Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please help me deleting smitfraud-c.coreservice

Started by angichiru , Feb 07 2009 06:38 AM

  • Please log in to reply

#1
angichiru
Posted 07 February 2009 - 06:38 AM

angichiru

    Member

  • Member
  • PipPip
  • 32 posts
Unable to delete smitfraud-c.coreservice trojan virus. I tried to delete "core.cache.dsk" from windows\system32\drivers\core.cache.dsk using spybot but it keeps on coming back and this is very irritating. I got this virus on my office laptop and i am unable to get rid of this. Please help me out to remove this virus.

BTW i did download hijackthis and ran the log file while i was trying to find a solution. Here is the hijack log file .


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:21:21 AM, on 2/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CVSNT\cvslock.exe
C:\Program Files\CVSNT\cvsservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\SYSTEM~1\WScheduler.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\V0230Mon.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Animated Reminder\ani_reminder.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\MediaRing\MediaRing Talk\mrtalk.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.micr...pdate?clid=1033
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CoolIrisIEHelperObject.CoolIrisIEBHO - {AD0BAB4B-212D-45D7-9E5B-CB1579132715} - C:\Program Files\CoolIris\CoolIrisIEHelperObject.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: JJFormBHO.CFormBHO - {DC5F9604-C6E2-47D0-8E0F-E60FCCB334C7} - C:\Program Files\iBit-Lab\JJFormBHO.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [WScheduler] C:\PROGRA~1\SYSTEM~1\WScheduler.exe /LOGON
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1999] cmd.exe /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3890] cmd.exe /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sonic RecordNow!] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Animated reminder] C:\Program Files\Animated Reminder\ani_reminder.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5" -"http://content-usa.c...fo3d;version=5"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3511] cmd.exe /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - Startup: AutorunsDisabled
O4 - Startup: MediaRing Talk.lnk = C:\Program Files\MediaRing\MediaRing Talk\mrtalk.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Cute Password Manager - {1C86808B-076C-462C-9B24-6B943453DA95} - C:\Program Files\iBit-Lab/SysTray.exe
O9 - Extra 'Tools' menuitem: Cute Password Manager - {1C86808B-076C-462C-9B24-6B943453DA95} - C:\Program Files\iBit-Lab/SysTray.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: CoolIris Preferences - {449DB14A-F988-4fd8-9361-F212D7B6414B} - C:\Program Files\CoolIris\CoolIrisPreferences.exe
O9 - Extra 'Tools' menuitem: CoolIris Preferences - {449DB14A-F988-4fd8-9361-F212D7B6414B} - C:\Program Files\CoolIris\CoolIrisPreferences.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.cooliris....ed/plinstll.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MobileCandyDish.local
O17 - HKLM\Software\..\Telephony: DomainName = MobileCandyDish.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MobileCandyDish.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MobileCandyDish.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: wvUkIATL - wvUkIATL.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: SunJavaSystemAppserver9PE (AppServer9PE) - Unknown owner - C:\Sun\SDK\lib\appservService.exe
O23 - Service: ASMySQL - Unknown owner - C:\Sun\AppServer\mysql\bin\mysqld-nt.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe
O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - D:\Tomcat6.0\bin\tomcat6.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 12930 bytes
  • 0

Advertisements

#2
kahdah
Posted 07 February 2009 - 06:55 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello angichiru

Welcome to G2Go. :)
=====================

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
================
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#3
angichiru
Posted 07 February 2009 - 05:59 PM

angichiru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi kahdah,
Thank you for your reply. I did follow your instructions and i run the scan using DDs script and GMER root scanner. Log files have been attached as a zip file.

Attached Files


Edited by angichiru, 07 February 2009 - 06:00 PM.

  • 0

#4
kahdah
Posted 07 February 2009 - 06:47 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
angichiru
Posted 07 February 2009 - 10:22 PM

angichiru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
adding scanned Gmer scanner log file..

Attached Files


  • 0

#6
angichiru
Posted 07 February 2009 - 11:06 PM

angichiru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I did follow your instructions to run combofix.exe and here is the log file for the combofix scan. I have one question. Combofix deleted some of the present files in system32 like java.exe. Will this affect the current configuration of the system. Please Can you let me know if there is any effect?

