Resolved Google search getting redirected - log outputs 1 of 2

Status
Not open for further replies.
S

sarva

I am encountering the issue of redirection to other websites when clicking on google search results. I have followed the steps advised in this forum and I am pasting the results below. While Malwarebytes has quarantined some items, I still face the issue of redirection to other websites. PLEASE HELP!

Quick scan log output from Malwarebytes
----------------------------------------------------

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6834

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

6/11/2011 9:10:14 AM
mbam-log-2011-06-11 (09-10-14).txt

Scan type: Quick scan
Objects scanned: 258472
Time elapsed: 29 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04A38F6B-006F-4247-BA4C-02A139D5531C} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A26F07F-0D60-4835-91CF-1E1766A0EC56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{037088C5-38A1-456B-B094-DE8A11E79F3d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037088C5-38A1-456B-B094-DE8A11E79F3D} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037088C5-38A1-456B-B094-DE8A11E79F3D} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Value: UID -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\cleansweep.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\SYSTEM32\dmloader32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000891543c11270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000891543c11270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000891543c11270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000891543c11270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\02000000891543c11270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\02000000891543c11270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\02000000891543c11270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\02000000891543c11270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\atmlib32.dll (Trojan.Agent) -> Delete on reboot.
c:\cleansweep.exe\config.bin (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.

-------------------------------------------------------------------------------------------------------
Full scan output from Malwarebytes did not have any errors. Not pasting it.
-------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------
GMER.log output below
------------------------------------------------------------------------------------------------------
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-11 13:24:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1200JB-75CRA0 rev.16.06V16
Running: m7trbcz0.exe; Driver: C:\DOCUME~1\SARAVA~1\LOCALS~1\Temp\uxtdypob.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7BB52A2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7BB51FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7BB51D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7BB51E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF7BB5278]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7BB52B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7BB528C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0509.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat SSFS0509.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Tcpip \Device\Ip 8A3829A0
Device \Driver\Tcpip \Device\Ip 8A222DC0
Device \Driver\Tcpip \Device\Ip 8A406530
Device \Driver\Tcpip \Device\Ip 89F9DFA8
Device \Driver\Tcpip \Device\Ip 8A065020

AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\Tcp 8A3829A0
Device \Driver\Tcpip \Device\Tcp 8A222DC0
Device \Driver\Tcpip \Device\Tcp 8A406530
Device \Driver\Tcpip \Device\Tcp 89F9DFA8
Device \Driver\Tcpip \Device\Tcp 8A065020

AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\Udp 8A3829A0
Device \Driver\Tcpip \Device\Udp 8A222DC0
Device \Driver\Tcpip \Device\Udp 8A406530
Device \Driver\Tcpip \Device\Udp 89F9DFA8
Device \Driver\Tcpip \Device\Udp 8A065020

AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\RawIp 8A3829A0
Device \Driver\Tcpip \Device\RawIp 8A222DC0
Device \Driver\Tcpip \Device\RawIp 8A406530
Device \Driver\Tcpip \Device\RawIp 89F9DFA8
Device \Driver\Tcpip \Device\RawIp 8A065020

AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

-------------------------------------------------------------------------------------------------------
DDS.txt output below
-------------------------------------------------------------------------------------------------------
.
DDS (Ver_2011-06-11.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Run by Saravanan at 13:27:39 on 2011-06-11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.661 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://my.screenname.aol.com/_cqr/...aol.com&pv:AOL&lc:en-us&ud:aol.com&checkAIM=1
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dellnet.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: userinit=userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: b4b5e918: {0982e0c7-06a0-6a44-c6f8-81b80ec954af} - c:\windows\system32\mdminst32.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: IeCaptureBho Object: {7c1ce531-09e9-4fc5-9803-1c2956615786} - c:\program files\google\google desktop search\GoogleDesktopIE.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110511114642.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\saravanan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\2\printray.exe
mRun: [nwiz] "nwiz.exe" /install
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hposol08.exe
mPolicies-explorer: <NO NAME> =
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: ameritrade.com
Trusted Zone: aol.com\free
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: tdameritrade.com
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://sify.com/eot/tdserver.cab
DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} - hxxp://download.mcafee.com/molbin/Shared/MGBrwFld.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {16FD824B-8E7B-11D2-9855-00802962956C} - hxxp://coop.mlxchange.com/Control/Specfile.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - hxxps://mailtr02.gcr.com/iNotes.cab
DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} - hxxp://www.toolkitcma.com/tkweb/tkweb.cab
DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} - hxxp://coop.mlxchange.com/Control/SISC.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {42442236-3673-4054-89C0-A7408BC51EFC} - hxxps://methodology.accenture.com/codebase/SDLnSrvr_ChainMaster.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} - hxxp://coop.mlxchange.com/Control/MultiSelectComboBox.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/2489e2959ce42579be23/netzip/RdxIE601.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125572562187
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://coop.mlxchange.com/Control/MLXClientUtils.cab
DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} - hxxp://coop.mlxchange.com/Control/LiteGrid.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://coop.mlxchange.com/Control/IRCSharc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - hxxp://www.costcophotocenter.com/CostcoUpload.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37743.7155902778
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} - hxxp://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://webmail1.gcr.com/dwa7W.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{47D34A9A-2404-4D3E-A73D-D7B3E4AAC768} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{47D34A9A-2404-4D3E-A73D-D7B3E4AAC768} : DhcpNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp3.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll, c:\windows\system32\mdminst32.dll
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\saravanan\application data\mozilla\firefox\profiles\bezqmprr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\saravanan\application data\mozilla\firefox\profiles\bezqmprr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\saravanan\application data\mozilla\firefox\profiles\bezqmprr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\saravanan\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-10 64160]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-2-18 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-2 84200]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-2-18 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-2 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-2 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-2 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-2 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-2 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-2 141792]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2006-11-26 3297792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-2 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-2-18 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-2-18 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-2 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-2 88736]
R3 PD1030VID;Creative WebCam Pro;c:\windows\system32\drivers\p1030vid.sys [2003-5-24 167673]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-2 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-2 84488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-2-18 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-2-18 40552]
.
=============== Created Last 30 ================
.
2011-06-11 13:53:14 -------- d-----w- c:\program files\EMCO
2011-06-11 12:01:34 0 ---ha-w- c:\documents and settings\saravanan\xcqnfduunj.tmp
2011-06-11 11:49:47 -------- d-----w- c:\documents and settings\saravanan\application data\Malwarebytes
2011-06-11 11:49:10 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-11 11:49:04 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-11 11:48:58 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-11 11:48:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-10 01:05:26 171008 ----a-w- c:\windows\system32\mdminst32.dll
.
==================== Find3M ====================
.
2011-04-14 18:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 18:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 18:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 18:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 18:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 18:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 18:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 18:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 18:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 18:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 18:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
.
============= FINISH: 13:29:39.37 ===============
 
Welcome to Techspot! I'll help you with the malware:

My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Reminder to be patient

If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
There is another log from DDS- it is named Attach.txt. Please include it in your next reply. Do not zip it.
====================================
Please remove all of these from your Trusted Zone:
Trusted Zone: ameritrade.com
Trusted Zone: aol.com\free
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: tdameritrade.com
Trusted Zone: turbotax.com
Click to expand...
Nothing needs to be in the Trusted Zone. The security is lower in that zone. You have put the internet in that zone- you need to get it out ASAP:

Open Internet Options from either the Control Panel or Tools in Internet Explorer> Click on the Security tab> Trusted Sites> Sites> click to highlight each of the entries in the Web Sites box> Click on Remove for each> When through> OK> Apply> OK. Reboot your computer.

These domains don't need to be in this zone for you to access them. But while they are in there, your system is at risk
==================================
You have a considerable amount of malware- some of it is from Backdoor Bots. We can not always remove all the of this infection:

What is a Backdoor.bot?
This is a piece of malware that has worm, downloader, backdoor, keylogger and spy ability. It may arrive on a system after being exploited by a copy of the worm, residing on an infected machine in the network. After execution, the malware will inject a piece of code in kernel mode (by gaining access to \Device\PhysicalMemory). It will make a copy of itself inside c:\windows\fonts\unwise_.exe (hidden), execute it and continue execution there. The original file it will then be deleted. The worm will register itself as a service under the name: Windows Hosts Controller, and setting the information to "Enables Windows Host Controller Service. This service cannot be stopped." discouraging users from deleting it.
- The worm has the ability to spread via:
o USB drives; when it detects a new drive, it will make a fresh copy of itself, on the USB drive in the following directory:
Recycler\S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx-xxxx\file-name.exe. It will also create an autorun.inf file that will point to the new copy.
Click to expand...
And yes- it makes Registry changes to the firewall, the Security Center. It can do or cause:
  1. Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-of-service attacks)
  2. Data theft (e.g. retrieving passwords or credit card information)
  3. Installation of software, including third-party malware
  4. Downloading or uploading of files on the user's computer
  5. Modification or deletion of files
  6. Keystroke logging
  7. Watching the user's screen
  8. Wasting the computer's storage space
  9. Crashing the computer

