplgcjlafmicpfcopknffjfbce\contentscript.js Win32/TrojanDownloader.Tracur.F trojan
    C:\Documents and Settings\Saravanan\My Documents\BearingPoint\ftp\Install_AIM.exe Win32/Adware.WBug.A application
    C:\Documents and Settings\Saravanan\My Documents\inetdocs-ct\ftp\Nero\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar application
    C:\Documents and Settings\Saravanan\My Documents\inetdocs-ct\ftp\PerfectUninstaller\PerfectUninstaller_Setup.exe a variant of Win32/Adware.SpywareCease.AA application
    C:\Program Files\Perfect Uninstaller\RkHitApi.dll a variant of Win32/Adware.SpywareCease.AA application
    C:\Qoobox\Quarantine\C\Documents and Settings\Guest1\Application Data\Mozilla\Firefox\Profiles\42n5h0aa.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Documents and Settings\Guest1\Application Data\Mozilla\Firefox\Profiles\42n5h0aa.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Documents and Settings\Kadir\Application Data\Mozilla\Firefox\Profiles\z38wa232.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Documents and Settings\Kadir\Application Data\Mozilla\Firefox\Profiles\z38wa232.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Documents and Settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\bezqmprr.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Documents and Settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\bezqmprr.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2050\A0133170.manifest Win32/TrojanDownloader.Tracur.F trojan
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2050\A0133171.manifest Win32/TrojanDownloader.Tracur.F trojan
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2051\A0133198.manifest Win32/TrojanDownloader.Tracur.F trojan
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2051\A0133199.manifest Win32/TrojanDownloader.Tracur.F trojan
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2051\A0133200.manifest Win32/TrojanDownloader.Tracur.F trojan
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2051\A0133213.dll a variant of Win32/Kryptik.NHY trojan
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2051\A0133369.manifest Win32/TrojanDownloader.Tracur.F trojan
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2051\A0133370.manifest Win32/TrojanDownloader.Tracur.F trojan
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2051\A0133371.manifest Win32/TrojanDownloader.Tracur.F trojan

    Please advise next steps. Should I keep my PC physically disconnected from the internet and connect only when required until this is resolved?
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Allow me to make some comments based on observations:

    1. The system was/is infected by a large amount of malware.
    2. The system has been around for a while- hard drive 'space' is low.
    3. Too many processes are loading on boot, then running in the background. Depending on how much RAM you have-or don't have- the system has got to be slowing down after you surf a while.
    4. It does not appear that you are doing any regular maintenance on the system. That would include:
    Disc cleanup to include deleting temporary internet files and Cookies
    Error Check
    Defrag
    5. There are 2 printers loading> Lexmark and HP. Neither needs to start on boot, but I question whether you are actually using 2 printers.
    6. I'm thinking you have not reviewed All Programs in a while and uninstalled whatever you no longer have or use.
    7. There are multiple versions of Java and none is the current version.
    8. You recently added EMCO Malware Destroyer You may not realize it but this is an antivirus program. You have a McAfee Suite and should not run 2 AV programs.
    9. There are 7 domains in the Trusted zone, including the internet. All of these, for the entire time they have been in the trusted zone have put the system at risk.
    10.You are still actively getting Java exploits, Trojans, Adware, Spyware,
    11.There are 36 Active X Objects on the system. Active X isn't all bad or good, but hackers and crackers use flaws in ActiveX to install malicious code on victim's browsers.
    ==================================================
    Please get you tax information off of the system> burn it to a CD and keep it there
    ========================================================
    In view of the extent of the malware infection, including Backdoor.bots as previously mentioned, I am going to recommend that you do a reformat/reinstall of the system. Do not put everything back on it. The only processes you need on the Startup menu are the AV, Firewall if you have a 3rd party firewall, touchpad for laptop and Pure Magic processes>> nothing else!

    You will find excellent reformat/reinstall instructions here:
    http://www.tech-101.com/tutorials/356-tutorial-windows-install-repair-xp-vista.html
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.