Hi Cypher,
I performed the Combofix and just before it made a log, Combofix asked to upload a file to its server for testing. Im not sure if that was suppose to happen.
Anyway, heres the
combofix log:ComboFix 10-05-21.06 - Sagar 23/05/2010 11:04:24.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.456 [GMT 1:00]
Running from: c:\documents and settings\Sagar\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Sagar\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
file zipped: c:\documents and settings\Administrator\Start Menu\Programs\Startup\xuxuig.exe
file zipped: c:\documents and settings\Default User\Start Menu\Programs\Startup\usicip.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\xuxuig.exe
c:\documents and settings\Default User\Start Menu\Programs\Startup\usicip.exe
.
((((((((((((((((((((((((( Files Created from 2010-04-23 to 2010-05-23 )))))))))))))))))))))))))))))))
.
2010-05-22 16:58 . 2008-04-13 18:36 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-05-22 16:58 . 2008-04-13 18:36 37248 ----a-w- c:\windows\system32\dllcache\isapnp.sys
2010-05-22 16:50 . 2010-05-22 16:50 -------- d-----w- c:\documents and settings\Sagar\Application Data\Tific
2010-05-22 16:50 . 2010-05-22 16:50 -------- d-----w- c:\documents and settings\Sagar\Local Settings\Application Data\Symantec
2010-05-21 16:08 . 2010-05-21 16:08 -------- d-----w- c:\program files\ESET
2010-05-21 11:44 . 2010-05-21 11:44 -------- d-----w- C:\_OTM
2010-05-21 11:40 . 2010-05-21 11:40 -------- d-----w- c:\program files\ERUNT
2010-05-21 11:20 . 2010-05-06 04:01 47408 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-05-09 23:36 . 2010-05-09 23:36 -------- d--h--w- c:\windows\system32\WLANProfiles
2010-05-09 11:29 . 2010-05-09 11:29 -------- d-----w- c:\program files\Google
2010-05-08 18:09 . 2010-05-21 11:17 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-05-08 18:09 . 2010-05-20 16:09 23040 ----a-w- c:\windows\system32\dllcache\mouclass.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 09:27 . 2007-02-06 20:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-21 12:28 . 2009-11-20 17:52 -------- d-----w- c:\program files\Trend Micro
2010-05-21 11:44 . 2006-12-01 21:48 -------- d-----w- c:\program files\MSN Messenger
2010-05-20 17:57 . 2009-11-21 18:06 -------- d-----w- c:\documents and settings\Sagar\Application Data\SUPERAntiSpyware.com
2010-05-20 17:57 . 2009-11-21 18:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-20 17:55 . 2006-08-25 16:16 -------- d-----w- c:\program files\Java
2010-05-13 10:04 . 2010-04-20 17:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-08 16:34 . 2009-09-05 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Tablet
2010-05-02 10:28 . 2010-04-17 12:01 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-29 14:39 . 2010-04-20 17:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-04-20 17:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 12:01 . 2010-04-17 12:01 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-02 10:56 . 2009-08-25 21:12 -------- d-----w- c:\program files\McAfee
2010-04-01 14:22 . 2010-04-01 14:22 -------- d-----w- c:\program files\Common Files\McAfee
2010-04-01 14:21 . 2006-08-25 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-01 13:10 . 2006-08-25 16:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-01 12:25 . 2006-08-25 16:27 -------- d-----w- c:\program files\Symantec
2010-04-01 12:25 . 2010-04-01 12:25 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-01 12:25 . 2010-04-01 12:25 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-01 12:25 . 2010-04-01 12:25 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-01 12:25 . 2010-04-01 12:25 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-01 12:25 . 2010-04-01 12:25 -------- d-----w- c:\program files\Norton Internet Security
2010-04-01 12:25 . 2010-04-01 12:25 -------- d-----w- c:\program files\Windows Sidebar
2010-04-01 12:25 . 2010-04-01 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-01 12:24 . 2010-04-01 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-04-01 12:22 . 2010-04-01 12:22 -------- d-----w- c:\program files\NortonInstaller
2010-04-01 12:20 . 2006-08-25 16:31 -------- d-----w- c:\program files\McAfee.com
2010-03-10 06:15 . 2004-08-11 16:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-11 16:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-11 16:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 16:43 . 2010-02-23 16:43 1923768 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2007-06-05 16:19 . 2007-06-05 16:18 918874 ----a-w- c:\program files\TB.log
2007-09-09 02:46 . 2006-08-31 11:42 56 --sh--r- c:\windows\system32\A1CF96F6F6.sys
2007-11-04 00:23 . 2006-08-30 10:38 88 -csh--r- c:\windows\system32\F6F696CFA1.sys
2007-11-04 00:23 . 2006-08-30 10:38 6580 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-05-22_19.36.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-23 09:27 . 2010-05-23 09:27 16384 c:\windows\Temp\Perflib_Perfdata_4d8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\NetWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-16 389120]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-09-26 3660848]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-08-20 2000120]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL Companion.lnk - c:\program files\AOL Companion\companion.exe [2006-8-25 250992]
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-8-25 7168]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-25 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Common Files\\AOL\\1235323325\\ee\\aolsoftware.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS4\\Support Files\\AfterFX.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"56407:TCP"= 56407:TCP:Pando Media Booster
"56407:UDP"= 56407:UDP:Pando Media Booster
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [21/05/2010 09:47 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [21/05/2010 09:47 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [29/04/2010 18:44 537136]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [21/05/2010 09:47 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [21/05/2010 09:47 116784]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [01/04/2010 15:21 93320]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [21/05/2010 09:47 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [01/04/2010 16:45 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100513.002\IDSXpx86.sys [17/05/2010 20:13 329592]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [18/07/2009 22:52 131072]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [18/07/2009 22:52 79104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.co.uk/uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) =
hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} -
http://www.skybroadband.comFF - ProfilePath - c:\documents and settings\Sagar\Application Data\Mozilla\Firefox\Profiles\dnflfdwe.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.co.ukFF - prefs.js: keyword.URL -
hxxp://uk.search.yahoo.com/search?fr=mcafee&p=FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Sagar\Application Data\Mozilla\Firefox\Profiles\dnflfdwe.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-23 11:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\p*|*0 ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\à*w*0 ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\ø*w*0 ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\¬ 2*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
Completion time: 2010-05-23 11:15:59
ComboFix-quarantined-files.txt 2010-05-23 10:15
ComboFix2.txt 2010-05-22 19:38
ComboFix3.txt 2010-05-22 17:27
Pre-Run: 33,517,146,112 bytes free
Post-Run: 33,477,124,096 bytes free
- - End Of File - - 91517CED036C2CD76B8AD278F35CBE81
Upload was successful
My computer seems to be running fine and i havent found any anything wrong.
Thanks again for the time ur spending to help me, really appriciate it.