Being advised of this, would you rather consider a reformat/reinstall instead of an attempt to clean which may not find or remove all if it's code?
==========================================
If you would like to continue, being advised of this risk:
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
========================================
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
====================================
I would advise you to change all of your passwords and monitor any online financial transactions you may have.
 
Thanks Bobbye for the help! I am pasting the Attach.txt and ComboFix output. Also, pasting the ESET output. Unfortunately, there are still issues.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-11.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\Harddisk0\DP(2)0x2738a00-0x1bee05f000+2
Install Date: 4/27/2003 5:35:59 PM
System Uptime: 6/11/2011 9:12:15 AM (4 hours ago)
.
Motherboard: Dell Computer Corp. | | 0H0678
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2386/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 38.494 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (FAT) - 0 GiB total, 0.032 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1964: 3/14/2011 3:12:49 AM - System Checkpoint
RP1965: 3/15/2011 4:12:51 AM - System Checkpoint
RP1966: 3/16/2011 3:00:23 AM - Software Distribution Service 3.0
RP1967: 3/17/2011 3:07:49 AM - System Checkpoint
RP1968: 3/18/2011 4:07:49 AM - System Checkpoint
RP1969: 3/19/2011 5:07:48 AM - System Checkpoint
RP1970: 3/20/2011 6:08:04 AM - System Checkpoint
RP1971: 3/21/2011 7:43:19 AM - System Checkpoint
RP1972: 3/22/2011 8:07:53 AM - System Checkpoint
RP1973: 3/23/2011 9:07:40 AM - System Checkpoint
RP1974: 3/24/2011 10:07:37 AM - System Checkpoint
RP1975: 3/25/2011 3:00:19 AM - Software Distribution Service 3.0
RP1976: 3/26/2011 3:07:37 AM - System Checkpoint
RP1977: 3/27/2011 4:07:53 AM - System Checkpoint
RP1978: 3/28/2011 5:07:38 AM - System Checkpoint
RP1979: 3/29/2011 6:07:37 AM - System Checkpoint
RP1980: 3/30/2011 7:46:29 AM - System Checkpoint
RP1981: 3/31/2011 7:54:38 AM - System Checkpoint
RP1982: 4/1/2011 8:54:38 AM - System Checkpoint
RP1983: 4/2/2011 9:47:40 AM - System Checkpoint
RP1984: 4/3/2011 9:54:39 AM - System Checkpoint
RP1985: 4/4/2011 10:54:38 AM - System Checkpoint
RP1986: 4/5/2011 11:54:38 AM - System Checkpoint
RP1987: 4/6/2011 11:55:36 AM - System Checkpoint
RP1988: 4/7/2011 12:54:31 PM - System Checkpoint
RP1989: 4/8/2011 1:54:31 PM - System Checkpoint
RP1990: 4/9/2011 2:54:32 PM - System Checkpoint
RP1991: 4/10/2011 3:54:33 PM - System Checkpoint
RP1992: 4/11/2011 4:54:30 PM - System Checkpoint
RP1993: 4/12/2011 5:54:30 PM - System Checkpoint
RP1994: 4/13/2011 6:54:20 PM - System Checkpoint
RP1995: 4/14/2011 7:54:21 PM - System Checkpoint
RP1996: 4/15/2011 3:00:53 AM - Software Distribution Service 3.0
RP1997: 4/16/2011 3:58:23 AM - System Checkpoint
RP1998: 4/17/2011 4:02:54 AM - System Checkpoint
RP1999: 4/18/2011 5:02:54 AM - System Checkpoint
RP2000: 4/19/2011 6:02:59 AM - System Checkpoint
RP2001: 4/20/2011 7:14:51 AM - System Checkpoint
RP2002: 4/21/2011 8:58:58 AM - System Checkpoint
RP2003: 4/22/2011 9:56:28 AM - System Checkpoint
RP2004: 4/23/2011 10:54:31 AM - System Checkpoint
RP2005: 4/24/2011 11:54:32 AM - System Checkpoint
RP2006: 4/25/2011 12:54:31 PM - System Checkpoint
RP2007: 4/26/2011 7:07:31 AM - Software Distribution Service 3.0
RP2008: 4/26/2011 9:56:35 PM - Software Distribution Service 3.0
RP2009: 4/27/2011 10:21:04 PM - System Checkpoint
RP2010: 4/28/2011 11:21:08 PM - System Checkpoint
RP2011: 4/30/2011 9:32:24 AM - System Checkpoint
RP2012: 5/1/2011 10:08:57 AM - System Checkpoint
RP2013: 5/2/2011 10:20:49 AM - System Checkpoint
RP2014: 5/3/2011 3:00:20 AM - Software Distribution Service 3.0
RP2015: 5/4/2011 3:00:20 AM - Software Distribution Service 3.0
RP2016: 5/5/2011 7:42:48 PM - System Checkpoint
RP2017: 5/6/2011 7:43:53 PM - System Checkpoint
RP2018: 5/7/2011 7:54:13 PM - System Checkpoint
RP2019: 5/8/2011 8:29:29 PM - System Checkpoint
RP2020: 5/9/2011 9:28:24 PM - System Checkpoint
RP2021: 5/10/2011 10:28:24 PM - System Checkpoint
RP2022: 5/11/2011 11:28:19 PM - System Checkpoint
RP2023: 5/12/2011 3:00:33 AM - Software Distribution Service 3.0
RP2024: 5/13/2011 3:33:37 AM - System Checkpoint
