ComboFix 09-02-06.04 - ttellamsetty 2009-02-07 20:30:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.669 [GMT -8:00]
Running from: c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\INSTALL.LOG
c:\windows\system32\AutoRun.inf
c:\windows\system32\bin
c:\windows\system32\bin\appletviewer.exe
c:\windows\system32\bin\apt.exe
c:\windows\system32\bin\beanreg.dll
c:\windows\system32\bin\extcheck.exe
c:\windows\system32\bin\HtmlConverter.exe
c:\windows\system32\bin\idlj.exe
c:\windows\system32\bin\jar.exe
c:\windows\system32\bin\jarsigner.exe
c:\windows\system32\bin\java.exe
c:\windows\system32\bin\javac.exe
c:\windows\system32\bin\javadoc.exe
c:\windows\system32\bin\javah.exe
c:\windows\system32\bin\javap.exe
c:\windows\system32\bin\javaw.exe
c:\windows\system32\bin\javaws.exe
c:\windows\system32\bin\jconsole.exe
c:\windows\system32\bin\jdb.exe
c:\windows\system32\bin\jps.exe
c:\windows\system32\bin\jstat.exe
c:\windows\system32\bin\jstatd.exe
c:\windows\system32\bin\keytool.exe
c:\windows\system32\bin\kinit.exe
c:\windows\system32\bin\klist.exe
c:\windows\system32\bin\ktab.exe
c:\windows\system32\bin\native2ascii.exe
c:\windows\system32\bin\orbd.exe
c:\windows\system32\bin\pack200.exe
c:\windows\system32\bin\packager.exe
c:\windows\system32\bin\policytool.exe
c:\windows\system32\bin\rmic.exe
c:\windows\system32\bin\rmid.exe
c:\windows\system32\bin\rmiregistry.exe
c:\windows\system32\bin\serialver.exe
c:\windows\system32\bin\servertool.exe
c:\windows\system32\bin\tnameserv.exe
c:\windows\system32\bin\unpack200.exe
c:\windows\system32\Cache
c:\windows\system32\drivers\core.cache.dsk
c:\windows\system32\drivers\RTL81399.sys
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekacunotklw.sys
c:\windows\system32\senekaaieclgiu.dat
c:\windows\system32\senekaguqoamkx.dll
c:\windows\system32\senekahptoyxoc.dll
c:\windows\system32\senekaqckjlljn.dll
c:\windows\system32\senekarydlqhcv.dat
c:\windows\system32\winlogon2.exe
c:\windows\system32\x13
c:\windows\system32\x13\VE2PIX5.exe
c:\windows\system32\Z55
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SENEKA
-------\Legacy_IPRIP
-------\Legacy_RTL81399
-------\Service_Iprip
-------\Service_RTL81399
((((((((((((((((((((((((( Files Created from 2009-01-08 to 2009-02-08 )))))))))))))))))))))))))))))))
.
2009-02-07 15:49 . 2009-02-07 16:05 250 --a------ c:\windows\gmer.ini
2009-02-07 04:20 . 2009-02-07 04:20
d-------- c:\program files\Trend Micro
2009-02-07 03:31 . 2009-02-07 03:31 d-------- c:\program files\CCleaner
2009-02-06 23:46 . 2009-02-06 23:46 d-------- c:\program files\Spybot - Search & Destroy
2009-02-06 23:46 . 2009-02-07 14:41 d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-06 22:15 . 2009-01-18 13:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-06 22:01 . 2009-02-06 22:01 d-------- c:\program files\Lavasoft
2009-02-06 22:01 . 2009-02-06 22:01 d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-05 15:48 . 2009-02-07 20:37 4 --a------ c:\windows\hswcpcjf
2009-02-05 13:39 . 2009-02-07 20:34 5,780 --a------ c:\windows\system32\PerfStringBackup.TMP
2009-02-05 13:01 . 2009-02-05 16:25 d-------- c:\program files\Spyware Doctor
2009-02-05 13:01 . 2009-02-05 16:23 d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-05 11:54 . 2009-02-06 15:01 d-------- c:\program files\Common Files\Symantec Shared
2009-02-05 11:53 . 2009-02-06 15:00 d-------- c:\program files\Norton Security Scan
2009-02-05 10:10 . 2009-02-05 10:10 d-------- c:\program files\WebShow
2009-02-05 10:00 . 2009-02-05 13:32 2,816 --a------ c:\windows\bqjovqpu
2009-02-05 04:56 . 2009-02-05 10:16 d-------- c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\cogad
2009-01-22 10:11 . 2009-01-22 10:11 d-------- C:\E-mail Templates
2009-01-19 08:19 . 2009-01-19 08:19 d-------- c:\program files\MediaRing
2009-01-19 08:19 . 2009-01-19 08:19 d-------- c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\MRTalk
2009-01-17 17:52 . 2009-01-18 04:57 41 --a------ C:\XMLFile.xml
2009-01-17 14:31 . 2009-01-21 01:43 d-------- c:\temp\mbdrm
2009-01-14 15:54 . 2009-01-14 15:54 d-------- c:\program files\iPod
2009-01-14 15:54 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-01-14 15:54 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-14 15:53 . 2009-01-14 15:54 d-------- c:\program files\iTunes
2009-01-14 15:53 . 2009-01-14 15:53 d-------- c:\program files\Bonjour
2009-01-14 15:53 . 2009-01-14 15:54 d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-14 15:52 . 2009-01-14 15:53 d-------- c:\program files\QuickTime
