My system is infected with malware. I have generated the ComboFix and Hijackthis log. here is the log information.
################################### ComboFix LOG #####################################
ComboFix 09-02-25.02 - PRAVEEN 2009-02-26 0:39:41.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.624 [GMT -5:00]
Running from: c:\documents and settings\PRAVEEN\Desktop\123.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ShoppingReport
c:\windows\IE4 Error Log.txt
c:\windows\system32\dijipire.dll
c:\windows\system32\dumatoma.dll
c:\windows\system32\fatalofi.dll
c:\windows\system32\hagiyobi.dll
c:\windows\system32\hqiedm.dll
c:\windows\system32\ifolataf.ini
c:\windows\system32\ituyober.ini
c:\windows\system32\lowopami.dll
c:\windows\system32\nowepeto.dll
c:\windows\system32\otepewon.ini
c:\windows\system32\pilabuma.dll
c:\windows\system32\reboyuti.dll
c:\windows\system32\ribenepo.dll
c:\windows\system32\rkzvct.dll
c:\windows\system32\tuzatazo.dll
c:\windows\system32\wzfagp.dll
c:\windows\system32\zesanido.dll
.
((((((((((((((((((((((((( Files Created from 2009-01-26 to 2009-02-26 )))))))))))))))))))))))))))))))
.
2009-02-25 02:26 . 2009-02-25 02:26 30,880 --a------ c:\windows\system32\drivers\xtzvplvu.sys
2009-02-25 02:26 . 2009-02-25 02:26 356 --a------ c:\windows\system32\drivers\fnmjvugh.dat
2009-02-24 14:35 . 2009-02-26 00:38 6,456 --a------ c:\windows\system32\fesakefo
2009-02-21 12:20 . 2009-02-21 12:20 <DIR> d--hs---- C:\FOUND.000
2009-02-12 10:21 . 2009-02-12 10:21 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonIJEGV
2009-02-10 18:46 . 2009-02-10 18:46 <DIR> d-------- c:\documents and settings\PRAVEEN\Application Data\Canon
2009-02-10 18:19 . 2009-02-10 18:19 <DIR> d-------- c:\program files\Common Files\CANON
2009-02-10 18:15 . 2009-02-10 18:15 <DIR> d--h----- c:\windows\system32\CanonIJ Uninstaller Information
2009-02-10 18:15 . 2009-02-10 18:15 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ
2009-02-10 18:15 . 2008-05-30 00:00 230,912 --a------ c:\windows\system32\CNMLM9D.DLL
2009-02-10 18:14 . 2009-02-10 18:14 <DIR> d--h----- c:\program files\CanonBJ
2009-02-10 18:14 . 2008-04-07 09:58 1,339,392 --a------ c:\windows\system32\CNC620C.DLL
2009-02-10 18:14 . 2007-05-14 10:49 362,496 --a------ c:\windows\system32\CNMNPPM.DLL
2009-02-10 18:14 . 2008-05-30 04:27 270,336 --a------ c:\windows\system32\CNC620L.DLL
2009-02-10 18:14 . 2007-03-15 09:12 188,416 --a------ c:\windows\system32\CNC620O.DLL
2009-02-10 18:14 . 2007-05-14 10:49 142,336 --a------ c:\windows\system32\CNMNPUI.DLL
2009-02-10 18:14 . 2007-03-19 19:14 117,850 --a------ c:\windows\system32\Cnmnput.chm
2009-02-10 18:14 . 2008-04-07 09:58 98,304 --a------ c:\windows\system32\CNC620I.DLL
2009-02-10 18:11 . 2009-02-10 18:11 <DIR> d-------- c:\program files\Canon
2009-02-10 11:52 . 2009-02-10 11:52 <DIR> d-------- c:\program files\Bitvise Tunnelier
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-26 05:42 16,760 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-02-26 05:42 11,888 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-02-26 05:42 104,224 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-02-26 05:42 1,130,496 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-02-03 18:47 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 18:47 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2008-12-12 17:27 3,067,392 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\dllcache\srv.sys
2008-12-10 17:48 158,456 ------w c:\windows\system32\pxwma.dll
2007-12-22 23:18 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-11-03 14:39 27,976 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-11-03 14:39 125,848 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-11-03 14:39 98,712 ----a-w c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"vidc.X264"= x264vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^PRAVEEN^Start Menu^Programs^Startup^WordWeb.lnk]
path=c:\documents and settings\PRAVEEN\Start Menu\Programs\Startup\WordWeb.lnk
backup=c:\windows\pss\WordWeb.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 12:57 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-07-16 21:00 335872 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2008-03-17 20:06 1848648 c:\program files\Canon\MyPrinter\BJMYPRT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
--a------ 2008-03-10 20:20 689488 c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-12-10 18:02 67184 c:\program files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX7400 Series]
--a------ 2007-02-15 06:00 179200 c:\windows\system32\spool\drivers\w32x86\3\E_FATICDA.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 16:22 3739648 c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
--a------ 2007-05-21 03:37 124512 c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-02-08 01:12 488984 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-02-08 01:13 774168 c:\program files\Logitech\QuickCam10\QuickCam10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmaTel StacMon]
--------- 2004-04-29 14:15 90169 c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Titan Backup]
--a------ 2008-03-04 13:02 3651008 c:\progra~1\TITANB~1\TitanBackup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-23 00:46 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 17:24 28672 c:\windows\system32\Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 05:59 122880 c:\windows\BCMSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec AntiVirus"=2 (0x2)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\RAPIMGR.EXE"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\AVP.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\WINDOWS\\System32\\SPOOLSV.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jdk1.5.0_14\\bin\\java.exe"=
"c:\\WINDOWS\\System32\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-04-04 24344]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys --> c:\windows\system32\DRIVERS\StarPortLite.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2004-12-30 153416]
--- Other Services/Drivers In Memory ---
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - WinDefend
*Deregistered* - winmgmt
*Deregistered* - WLANKEEPER
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a6c3291-ec00-11dd-8fe2-000f1f28cb12}]
\Shell\AutoRun\command - Netlog.exe
.