RP2025: 5/14/2011 4:33:35 AM - System Checkpoint
RP2026: 5/15/2011 8:55:09 AM - System Checkpoint
RP2027: 5/16/2011 9:33:36 AM - System Checkpoint
RP2028: 5/17/2011 9:46:22 AM - System Checkpoint
RP2029: 5/18/2011 10:33:30 AM - System Checkpoint
RP2030: 5/19/2011 11:33:29 AM - System Checkpoint
RP2031: 5/20/2011 11:48:00 AM - System Checkpoint
RP2032: 5/21/2011 12:33:30 PM - System Checkpoint
RP2033: 5/22/2011 1:33:30 PM - System Checkpoint
RP2034: 5/23/2011 2:33:30 PM - System Checkpoint
RP2035: 5/24/2011 3:33:31 PM - System Checkpoint
RP2036: 5/25/2011 3:34:26 PM - System Checkpoint
RP2037: 5/26/2011 3:59:01 PM - System Checkpoint
RP2038: 5/27/2011 4:58:57 PM - System Checkpoint
RP2039: 5/29/2011 9:39:25 AM - System Checkpoint
RP2040: 5/30/2011 10:03:33 AM - System Checkpoint
RP2041: 5/31/2011 10:11:54 AM - System Checkpoint
RP2042: 6/1/2011 10:31:18 AM - System Checkpoint
RP2043: 6/2/2011 6:08:13 PM - System Checkpoint
RP2044: 6/3/2011 6:34:34 PM - System Checkpoint
RP2045: 6/4/2011 9:07:36 PM - System Checkpoint
RP2046: 6/5/2011 9:22:25 PM - System Checkpoint
RP2047: 6/6/2011 10:34:22 PM - System Checkpoint
RP2048: 6/7/2011 11:22:24 PM - System Checkpoint
RP2049: 5/31/2011 7:08:51 AM - System Checkpoint
RP2050: 6/9/2011 9:57:30 PM - System Checkpoint
RP2051: 6/10/2011 10:24:33 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
Ad-Aware
Ad-Aware SE Personal
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
AnswerWorks 5.0 English Runtime
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft TotalMedia Backup & Record
AT&T Yahoo! Applications
Audit Support Center 1.0
Banctec Service Agreement
BCM V.92 56K Modem
Bonjour
Button Manager v1.874
CardRd81
CCHelp
CCScore
Compatibility Pack for the 2007 Office system
CR2
Creative PC-CAM Center
Creative WebCam Monitor
Creative WebCam Pro Manual (English)
Cucusoft YouTube Mate 8.03
Dell Solution Center
Dell Support Center (Support Software)
DellSupport
DVD Shrink 3.2
EMCO Malware Destroyer 6
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTUTOR
ESSvpaht
ESSvpot
FileOpen Plug-in for Adobe Acrobat® and Acrobat Reader®
Google Chrome
Google Desktop
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Updater
Help and Support Customization
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HLPCCTR
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Driver Diagnostics
hp instant support
HP Memories Disc
hp officejet 6100 series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp officejet 6100 series
Imprint
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
iTunes
Java(TM) 6 Update 17
Java(TM) 6 Update 6
Karaoke CD+G Creator
Kodak EasyShare software
KODAK Picture CD
KSU
Macromedia Shockwave Player
Malwarebytes' Anti-Malware version 1.51.0.1200
McAfee SecurityCenter
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft FrontPage 98
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
MobileMe Control Panel
Modem Helper
MOV Download Tool 1.1.0
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Murasu Anjal2000
Nero Suite
Network Magic
Notifier
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
Options Investigator 1.0
OTtBP
OTtBPSDK
Paint Shop Pro 7
Palm Desktop
PCDLNCH
PDFCreator
Perfect Uninstaller v6.3.1
Picasa 3
PocketMirror 2.0 for Outlook
Position Simulator
PowerDVD
Quicken 2005
QuickTime
RealPlayer
Revo Uninstaller 1.75
SBC Self Support Tool
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SFR2
Sound Blaster Live!
Spy Sweeper
StorageSync Backup Software
Tamil Kuyil Book 1
ToolkitCMA
Turbo Tax Audit Support Center 3.0
TurboTax 2005
TurboTax 2008
TurboTax 2008 wctiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wctiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wctiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
Uninstall AOL Emergency Connect Utility 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCAMCEN
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
WebFldrs XP
WildTangent Web Driver
Windows Driver Package - Pure Networks, Inc. Network Magic Device Discovery Driver (03/23/2007 4.1.7082.0)
Windows Driver Package - Pure Networks, Inc. Network Magic Wireless Driver (03/23/2007 4.1.7082.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinZip
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/9/2011 5:56:28 AM, error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

ComboFix 11-06-11.01 - Saravanan 06/11/2011 18:34:03.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.375 [GMT -4:00]
Running from: c:\documents and settings\Saravanan\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Alli\WINDOWS
c:\documents and settings\cscontrol\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest1\Application Data\Mozilla\Firefox\Profiles\42n5h0aa.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}
c:\documents and settings\Guest1\Application Data\Mozilla\Firefox\Profiles\42n5h0aa.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome.manifest
c:\documents and settings\Guest1\Application Data\Mozilla\Firefox\Profiles\42n5h0aa.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome\xulcache.jar
c:\documents and settings\Guest1\Application Data\Mozilla\Firefox\Profiles\42n5h0aa.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\defaults\preferences\xulcache.js
c:\documents and settings\Guest1\Application Data\Mozilla\Firefox\Profiles\42n5h0aa.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\install.rdf
c:\documents and settings\Guest1\WINDOWS
c:\documents and settings\Kadir\Application Data\Mozilla\Firefox\Profiles\z38wa232.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}
c:\documents and settings\Kadir\Application Data\Mozilla\Firefox\Profiles\z38wa232.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome.manifest
c:\documents and settings\Kadir\Application Data\Mozilla\Firefox\Profiles\z38wa232.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome\xulcache.jar
c:\documents and settings\Kadir\Application Data\Mozilla\Firefox\Profiles\z38wa232.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\defaults\preferences\xulcache.js
c:\documents and settings\Kadir\Application Data\Mozilla\Firefox\Profiles\z38wa232.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\install.rdf
c:\documents and settings\Kadir\WINDOWS
c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\bezqmprr.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}
c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\bezqmprr.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome.manifest
c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\bezqmprr.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome\xulcache.jar
c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\bezqmprr.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\defaults\preferences\xulcache.js
c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\bezqmprr.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\install.rdf
c:\documents and settings\Saravanan\My Documents\DPE.DUS
c:\documents and settings\Saravanan\WINDOWS
c:\windows\Downloaded Program Files\RdXIe.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\Data
c:\windows\system32\spool\prtprocs\w32x86\LXAIPP5C.DLL
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-06-11 13:53 . 2011-06-11 13:53 -------- d-----w- c:\program files\EMCO
2011-06-11 12:01 . 2011-06-11 12:01 0 ---ha-w- c:\documents and settings\Saravanan\xcqnfduunj.tmp
2011-06-11 11:49 . 2011-06-11 11:49 -------- d-----w- c:\documents and settings\Saravanan\Application Data\Malwarebytes
2011-06-11 11:49 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-11 11:49 . 2011-06-11 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-11 11:48 . 2011-06-11 11:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-11 11:48 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-10 01:05 . 2011-06-10 01:05 171008 ----a-w- c:\windows\system32\mdminst32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 18:01 . 2011-03-02 16:13 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 18:01 . 2011-03-02 16:13 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-14 18:01 . 2011-03-02 16:13 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 18:01 . 2011-03-02 16:13 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 18:01 . 2011-03-02 16:13 84200 ------w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 18:01 . 2011-03-02 16:13 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 18:01 . 2011-03-02 16:13 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 18:01 . 2011-03-02 16:13 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 18:01 . 2010-02-18 13:54 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 18:01 . 2010-02-18 13:54 387480 ------w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 18:01 . 2010-02-18 13:54 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-05-01 13:15 . 2011-03-26 21:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2007-07-14 22:15 . 2006-01-11 12:29 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-04-14 18:01 . 2011-03-02 16:13 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0982E0C7-06A0-6A44-C6F8-81B80EC954AF}]
