bharat.gattu

Hi Bob,

I have attached the ComboFix log - ComboFix.txt and
HiJackThis Log - hijackthis.log to the post.

Yup, I had run the Combofix previously (was following the post I had referred to in the first post), however, I was not sure if what I was doing was in the correct sequence.

Thanks and Regards,
Bharat Gattu


ComboFix 07-12-29.3 - bgtx5 2007-12-28 23:00:29.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1548 [GMT -6:00]
Running from: C:\Documents and Settings\bgtx5\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\bgtx5\Application Data\AntiSpywareBot
C:\Documents and Settings\bgtx5\Application Data\AntiSpywareBot\Log\2007 Dec 26 - 11_36_14 PM_082.log
C:\Documents and Settings\bgtx5\Application Data\AntiSpywareBot\Log\2007 Dec 26 - 11_36_16 PM_801.log
C:\Documents and Settings\bgtx5\Application Data\AntiSpywareBot\rs.dat
C:\Documents and Settings\bgtx5\Application Data\AntiSpywareBot\Settings\CustomScan.stg
C:\Documents and Settings\bgtx5\Application Data\AntiSpywareBot\Settings\IgnoreList.stg
C:\Documents and Settings\bgtx5\Application Data\AntiSpywareBot\Settings\ScanInfo.stg
C:\Documents and Settings\bgtx5\Application Data\AntiSpywareBot\Settings\ScanResults.stg
C:\Documents and Settings\bgtx5\Application Data\AntiSpywareBot\Settings\SelectedFolders.stg
C:\Documents and Settings\bgtx5\Application Data\AntiSpywareBot\Settings\Settings.stg
C:\WINNT\alxvdvm.dll
C:\WINNT\privacy_danger
C:\WINNT\privacy_danger\images\capt.gif
C:\WINNT\privacy_danger\images\danger.jpg
C:\WINNT\privacy_danger\images\down.gif
C:\WINNT\privacy_danger\images\spacer.gif
C:\WINNT\privacy_danger\index.htm
C:\WINNT\Tasks.\AntiSpywareBot Scheduled Scan.job

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))
.

2007-12-28 20:39 . 2007-12-28 20:39 <DIR> d-------- C:\Deckard
2007-12-28 19:58 . 2007-12-28 19:58 <DIR> d-------- C:\ie-spyad_zo
2007-12-28 19:57 . 2007-06-05 10:56 44,928 --a------ C:\WINNT\system32\drivers\SDTHOOK.SYS
2007-12-28 19:47 . 2007-12-28 20:24 <DIR> d-------- C:\WINNT\system32\ActiveScan
2007-12-28 19:47 . 2007-12-28 19:47 30,590 --a------ C:\WINNT\system32\pavas.ico
2007-12-27 23:46 . 2007-12-27 23:46 11,264 --a------ C:\WINNT\system32\292.tmp
2007-12-27 23:31 . 2007-12-28 19:47 2,550 --a------ C:\WINNT\system32\Uninstall.ico
2007-12-27 23:31 . 2007-12-28 19:47 1,406 --a------ C:\WINNT\system32\Help.ico
2007-12-27 17:22 . 2007-12-28 01:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-27 14:46 . 2007-12-27 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-26 23:04 . 2007-12-26 23:04 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-12-26 17:58 . 2007-12-28 04:09 <DIR> d-------- C:\Documents and Settings\bgtx5\Contacts
2007-12-26 14:21 . 2007-12-26 14:21 <DIR> d-------- C:\WINNT\35C03C043F1F42C2A989A757EE691F65.TMP
2007-12-24 19:13 . 2005-09-23 08:29 626,688 --a------ C:\WINNT\system32\msvcr80.dll
2007-12-24 18:52 . 2007-12-24 18:52 <DIR> d-------- C:\WINNT\system32\Kaspersky Lab
2007-12-24 18:52 . 2007-12-24 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-24 18:45 . 2007-09-24 23:31 69,632 --a------ C:\WINNT\system32\javacpl.cpl
2007-12-24 17:06 . 2007-12-26 21:53 1,786 --a------ C:\WINNT\system32\tmp.reg
2007-12-21 17:06 . 2007-12-21 17:06 <DIR> d--h----- C:\WINNT\PIF
2007-12-14 12:36 . 2007-12-14 12:36 <DIR> d-------- C:\Documents and Settings\bgtx5\Application Data\Design Science
2007-12-13 06:21 . 2007-12-13 06:46 <DIR> d-------- C:\Documents and Settings\bgtx5\Application Data\U3
2007-12-10 22:04 . 2007-12-10 23:19 <DIR> d-------- C:\Documents and Settings\bgtx5\Application Data\CTdeveloping
2007-12-10 21:53 . 2007-12-10 22:02 <DIR> d-------- C:\Documents and Settings\bgtx5\Application Data\deskUNPDF
2007-12-10 21:53 . 2007-12-10 21:53 732 --a------ C:\deskPDF.opt
2007-12-10 19:12 . 2007-12-10 19:14 <DIR> d-------- C:\Java
2007-12-10 19:09 . 2007-12-24 15:51 95 --a------ C:\WINNT\system32\productregistry
2007-12-10 18:46 . 2007-12-10 18:46 <DIR> d-------- C:\Program Files\Sun
2007-12-10 18:41 . 2007-12-10 18:41 <DIR> d-------- C:\Sun
2007-11-30 02:36 . 2007-11-30 02:36 <DIR> d-------- C:\WINNT\Sun
2007-11-29 16:30 . 2007-11-29 16:30 1,044,480 --a------ C:\WINNT\system32\libdivx.dll
2007-11-29 16:30 . 2007-11-29 16:30 200,704 --a------ C:\WINNT\system32\ssldivx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 02:13 --------- d-----w C:\Program Files\MSN Messenger
2007-12-25 00:45 --------- d-----w C:\Program Files\Java
2007-12-24 22:03 --------- d-----w C:\Program Files\DivX
2007-12-24 22:02 --------- d-----w C:\Program Files\Yahoo!
2007-12-24 22:01 --------- d-----w C:\Documents and Settings\bgtx5\Application Data\Yahoo!
2007-12-24 22:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-24 21:53 --------- d-----w C:\Program Files\Real
2007-12-24 21:53 --------- d-----w C:\Program Files\Common Files\Real
2007-11-24 11:36 499,712 ----a-w C:\WINNT\system32\msvcp71.dll
2007-11-13 10:25 20,480 ----a-w C:\WINNT\system32\drivers\secdrv.sys
2007-11-10 10:02 --------- d-----w C:\Documents and Settings\bgtx5\Application Data\Viewpoint
2007-11-09 19:18 --------- d-----w C:\Program Files\TextPad 5
2007-11-09 19:18 --------- d-----w C:\Documents and Settings\bgtx5\Application Data\Helios
2007-11-06 00:08 --------- d-----w C:\Documents and Settings\bgtx5\Application Data\Apple Computer
2007-11-06 00:05 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2007-11-04 01:46 --------- d-----w C:\Program Files\Microcal
2007-10-31 17:55 --------- d-----w C:\Documents and Settings\bgtx5\Application Data\FileOpen
2007-10-31 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\FileOpen
2007-10-29 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-29 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-29 22:35 1,287,680 ----a-w C:\WINNT\system32\quartz.dll
2007-10-27 23:40 227,328 ----a-w C:\WINNT\system32\wmasf.dll
2007-07-25 14:33 113,664 ----a-w C:\WINNT\inf\hdaudio.sys
.

((((((((((((((((((((((((((((( snapshot@2007-12-26_14.58.08.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-26 23:57:28 29,926 ----a-r C:\WINNT\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe
+ 2007-03-29 15:20:50 110,592 ----a-w C:\WINNT\system32\ActiveScan\as.dll
+ 2006-10-05 22:15:26 233,472 ----a-w C:\WINNT\system32\ActiveScan\ascontrol.dll
+ 2005-06-03 20:03:18 96,256 ----a-w C:\WINNT\system32\ActiveScan\asmdat.dll
+ 2003-08-01 17:00:16 36,864 ----a-w C:\WINNT\system32\ActiveScan\certdll.dll
+ 2005-05-20 19:42:44 86,016 ----a-w C:\WINNT\system32\ActiveScan\instlsp.dll
+ 2007-11-12 15:46:18 26,112 ----a-w C:\WINNT\system32\ActiveScan\JID.dll
+ 2006-02-17 00:20:20 4,608 ----a-w C:\WINNT\system32\ActiveScan\memvfile.dll
+ 2005-10-26 00:08:32 348,160 ----a-w C:\WINNT\system32\ActiveScan\msvcr71.dll
+ 2007-11-26 17:10:36 61,440 ----a-w C:\WINNT\system32\ActiveScan\NanoWrapper.dll
+ 2004-05-04 21:01:02 139,264 ----a-w C:\WINNT\system32\ActiveScan\pavaleas.dll
+ 2006-07-14 19:04:10 45,056 ----a-w C:\WINNT\system32\ActiveScan\pavdr.exe
+ 2006-04-10 16:50:02 159,832 ----a-w C:\WINNT\system32\ActiveScan\pavexcom.dll
+ 2006-02-14 19:05:38 94,208 ----a-w C:\WINNT\system32\ActiveScan\pavinas.dll
+ 2006-02-17 00:35:38 180,224 ----a-w C:\WINNT\system32\ActiveScan\pavoe.dll
+ 2006-10-05 22:15:38 122,880 ----a-w C:\WINNT\system32\ActiveScan\pavpz.dll
+ 2007-06-04 17:31:52 57,344 ----a-w C:\WINNT\system32\ActiveScan\pavsddl.dll
+ 2006-06-30 20:13:38 8,704 ----a-w C:\WINNT\system32\ActiveScan\pfdnnt.exe
+ 2004-02-04 20:08:42 49,152 ----a-w C:\WINNT\system32\ActiveScan\port32.dll
+ 2007-10-30 16:04:14 36,864 ----a-w C:\WINNT\system32\ActiveScan\Prescan.dll
+ 2006-08-01 19:23:10 69,632 ----a-w C:\WINNT\system32\ActiveScan\pscpu.dll
+ 2007-11-21 16:00:06 376,832 ----a-w C:\WINNT\system32\ActiveScan\pskahk.dll
+ 2007-10-31 19:05:06 32,768 ----a-w C:\WINNT\system32\ActiveScan\PSKAHKPRESCAN.dll
+ 2006-08-17 17:38:14 10,752 ----a-w C:\WINNT\system32\ActiveScan\pskalloc.dll
+ 2006-09-04 17:49:54 61,440 ----a-w C:\WINNT\system32\ActiveScan\pskas.dll
+ 2006-08-18 14:46:18 779,264 ----a-w C:\WINNT\system32\ActiveScan\pskavs.dll
+ 2007-03-26 20:25:34 417,792 ----a-w C:\WINNT\system32\ActiveScan\pskcmp.dll
+ 2006-08-09 16:42:24 90,112 ----a-w C:\WINNT\system32\ActiveScan\pskfss.dll
+ 2006-07-19 16:55:58 208,896 ----a-w C:\WINNT\system32\ActiveScan\pskhtml.dll
+ 2006-01-20 22:57:00 9,728 ----a-w C:\WINNT\system32\ActiveScan\pskmas.dll
+ 2006-05-17 15:50:12 14,336 ----a-w C:\WINNT\system32\ActiveScan\pskmdfs.dll
+ 2006-08-16 16:58:12 33,280 ----a-w C:\WINNT\system32\ActiveScan\pskpack.dll
+ 2006-06-30 20:42:36 266,240 ----a-w C:\WINNT\system32\ActiveScan\pskscs.dll
+ 2006-08-17 20:33:14 62,976 ----a-w C:\WINNT\system32\ActiveScan\pskutil.dll
+ 2006-08-08 19:13:10 13,312 ----a-w C:\WINNT\system32\ActiveScan\pskvfile.dll
+ 2006-08-18 14:53:08 69,632 ----a-w C:\WINNT\system32\ActiveScan\pskvfs.dll
+ 2006-08-18 14:49:50 167,936 ----a-w C:\WINNT\system32\ActiveScan\pskvm.dll
+ 2007-10-18 15:30:16 105,472 ----a-w C:\WINNT\system32\ActiveScan\psnahk.dll
+ 2007-11-23 20:29:08 10,752 ----a-w C:\WINNT\system32\ActiveScan\psndsk.dll
+ 2007-10-18 15:30:38 42,496 ----a-w C:\WINNT\system32\ActiveScan\psnflg.dll
+ 2007-10-30 17:19:22 98,304 ----a-w C:\WINNT\system32\ActiveScan\psnglknt.dll
+ 2007-08-22 14:52:00 20,272 ----a-w C:\WINNT\system32\ActiveScan\psnhsh.dll
+ 2007-11-12 21:49:34 11,776 ----a-w C:\WINNT\system32\ActiveScan\psnjidsign.dll
+ 2007-08-22 14:52:04 76,080 ----a-w C:\WINNT\system32\ActiveScan\psnkrnl.dll
+ 2007-08-22 14:52:06 21,296 ----a-w C:\WINNT\system32\ActiveScan\psnmem.dll
+ 2007-10-04 21:26:28 28,672 ----a-w C:\WINNT\system32\ActiveScan\PsnPen.dll
+ 2007-10-23 17:40:10 86,016 ----a-w C:\WINNT\system32\ActiveScan\psntuc.dll
+ 2007-05-24 17:27:36 27,136 ----a-w C:\WINNT\system32\ActiveScan\PSNXprs.dll
+ 2007-04-18 23:16:04 353,840 ----a-w C:\WINNT\system32\ActiveScan\psscan.dll
+ 2007-01-22 20:42:48 35,328 ----a-w C:\WINNT\system32\ActiveScan\rawvfile.dll
+ 2007-06-08 15:44:36 8,576 ----a-w C:\WINNT\system32\ActiveScan\RKPavProc.sys
+ 2007-06-05 16:56:40 44,928 ----a-w C:\WINNT\system32\ActiveScan\sdthook.sys
+ 1997-09-18 12:12:32 9,488 ----a-w C:\WINNT\system32\ActiveScan\sporder.dll
+ 2006-02-28 23:23:40 69,632 ----a-w C:\WINNT\system32\ActiveScan\tcpvfile.dll
+ 2007-09-17 15:14:08 126,976 ----a-w C:\WINNT\system32\ActiveScan\Tucan.dll
+ 2006-08-02 18:39:06 73,728 ----a-w C:\WINNT\system32\asuninst.exe
- 2007-12-20 15:43:24 53,812 ----a-w C:\WINNT\system32\perfc009.dat
+ 2007-12-27 23:12:37 53,812 ----a-w C:\WINNT\system32\perfc009.dat
- 2007-12-20 15:43:24 383,584 ----a-w C:\WINNT\system32\perfh009.dat
+ 2007-12-27 23:12:37 383,584 ----a-w C:\WINNT\system32\perfh009.dat
- 2005-10-12 22:11:06 118,784 ----a-w C:\WINNT\system32\sirenacm.dll
+ 2007-01-19 18:53:04 51,056 ----a-w C:\WINNT\system32\sirenacm.dll
+ 2003-03-26 00:53:50 11,776 ----a-w C:\WINNT\system32\ZPORT4AS.dll
+ 2006-06-05 20:14:28 479,232 ----a-w C:\WINNT\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 20:14:28 548,864 ----a-w C:\WINNT\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 20:14:28 626,688 ----a-w C:\WINNT\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 01:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-02-22 19:50]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 10:27]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2004-08-04 01:00 C:\WINNT\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=%SystemRoot%\system32\umrinst\scripts\startup.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-439975060-858025054-1849977318-13833\Scripts\Logon\0\0]
"Script"=%ALLUSERSPROFILE%\scripts\logon.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-439975060-858025054-1849977318-13833\Scripts\Logon\0\1]
"Script"=userlogindesktop.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-439975060-858025054-1849977318-13833\Scripts\Logon\0\2]
"Script"=%ALLUSERSPROFILE%\scripts\calluserlogin.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-439975060-858025054-1849977318-2063\Scripts\Logon\0\0]
"Script"=%ALLUSERSPROFILE%\scripts\logon.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-439975060-858025054-1849977318-2063\Scripts\Logon\0\1]
"Script"=userlogindesktop.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-439975060-858025054-1849977318-2063\Scripts\Logon\0\2]
"Script"=%ALLUSERSPROFILE%\scripts\calluserlogin.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-439975060-858025054-1849977318-64530\Scripts\Logon\0\0]
"Script"=%ALLUSERSPROFILE%\scripts\logon.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-439975060-858025054-1849977318-64530\Scripts\Logon\0\1]
"Script"=userlogindesktop.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-439975060-858025054-1849977318-64530\Scripts\Logon\0\2]
"Script"=%ALLUSERSPROFILE%\scripts\calluserlogin.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-439975060-858025054-1849977318-64589\Scripts\Logon\0\0]
"Script"=%ALLUSERSPROFILE%\scripts\logon.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-439975060-858025054-1849977318-64589\Scripts\Logon\0\1]
"Script"=userlogindesktop.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-439975060-858025054-1849977318-64589\Scripts\Logon\0\2]
"Script"=%ALLUSERSPROFILE%\scripts\calluserlogin.cmd


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c740ef16-98b9-11dc-8ec6-001aa0c9ab82}]
\Shell\Auto\command - adp.exe
\Shell\AutoRun\command - C:\WINNT\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL adp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c740efc3-98b9-11dc-8ec6-001aa0c9ab82}]
\Shell\AutoRun\command - D:\LaunchU3.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 23:02:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-28 23:03:47 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-26 22:02
C:\ComboFix3.txt ... 2007-12-26 16:32
.
2007-12-18 21:02:35 --- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 23:09, on 2007-12-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Documents and Settings\bgtx5\Desktop\FIX\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mst.edu/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = managed.mst.edu
O17 - HKLM\Software\..\Telephony: DomainName = managed.mst.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = managed.mst.edu
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

Attached Files

	ComboFix.txt (16.0 KB, 1 views)
	hijackthis.txt (2.9 KB, 1 views)