2009-01-14 15:52 . 2009-01-14 15:53 d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-14 15:50 . 2009-01-14 15:50 d-------- c:\program files\Apple Software Update
2009-01-14 15:49 . 2009-01-14 15:53 d-------- c:\program files\Common Files\Apple
2009-01-10 01:11 . 2009-01-10 01:11 d-------- c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\CustomSkinning.4CA416D5A48838FE3246D79BDAEAADBCE07FE38A.1
2009-01-09 11:50 . 2008-07-31 14:17 9,200 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-01-09 11:50 . 2008-07-31 14:17 9,072 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-01-09 11:49 . 2009-01-09 11:49 d-------- c:\windows\system32\IOSUBSYS
2009-01-08 21:00 . 2009-01-08 21:00 d-------- c:\documents and settings\ttellamsetty.MOBILECANDYDISH\EPF
2009-01-08 20:15 . 2009-01-09 01:09 d-------- C:\EclipsePluginsDownload
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-07 23:01 --------- d-----w c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\Animated Reminder
2009-02-06 00:25 --------- d-----w c:\program files\Google
2009-02-04 08:21 --------- d-----w c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\Skype
2009-02-04 00:05 --------- d-----w c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\skypePM
2009-02-01 04:36 --------- d-----w c:\program files\Notepad++
2009-01-31 00:19 --------- d-----w c:\program files\Veoh Networks
2009-01-27 09:36 --------- d-----w c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\Notepad++
2009-01-14 23:54 --------- d-----w c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\Apple Computer
2009-01-07 04:22 --------- d-----w c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\SlideShow.5053B52F8421333E4F8EAA31D21F585938ABC005.1
2009-01-01 22:27 --------- d-----w c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\FlickrFloater.ED10F73A91BD42FC132ECA2EE50E87E908E12FBD.1
2009-01-01 08:56 --------- d-----w c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\com.adobe.example.ImageDisplayProj
2009-01-01 01:47 --------- d-----w c:\program files\Yahoo!
2009-01-01 01:42 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-30 17:27 --------- d-----w c:\program files\Java
2008-12-30 16:20 --------- d-----w c:\program files\PicLensIE
2008-12-29 17:24 --------- d-----w c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\com.adobe.example.ImageSlideShow
2008-12-26 21:39 --------- d-----w c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\com.adobe.example.MyOwnProject
2008-12-26 03:21 --------- d-----w c:\program files\helloWorld
2008-12-25 03:09 --------- d-----w c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\Aptana
2008-12-25 03:05 --------- d-----w c:\program files\Aptana
2008-12-25 02:30 --------- d-----w c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\JottExpress.50E28EE2422BD0599F081C2408B1BFDDBEFC6B6B.1
2008-12-25 02:23 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-22 19:15 --------- d-----w c:\program files\Terracotta
2008-12-22 05:24 --------- d-----w c:\program files\MySQL
2008-12-22 05:24 --------- d-----w c:\documents and settings\All Users\Application Data\MySQL
2008-12-22 05:23 --------- d-----w c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\MySQL
2008-12-21 06:56 60,744 ----a-w c:\documents and settings\ttellamsetty.MOBILECANDYDISH\g2mdlhlpx.exe
2008-12-21 06:52 --------- d-----w c:\program files\Citrix
2008-12-20 07:14 185,835,023 ----a-w C:\JBossIDE-1.6.0.GA-Bundle-win32.zip
2008-12-19 22:57 --------- d-----w c:\program files\Skype
2008-12-19 22:57 --------- d-----w c:\program files\Common Files\Skype
2008-12-19 22:57 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-07-19 06:28 19 ----a-w c:\program files\input.properties
2008-02-02 21:13 14,292 ----a-w c:\program files\settings.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Sonic RecordNow!"="c:\program files\CCleaner\CCleaner.exe" [2009-01-20 1451248]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"Animated reminder"="c:\program files\Animated Reminder\ani_reminder.exe" [2007-05-09 1647104]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-09-10 98395]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 344064]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"WScheduler"="c:\progra~1\SYSTEM~1\WScheduler.exe" [2008-06-16 98304]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-07 32768]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