Contents of the 'Scheduled Tasks' folder
2009-02-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
2009-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-02-26 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHANS REMOVED - - - -
BHO-{1aef9590-6bb7-4adf-b86b-4a19bc932794} - c:\windows\system32\wzfagp.dll
BHO-{6d3092ff-f084-4263-8aa5-ec72e64dc419} - c:\windows\system32\ribenepo.dll
MSConfigStartUp-BootWarn - c:\program files\Norton Internet Security\Norton AntiVirus\BootWarn.exe
MSConfigStartUp-Clean MemXP - c:\program files\Clean MemXP\CleanMemXP9.exe
MSConfigStartUp-CleanUp - c:\docume~1\PRAVEEN\LOCALS~1\Temp\2008190426_mcappins.exe
MSConfigStartUp-CPMe7b5d7c1 - c:\windows\system32\dijipire.dll
MSConfigStartUp-DesktopIconToy - c:\program files\Desktop Icon Toy\DesktopIconToy.exe
MSConfigStartUp-e486e45d - c:\windows\system32\nowepeto.dll
MSConfigStartUp-fssui - c:\program files\Windows Live\Family Safety\fssui.exe
MSConfigStartUp-Google Update - c:\documents and settings\PRAVEEN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-kujuzevapa - c:\windows\system32\tuzatazo.dll
MSConfigStartUp-Mamutu Guard - c:\program files\MAMUTU\mamutu.exe
MSConfigStartUp-McafWelcome - c:\program files\McAfee.com\Agent\mcwelcom.exe
MSConfigStartUp-MCAgentExe - c:\progra~1\McAfee.com\Agent\McAgent.exe
MSConfigStartUp-McRegWiz - c:\progra~1\mcafee.com\agent\mcregwiz.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-msci - c:\docume~1\PRAVEEN\LOCALS~1\Temp\2008190426_mcinfo.exe
MSConfigStartUp-PRONoMgr - c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
MSConfigStartUp-Symantec NetDriver Warning - c:\progra~1\SYMNET~1\SNDWarn.exe
MSConfigStartUp-URLLSTCK - c:\program files\Norton Internet Security\UrlLstCk.exe
MSConfigStartUp-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - c:\progra~1\mcafee.com\vso\mcmnhdlr.exe
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\PRAVEEN\Application Data\Mozilla\Firefox\Profiles\w3ks232n.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\PRAVEEN\Application Data\Mozilla\Firefox\Profiles\w3ks232n.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJPI150_14.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-26 00:43:52
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(848)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(904)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\WINDOWS DEFENDER\MSMPENG.EXE
c:\program files\INTEL\WIRELESS\BIN\EVTENG.EXE
c:\program files\INTEL\WIRELESS\BIN\S24EVMON.EXE
c:\program files\INTEL\WIRELESS\BIN\WLKEEPER.EXE
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\windows\SYSTEM32\ASTSRV.EXE
c:\program files\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 7.0\AVP.EXE
c:\windows\SYSTEM32\HPZIPM12.EXE
c:\program files\INTEL\WIRELESS\BIN\REGSRVC.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
d:\bin\TSVNCache.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2009-02-26 0:51:50 - machine was rebooted [PRAVEEN]
ComboFix-quarantined-files.txt 2009-02-26 05:51:42
Pre-Run: 863,944,704 bytes free
Post-Run: 2,480,685,056 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
326 --- E O F --- 2009-02-26 05:49:59
########################## HIJACK LOG ################################################
Logfile of HijackThis v1.99.1
Scan saved at 1:03:44 AM, on 2/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
D:\bin\TSVNCache.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\TextPad 4\TextPad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-IN/a-U ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Advanced Software Technologies - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe