Hi Peku006,
here are the logs:
Combofix log:
ComboFix 09-03-30.04 - Anitha 2009-03-31 14:52:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.677 [GMT -4:00]
Running from: c:\documents and settings\Anitha\Desktop\ComboFix.exe
FW: PC Tools Firewall Plus *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\biyoriwo.dll
c:\windows\system32\bojilale.dll
c:\windows\system32\bujevohe.dll
c:\windows\system32\canuip.dll
c:\windows\system32\dugejapo.dll
c:\windows\system32\esibijuz.ini
c:\windows\system32\farotugo.dll
c:\windows\system32\fazokara.dll
c:\windows\system32\feyiloto.dll
c:\windows\system32\gakikedo.dll
c:\windows\system32\gosowibi.dll
c:\windows\system32\gubeleya.dll
c:\windows\system32\jalugolu.dll
c:\windows\system32\jilumuyo.dll
c:\windows\system32\jobebase.dll
c:\windows\system32\jonanimo.dll
c:\windows\system32\kamideva.dll
c:\windows\system32\kegohato.dll
c:\windows\system32\kenahapu.dll
c:\windows\system32\kqdiwg.dll
c:\windows\system32\ogutoraf.ini
c:\windows\system32\pufagedu.dll
c:\windows\system32\ravufuge.dll
c:\windows\system32\regijohi.dll
c:\windows\system32\retoseti.dll
c:\windows\system32\rwekwh.dll
c:\windows\system32\suluyohe.dll
c:\windows\system32\sxaada.dll
c:\windows\system32\tijezaze.dll
c:\windows\system32\vatimete.dll
c:\windows\system32\wovohudi.dll
c:\windows\system32\yeyolavi.dll
c:\windows\system32\yfyhdi.dll
c:\windows\system32\yojoyufi.dll
c:\windows\system32\zafifiwo.dll
c:\windows\system32\zudavuva.dll
c:\windows\system32\zujibise.dll
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.
2009-03-31 14:40 . 2009-03-31 14:49 <DIR> d----c--- C:\32788R22FWJFW.0.tmp
2009-03-29 21:28 . 2009-03-29 21:28 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-03-29 21:28 . 2007-09-04 12:56 164,352 --a------ c:\windows\system32\unrar.dll
2009-03-29 21:28 . 2008-07-30 15:09 38 --a------ c:\windows\avisplitter.ini
2009-03-16 12:44 . 2009-03-16 12:44 <DIR> d-------- c:\documents and settings\Anitha\Application Data\McAfee
2009-03-15 12:10 . 2009-03-15 12:37 5,837,184 --a------ c:\windows\system32\SNAGIT7
2009-03-15 09:18 . 2009-03-15 09:18 <DIR> d-------- c:\documents and settings\Anitha\Application Data\PCToolsFirewallPlus
2009-03-14 20:35 . 2009-03-20 16:29 <DIR> d-------- c:\program files\PC Tools Firewall Plus
2009-03-14 20:35 . 2008-09-22 12:29 97,408 --a------ c:\windows\system32\drivers\pctfw.sys
2009-03-14 20:35 . 2009-01-21 10:38 95,640 --a------ c:\windows\system32\drivers\pctplfw.sys
2009-03-11 16:49 . 2009-03-11 16:49 <DIR> d----c--- C:\fsaua.data
2009-03-10 14:14 . 2009-03-10 14:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-10 14:14 . 2009-03-10 14:14 <DIR> d-------- c:\documents and settings\Anitha\Application Data\Malwarebytes
2009-03-10 14:14 . 2009-03-10 14:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-10 14:14 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-10 14:14 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-09 13:48 . 2008-04-13 20:12 16,384 --a------ c:\windows\system32\ipsink.ax
2009-03-09 13:48 . 2008-04-13 20:12 16,384 --a------ c:\windows\system32\dllcache\ipsink.ax
2009-03-09 13:48 . 2008-04-13 14:46 15,232 --a------ c:\windows\system32\drivers\StreamIP.sys
2009-03-09 13:48 . 2008-04-13 14:46 15,232 --a------ c:\windows\system32\dllcache\streamip.sys
2009-03-09 13:48 . 2008-04-13 14:46 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2009-03-09 13:48 . 2008-04-13 14:46 10,880 --a------ c:\windows\system32\dllcache\ndisip.sys
2009-03-09 13:48 . 2008-04-13 14:39 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2009-03-09 13:48 . 2008-04-13 14:39 5,504 --a------ c:\windows\system32\dllcache\mstee.sys
2009-03-09 13:47 . 2008-04-13 14:46 85,248 --a------ c:\windows\system32\drivers\NABTSFEC.sys
2009-03-09 13:47 . 2008-04-13 14:46 85,248 --a------ c:\windows\system32\dllcache\nabtsfec.sys
2009-03-09 13:47 . 2008-04-13 14:46 19,200 --a------ c:\windows\system32\drivers\WSTCODEC.SYS
2009-03-09 13:47 . 2008-04-13 14:46 19,200 --a------ c:\windows\system32\dllcache\wstcodec.sys
2009-03-09 13:47 . 2008-04-13 14:46 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys
2009-03-09 13:47 . 2008-04-13 14:46 17,024 --a------ c:\windows\system32\dllcache\ccdecode.sys
2009-03-09 13:47 . 2008-04-13 14:46 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2009-03-09 13:47 . 2008-04-13 14:46 11,136 --a------ c:\windows\system32\dllcache\slip.sys
2009-03-05 15:34 . 2009-03-05 15:34 <DIR> d-------- c:\program files\Trend Micro
2009-03-05 12:18 . 2009-03-20 12:55 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-03-05 12:18 . 2008-12-11 09:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-03-05 12:18 . 2009-03-06 16:45 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-03-05 12:18 . 2008-12-18 13:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-02-27 00:32 . 2009-02-27 00:32 <DIR> d-------- c:\documents and settings\Anitha\Application Data\TrojanHunter
2009-02-26 21:15 . 2009-02-27 10:58 <DIR> d-------- c:\program files\TrojanHunter 5.0
2009-02-20 22:27 . 2009-02-20 22:27 <DIR> d-------- c:\program files\Logitech
2009-02-20 22:27 . 2009-02-20 22:29 <DIR> d-------- c:\program files\Common Files\LogiShrd
2009-02-20 22:27 . 2009-02-20 22:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech
2009-02-20 22:27 . 2009-02-20 22:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logishrd
2009-02-14 11:02 . 2009-02-14 11:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\SpeedBit
2009-02-14 11:01 . 2009-02-14 11:05 <DIR> d-------- c:\program files\DAP
2009-02-08 20:39 . 2009-02-08 20:39 <DIR> d-------- c:\program files\Alwil Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 19:00 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-16 16:44 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-13 19:10 90,112 ----a-w c:\windows\DUMPc4a7.tmp
2009-02-27 14:56 --------- d-----w c:\documents and settings\Anitha\Application Data\Juniper Networks
2006-09-19 04:40 774,144 -c--a-w c:\program files\RngInterstitial.dll
2006-07-04 23:24 67,424 -c--a-w c:\program files\MC
2005-05-12 17:48 9,382,912 -c--a-w c:\program files\Communicator.msi
2005-05-12 17:07 93,270 -c--a-w c:\program files\Communicator.adm
2005-05-10 18:33 29,915 ----a-r c:\program files\relnotes.htm
2007-05-06 22:37 80 -csh--r c:\windows\system32\47B1B07498.dll
2007-12-04 01:36 104 -csh--r c:\windows\system32\47B1B07498.sys
2006-10-16 18:33 88 -csh--r c:\windows\system32\9874B0B147.sys
2007-12-04 01:36 8,456 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-08-23 22:19 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082320080824\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 131072]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 c:\windows\stsystra.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Network Associates\\VirusScan\\shstat.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Network Associates\\VirusScan\\Mcshield.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\bea\\tuxedo8.1\\bin\\tuxipc.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Linksys EasyLink Advisor\\LinksysAgent.exe"=
"c:\\WINDOWS\\stsystra.exe"=
"c:\\WINDOWS\\system32\\dla\\tfswctrl.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-05 130424]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-10-18 58464]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-03-05 159600]
R2 BEA ProcMGR V8.1;BEA ProcMGR V8.1;c:\bea\tuxedo8.1\bin\tuxipc.exe [2006-07-04 20480]
R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [2007-09-06 5504]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-03-05 73840]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-03-14 95640]
S2 TUXEDO 8.1 Listener on Port 3050;TListen 8.1 (Port: 3050);c:\bea\tuxedo8.1\bin\slisten.exe [2006-07-04 69632]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\urvpndrv.sys --> c:\windows\system32\DRIVERS\urvpndrv.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30cea1cb-45fc-11dd-b676-0015c51e9c11}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30cea1cc-45fc-11dd-b676-0015c51e9c11}]
\Shell\AutoRun\command - G:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{856c2690-440e-11db-b2b5-0015c51e9c11}]
\Shell\AutoRun\command - F:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
2009-03-27 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe []
.
- - - - ORPHANS REMOVED - - - -
BHO-{d0627fde-3787-4161-b1df-6db8cbeb6046} - c:\windows\system32\kamideva.dll
BHO-{e3959ddd-e7d6-4cbf-8ebe-5eb198e57174} - c:\windows\system32\canuip.dll
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyServer = 192.168.231.30:80
uInternet Settings,ProxyOverride = *sheriff.bso;<local>;*.local
uSearchURL,(Default) =
hxxp://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.comIE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: musicmatch.com\online
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
DPF: {D84C4D49-A63A-4432-B319-718ECA705773} -
hxxps://firevpn.greenfield.com/policy/d ... ,0,41115,1FF - ProfilePath - c:\documents and settings\Anitha\Application Data\Mozilla\Firefox\Profiles\cltmjvoq.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - Google
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-31 15:01:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1428)
c:\windows\system32\EntApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\mssql7\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-03-31 15:07:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-31 19:06:51
Pre-Run: 7,589,019,648 bytes free
Post-Run: 7,604,551,680 bytes free
261 --- E O F --- 2009-03-15 01:02:44
_______________________________________________________________________________________________________
Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:29 PM, on 3/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\bea\tuxedo8.1\bin\tuxipc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.231.30:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *sheriff.bso;<local>;*.local
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://*.mcafee.comO16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
http://www.kumudam.com/wfplayer/tdserver.cabO16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) -
http://dl.tvunetworks.com/TVUAx.cabO16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) -
http://img2.orkut.com/activex/10035/photouploader.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/share ... insctl.cabO16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) -
https://firevpn.greenfield.com/vdesk/te ... ,0,50412,1O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -
http://support.f-secure.com/ols/fscax.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -
http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exeO16 - DPF: {D84C4D49-A63A-4432-B319-718ECA705773} -
https://firevpn.greenfield.com/policy/d ... ,0,41115,1O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) -
https://myvpn.ford.com/dana-cached/setu ... tupSP1.cabO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BEA ProcMGR V8.1 - Unknown owner - C:\bea\tuxedo8.1\bin\tuxipc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TListen 8.1 (Port: 3050) (TUXEDO 8.1 Listener on Port 3050) - Unknown owner - C:\bea\tuxedo8.1\bin\slisten.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 12320 bytes
Thanks
Anitha