2011-06-10 01:05 171008 ----a-w- c:\windows\SYSTEM32\mdminst32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-12-01 36864]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-9 147456]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-07-16 01:10 1836544 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2003-12-10 08:52 380928 ----a-w- c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrgSync.exe]
2005-10-08 03:01 3032576 ----a-w- c:\program files\StorageSync\StrgSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1228655110\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1368:UDP"= 1368:UDP:Windows Media Format SDK (iexplore.exe)
"1369:UDP"= 1369:UDP:Windows Media Format SDK (iexplore.exe)
"1395:UDP"= 1395:UDP:Windows Media Format SDK (iexplore.exe)
"1394:UDP"= 1394:UDP:Windows Media Format SDK (iexplore.exe)
.
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [2/10/2009 9:50 PM 64160]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [3/2/2011 12:13 PM 84200]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2/18/2010 9:57 AM 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/2/2011 12:12 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [3/2/2011 12:12 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [3/2/2011 12:13 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\SYSTEM32\mfevtps.exe [3/2/2011 12:13 PM 141792]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 9:27 AM 24652]
R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [3/2/2011 12:13 PM 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [3/2/2011 12:13 PM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [3/2/2011 12:13 PM 88736]
R3 PD1030VID;Creative WebCam Pro;c:\windows\SYSTEM32\DRIVERS\p1030vid.sys [5/24/2003 3:30 PM 167673]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [3/2/2011 12:13 PM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [3/2/2011 12:13 PM 84488]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 01:49]
.
2011-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2009-02-05 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p officejet 6100 series272A572217594EBCF1CEE215E352B92AD073FDE4225836199.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]
.
2011-06-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-23 05:19]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2088599135-342736887-113321996-1006Core.job
- c:\documents and settings\Saravanan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-18 21:18]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2088599135-342736887-113321996-1006UA.job
- c:\documents and settings\Saravanan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-18 21:18]
.
2003-04-27 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = https://my.screenname.aol.com/_cqr/...aol.com&pv:AOL&lc:en-us&ud:aol.com&checkAIM=1
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycdict.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{47D34A9A-2404-4D3E-A73D-D7B3E4AAC768}: NameServer = 208.67.222.222,208.67.220.220
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {42442236-3673-4054-89C0-A7408BC51EFC} - hxxps://methodology.accenture.com/codebase/SDLnSrvr_ChainMaster.cab
DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} - hxxp://coop.mlxchange.com/Control/MultiSelectComboBox.cab
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://coop.mlxchange.com/Control/MLXClientUtils.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://coop.mlxchange.com/Control/IRCSharc.cab
FF - ProfilePath - c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\bezqmprr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-YOP - c:\progra~1\Yahoo!\YOP\yop.exe
.
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\WRLogonNTF.dll
.
- - - - - - - > 'explorer.exe'(1772)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\HPZipm12.exe
c:\windows\System32\snmp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Pure Networks\Network Magic\nmsrvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2011-06-11 19:17:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-11 23:17
.
Pre-Run: 41,185,366,016 bytes free
Post-Run: 41,806,143,488 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 9FE1D41AC02233111A42700EE2EE20A4