c:\documents and settings\ttellamsetty\Start Menu\Programs\Startup\
Nokia Connectivity Framework Lite.lnk - c:\nokia\Tools\Nokia_Connectivity_Framework\bin\NCFStart.exe [2008-02-03 28672]
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Start Menu\Programs\Startup\
MediaRing Talk.lnk - c:\program files\MediaRing\MediaRing Talk\mrtalk.exe [2008-10-22 3325952]
c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Start Menu\Programs\Startup\AutorunsDisabled
Nokia Connectivity Framework Lite.lnk - c:\nokia\Tools\Nokia_Connectivity_Framework\bin\NCFStart.exe [2008-02-03 28672]
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\binn\sqlmangr.exe [2008-02-24 69632]
WinZip Quick Pick.lnk - c:\myinstallations\WZQKPICK.EXE [2007-12-03 394856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 setuid
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^ttellamsetty.MOBILECANDYDISH^Start Menu^Programs^Startup^Update Center Client Tray.lnk]
path=c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Start Menu\Programs\Startup\Update Center Client Tray.lnk
backup=c:\windows\pss\Update Center Client Tray.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^ttellamsetty.MOBILECANDYDISH^Start Menu^Programs^Startup^YouTring.lnk]
path=c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Start Menu\Programs\Startup\YouTring.lnk
backup=c:\windows\pss\YouTring.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApacheTomcatMonitor]
--a------ 2008-01-28 14:39 98304 d:\tomcat6.0\bin\tomcat6w.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2009-01-20 08:00 1451248 c:\program files\CCleaner\CCleaner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-25 08:39 133104 c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jEdit Server]
--a------ 2007-12-13 23:57 135168 c:\windows\system32\javaw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 02:42 144784 c:\java\jre1.6.0_04\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-06-13 07:47 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
--a------ 2004-07-14 15:36 57344 c:\windows\system32\ICO.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Nokia\\Tools\\Nokia_Connectivity_Framework\\bin\\rendezvous.exe"=
"c:\\Nokia\\Tools\\Nokia_Connectivity_Framework\\bin\\phoneNumberRegistry.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Nokia\\Tools\\Nokia_Connectivity_Framework\\bin\\bluetoothDispatcher.exe"=
"c:\\MyInstallations\\Nokia\\Devices\\Nokia_6131_NFC_SDK_1_1\\bin\\emulator.exe"=
"c:\\MyInstallations\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Eclipse_builds\\EclipseEuropaJava\\eclipse.exe"=
"c:\\Java\\jdk1.6.0_04\\jre\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Java\\jdk1.6.0_04\\bin\\java.exe"=
"c:\\Java\\jdk1.6.0_04\\bin\\javaw.exe"=
"c:\\j2sdk1.4.2_13\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Eclipse_builds\\EclipseEuropaFullBundle\\eclipse.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Documents and Settings\\ttellamsetty.MOBILECANDYDISH\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\ttellamsetty.MOBILECANDYDISH\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Java\\jdk1.6.0_04\\jre\\bin\\javaw.exe"=
"c:\\Sun\\SDK\\jdk\\bin\\java.exe"=
"c:\\Sun\\AppServer\\mysql\\bin\\mysqld-nt.exe"=
"c:\\Program Files\\Aptana\\Aptana Studio\\jre\\bin\\javaw.exe"=
"c:\\Eclipse_builds\\EclipseEuropaJ2EE\\eclipse.exe"=
"c:\\Java\\jdk1.5.0_14\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jdk1.5.0_16\\bin\\javaw.exe"=
"c:\\Eclipse_builds\\Eclipse3.4GanyMede\\eclipse.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Adobe\\Flex Builder 3\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Java\\jre1.6.0_04\\bin\\javaw.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-06 64160]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2008-02-04 101528]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2008-04-22 43816]
R2 fsssvc;Windows Live OneCare Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2007-12-17 523816]
R2 MSSEARCH;Microsoft Search;c:\program files\Common Files\System\MSSearch\Bin\mssearch.exe [2000-07-12 73728]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-10-08 24652]
R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;c:\windows\system32\drivers\ncfvsbus.sys [2008-02-03 25088]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2008-02-04 24876]
S0 aylnlfdx;aylnlfdx;c:\windows\system32\drivers\phqghume.sys --> c:\windows\system32\drivers\phqghume.sys [?]
S0 bqjovqpu;bqjovqpu;c:\windows\system32\drivers\wfsjvulf.sys --> c:\windows\system32\drivers\wfsjvulf.sys [?]
S0 hswcpcjf;hswcpcjf;c:\windows\system32\drivers\hhxohxac.sys []
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
S3 AppServer9PE;SunJavaSystemAppserver9PE;c:\sun\SDK\lib\appservService.exe "\"c:\sun\SDK\bin\asadmin.bat\" start-domain --user admin domain1" "\"c:\sun\SDK\bin\asadmin.bat\" stop-domain domain1\" --> c:\sun\SDK\lib\appservService.exe \c:\sun\SDK\bin\asadmin.bat\ [?]
S3 ASMySQL;ASMySQL;c:\sun\AppServer\mysql\bin\mysqld-nt.exe --defaults-file=c:\sun\AppServer\mysql\mysql.ini ASMySQL --> c:\sun\AppServer\mysql\bin\mysqld-nt.exe --defaults-file=c:\sun\AppServer\mysql\mysql.ini ASMySQL [?]
S3 misalign;Data Misalignment Exception Kernel Driver;c:\windows\system32\drivers\misalign.sys [2008-02-03 8832]
S3 MSSQL$WALLETV1;MSSQL$WALLETV1;c:\progra~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe -sWALLETV1 --> c:\progra~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe -sWALLETV1 [?]
S3 SQLAgent$WALLETV1;SQLAgent$WALLETV1;c:\progra~1\MI6841~1\MSSQL$~1\binn\sqlagent.exe -i WALLETV1 --> c:\progra~1\MI6841~1\MSSQL$~1\binn\sqlagent.exe -i WALLETV1 [?]
S3 Tomcat6;Apache Tomcat;d:\tomcat6.0\bin\tomcat6.exe [2008-01-28 57344]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2008-12-20 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2008-12-20 500608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54effd07-a518-11dd-adbf-006073ed2f4c}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-02-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:34]
2009-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-02-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
2009-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2713597342-960583686-2948504062-1292.job
- c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-25 08:39]
2009-02-06 c:\windows\Tasks\Norton Security Scan for ttellamsetty.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
- - - - ORPHANS REMOVED - - - -
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5
Notify-wvUkIATL - wvUkIATL.dll
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{1C86808B-076C-462C-9B24-6B943453DA95} - c:\program files\iBit-Lab/SysTray.exe
IE: {{449DB14A-F988-4fd8-9361-F212D7B6414B} - c:\program files\CoolIris\CoolIrisPreferences.exe
DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.cooliris.com/shared/plinstll.cab
FF - ProfilePath - c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\Mozilla\Firefox\Profiles\uehz5cl7.default\
FF - prefs.js: browser.startup.homepage - chrome://fireclock/content/clock1/28.swf
FF - component: c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\Mozilla\Firefox\Profiles\uehz5cl7.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\Mozilla\Firefox\Profiles\uehz5cl7.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\Mozilla\Firefox\Profiles\uehz5cl7.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\java\jre1.6.0_04\bin\npjava11.dll
FF - plugin: c:\java\jre1.6.0_04\bin\npjava12.dll
FF - plugin: c:\java\jre1.6.0_04\bin\npjava13.dll
FF - plugin: c:\java\jre1.6.0_04\bin\npjava14.dll
FF - plugin: c:\java\jre1.6.0_04\bin\npjava32.dll
FF - plugin: c:\java\jre1.6.0_04\bin\npjpi160_04.dll
FF - plugin: c:\java\jre1.6.0_04\bin\npoji610.dll
FF - plugin: c:\myinstallations\VLC\npvlc.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 20:39:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\drivers\hhxohxac.sys 25088 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2713597342-960583686-2948504062-1292\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1372)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1428)
c:\windows\system32\setuid.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\CVSNT\cvslock.exe
c:\program files\CVSNT\cvsservice.exe
c:\program files\HPQ\shared\hpqwmi.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\msiexec.exe
c:\myinstallations\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\windows\system32\snmptrap.exe
c:\program files\Windows Live\installer\WLSetupSvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\HPQ\shared\HPQTOA~1.EXE
.
**************************************************************************
.
Completion time: 2009-02-07 20:48:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-08 04:47:50
Pre-Run: 32,961,134,592 bytes free
Post-Run: 32,847,044,608 bytes free
391 --- E O F --- 2009-01-14 16:33:23