ESET threat list
--------------------

C:\Documents and Settings\Saravanan\Application Data\Sun\Java\Deployment\cache\6.0\31\781da39f-4289d320 Java/TrojanDownloader.Agent.NBU trojan
C:\Documents and Settings\Saravanan\Application Data\Sun\Java\Deployment\cache\6.0\42\58c5086a-35c21101 a variant of Java/Exploit.Agent.NAC trojan
C:\Documents and Settings\Saravanan\Application Data\Sun\Java\Deployment\cache\6.0\46\4a35472e-2f398fbb a variant of Java/Exploit.Agent.NAC trojan
C:\Documents and Settings\Saravanan\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\pjeldcbplgcjlafmicpfcopknffjfbce\contentscript.js Win32/TrojanDownloader.Tracur.F trojan
C:\Documents and Settings\Saravanan\My Documents\BearingPoint\ftp\Install_AIM.exe Win32/Adware.WBug.A application
C:\Documents and Settings\Saravanan\My Documents\inetdocs-ct\ftp\Nero\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar application
C:\Documents and Settings\Saravanan\My Documents\inetdocs-ct\ftp\PerfectUninstaller\PerfectUninstaller_Setup.exe a variant of Win32/Adware.SpywareCease.AA application
C:\Program Files\Perfect Uninstaller\RkHitApi.dll a variant of Win32/Adware.SpywareCease.AA application
C:\Qoobox\Quarantine\C\Documents and Settings\Guest1\Application Data\Mozilla\Firefox\Profiles\42n5h0aa.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Guest1\Application Data\Mozilla\Firefox\Profiles\42n5h0aa.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Kadir\Application Data\Mozilla\Firefox\Profiles\z38wa232.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Kadir\Application Data\Mozilla\Firefox\Profiles\z38wa232.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\bezqmprr.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\bezqmprr.default\extensions\{d1f8f7df-0563-438f-8d2c-1c8fe47b4404}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2050\A0133170.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2050\A0133171.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2051\A0133198.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2051\A0133199.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2051\A0133200.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2051\A0133213.dll a variant of Win32/Kryptik.NHY trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2051\A0133369.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2051\A0133370.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2051\A0133371.manifest Win32/TrojanDownloader.Tracur.F trojan

Please advise next steps. Should I keep my PC physically disconnected from the internet and connect only when required until this is resolved?
 
Allow me to make some comments based on observations:

1. The system was/is infected by a large amount of malware.
2. The system has been around for a while- hard drive 'space' is low.
3. Too many processes are loading on boot, then running in the background. Depending on how much RAM you have-or don't have- the system has got to be slowing down after you surf a while.
4. It does not appear that you are doing any regular maintenance on the system. That would include:
Disc cleanup to include deleting temporary internet files and Cookies
Error Check
Defrag
5. There are 2 printers loading> Lexmark and HP. Neither needs to start on boot, but I question whether you are actually using 2 printers.
6. I'm thinking you have not reviewed All Programs in a while and uninstalled whatever you no longer have or use.
7. There are multiple versions of Java and none is the current version.
8. You recently added EMCO Malware Destroyer You may not realize it but this is an antivirus program. You have a McAfee Suite and should not run 2 AV programs.
9. There are 7 domains in the Trusted zone, including the internet. All of these, for the entire time they have been in the trusted zone have put the system at risk.
10.You are still actively getting Java exploits, Trojans, Adware, Spyware,
11.There are 36 Active X Objects on the system. Active X isn't all bad or good, but hackers and crackers use flaws in ActiveX to install malicious code on victim's browsers.
==================================================
Please get you tax information off of the system> burn it to a CD and keep it there
========================================================
In view of the extent of the malware infection, including Backdoor.bots as previously mentioned, I am going to recommend that you do a reformat/reinstall of the system. Do not put everything back on it. The only processes you need on the Startup menu are the AV, Firewall if you have a 3rd party firewall, touchpad for laptop and Pure Magic processes>> nothing else!

You will find excellent reformat/reinstall instructions here:
http://www.tech-101.com/tutorials/356-tutorial-windows-install-repair-xp-vista.html
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back