Also when ever i do google search for anything in firefox, all my results are going to redirected links and i am not able to have the search results as before. Here is the snapshot for two links from google search. Underlined links are original and bold ones are malicious links

class=g><h3 class=r><a href="http://en.wikipedia.org/wiki/Deadlock" class=l onmousedown="return clk(this.href,'','','res','1','')"><em>Deadlock</em> - Wikipedia, the free encyclopedia</a></h3><div class="s">Jan 27, 2009 <b>...</b> A <em>deadlock</em> is a situation wherein two or more competing actions are waiting for the other to finish, and thus neither ever does. <b>...</b><br><cite>en.wikipedia.org/wiki/<b>Deadlock</b> - 57k - </cite><span class=gl><a href="http://209.85.173.132/search?q=cache:-9h-JEXn7Q0J:en.wikipedia.org/wiki/Deadlock+deadlock&amp;hl=te&amp;ct=clnk&amp;cd=1&amp;gl=us&amp;client=firefox-a" onmousedown="return clk(this.href,'','','clnk','1','')">భద్రపరిచినది</a> - <a href="/search?hl=te&amp;client=firefox-a&amp;rls=org.mozilla:en-US:official&amp;hs=oB2&amp;q=related:en.wikipedia.org/wiki/Deadlock">పోలిన పేజీలు</a></span></div><!--n--><!--m--><li class=g><h3 class=r><a href="http://www.xdeadlockx.com/" class=l onmousedown="return clk(this.href,'','','res','2','')">The official <em>DEADLOCK</em> website !</a></h3><div class="s">Official site of the German metal band. News, tour dates, bio, pics, media, guestbook, contact and links.<br><cite>www.x<b>deadlock</b>x.com/ - 3k - </cite><span class=gl><a href="http://209.85.173.132/search?q=cache:hUuU_vMJabYJ:www.xdeadlockx.com/+deadlock&amp;hl=te&amp;ct=clnk&amp;cd=2&amp;gl=us&amp;client=firefox-a" onmousedown="return clk(this.href,'','','clnk','2','')">భద్రపరిచినది</a> - <a href="/search?hl=te&amp;client=firefox-a&amp;rls=org.mozilla:en-US:official&amp;hs=oB2&amp;q=related:www.xdeadlockx.com/">పోలిన పేజీలు</a></span></div>

Attached Files


Edited by angichiru, 07 February 2009 - 11:13 PM.

  • 0

#7
kahdah
Posted 08 February 2009 - 06:40 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts

Combofix deleted some of the present files in system32 like java.exe

Those are not real java files but they are malcious files in a completely different folder.
=======================================================
1. Open notepad and copy/paste the text in the codebox below into it:



http://www.geekstogo.com/forum/Please-help-me-deleting-smitfraud-c-coreservice-t228089.html

Driver::
hswcpcjf
bqjovqpu
aylnlfdx
Viewpoint Manager Service

Collect::
c:\windows\system32\drivers\hhxohxac.sys
c:\windows\system32\drivers\phqghume.sys
c:\windows\system32\drivers\wfsjvulf.sys
c:\windows\hswcpcjf

Folder::
c:\program files\Viewpoint
c:\windows\bqjovqpu
c:\windows\hswcpcjf
c:\documents and settings\ttellamsetty.MOBILECANDYDISH\Application Data\cogad
Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.
Note::
If Combofix fails to upload anything please do the following:
Go to Start > My Computer > C:\
Then Navigate to C:\Qoobox\Submit.zip

Click Here to upload the submit.zip please.
  • 0

#8
angichiru
Posted 08 February 2009 - 02:21 PM

angichiru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I din't find any submit zip file under specified location (c:\qoobox\submit.zip), but i found one under (c:\qoobox\quarantine\[4][email protected]) and uploaded file through bleeping computer.com link.

combofix log file named as "combofix_cfsscript_log.txt" can be found here

Attached Files


Edited by angichiru, 08 February 2009 - 02:30 PM.

  • 0

#9
kahdah
Posted 09 February 2009 - 06:55 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

http://www.geekstogo.com/forum/Please-help-me-deleting-smitfraud-c-coreservice-t228089.html#entry1454326

Collect::
c:\windows\system32\drivers\hhxohxac.sys

Folder::
c:\windows\bqjovqpu


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
=============
  • 0

#10
angichiru
Posted 09 February 2009 - 11:34 AM

angichiru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Here are the requeested log files.

Attached Files


Edited by angichiru, 09 February 2009 - 11:35 AM.

  • 0

Advertisements

#11
kahdah
Posted 10 February 2009 - 07:02 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - Startup: AutorunsDisabled
O20 - Winlogon Notify: wvUkIATL - C:\WINDOWS\
O24 - Desktop Component 0: (no name) - (no file)


Now click on Fix Checked and then close Hijackthis.
=============================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

#12
angichiru
Posted 10 February 2009 - 05:09 PM

angichiru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi Kadah,
Here is the log file contents from malwarebytes'Anti malware program.

Malwarebytes' Anti-Malware 1.33
Database version: 1742
Windows 5.1.2600 Service Pack 2

2009-02-10 14:56:46
mbam-log-2009-02-10 (14-56-46).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 595430
Time elapsed: 6 hour(s), 24 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\WebShow\WebShow.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\senekacunotklw.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekahptoyxoc.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekaqckjlljn.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\x13\VE2PIX5.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D47B32E3-3652-4411-93D8-4B1C75C50882}\RP356\A0065162.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D47B32E3-3652-4411-93D8-4B1C75C50882}\RP356\A0067161.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D47B32E3-3652-4411-93D8-4B1C75C50882}\RP356\A0067163.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D47B32E3-3652-4411-93D8-4B1C75C50882}\RP356\A0067164.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D47B32E3-3652-4411-93D8-4B1C75C50882}\RP356\A0067220.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Please let me know if i need more things to do.
  • 0

#13
kahdah
Posted 10 February 2009 - 10:04 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

#14
angichiru
Posted 11 February 2009 - 01:40 AM

angichiru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi Kadah,
Here is the output of OTListIt2.

FileName : OTListIt.txt

OTListIt logfile created on: 2009-02-10 23:19:27 - Run
OTListIt2 by OldTimer - Version 2.0.0.10 Folder = C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

1022.17 Mb Total Physical Memory | 628.68 Mb Available Physical Memory | 61.50% Memory free
2.46 Gb Paging File | 2.21 Gb Available in Paging File | 89.60% Paging File free
Paging file location(s): C:\pagefile.sys 1600 4096;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.32 Gb Total Space | 30.39 Gb Free Space | 40.88% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 55.15 Gb Free Space | 74.00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCD-38265253861
Current User Name: ttellamsetty
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005-09-27 22:40:00 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006-07-05 15:19:26 | 00,058,368 | ---- | M] () -- C:\Program Files\CVSNT\cvslock.exe
PRC - [2006-07-05 15:19:26 | 00,037,888 | ---- | M] (March Hare Software Ltd) -- C:\Program Files\CVSNT\cvsservice.exe
PRC - [2007-12-17 10:13:18 | 00,523,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe
PRC - [2004-07-27 15:25:24 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\shared\hpqwmi.exe
PRC - [2004-08-04 04:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2007-09-27 11:10:02 | 00,230,672 | ---- | M] (SonicWALL, Inc.) -- C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
PRC - [2004-08-04 04:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2006-11-20 00:42:45 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2004-08-04 04:00:00 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmptrap.exe
PRC - [2007-10-25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe
PRC - [2000-07-12 17:44:20 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
PRC - [2004-08-04 04:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2004-08-04 04:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2005-09-27 22:40:00 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2007-06-13 02:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-09-15 02:27:20 | 01,015,808 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005-12-13 16:45:58 | 00,507,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005-09-27 21:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2002-03-19 16:30:00 | 00,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
PRC - [2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
PRC - [2006-09-07 01:01:00 | 00,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0230Mon.exe
PRC - [2004-09-17 16:19:42 | 00,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2005-12-08 13:45:12 | 00,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2009-02-10 23:14:38 | 00,488,960 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\OTListIt2.exe
PRC - [2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe

========== Win32 Services (SafeList) ==========

SRV - [2006-08-16 03:58:05 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\6to4svc.dll -- (6to4 [Auto | Running])
SRV - [2008-11-07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [On_Demand | Stopped])
SRV - [2008-12-21 12:37:23 | 00,026,821 | ---- | M] () -- C:\Sun\SDK\lib\appservService.exe -- (AppServer9PE [On_Demand | Stopped])
SRV - [2008-12-21 15:14:28 | 05,750,784 | ---- | M] () -- C:\Sun\AppServer\mysql\bin\mysqld-nt.exe -- (ASMySQL [On_Demand | Stopped])
SRV - [2007-10-24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005-09-27 22:40:00 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008-08-29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [On_Demand | Stopped])
SRV - [2007-10-24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006-07-05 15:19:26 | 00,058,368 | ---- | M] () -- C:\Program Files\CVSNT\cvslock.exe -- (cvslock [Auto | Running])
SRV - [2006-07-05 15:19:26 | 00,037,888 | ---- | M] (March Hare Software Ltd) -- C:\Program Files\CVSNT\cvsservice.exe -- (cvsnt [Auto | Running])
SRV - [2007-12-17 10:13:18 | 00,523,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [Auto | Running])
SRV - [2009-02-05 12:45:47 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004-08-04 04:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007-03-12 02:35:02 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [Auto | Running])
SRV - [2004-07-27 15:25:24 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\shared\hpqwmi.exe -- (hpqwmi [Auto | Running])
SRV - [2004-08-04 04:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running])
SRV - [2008-11-20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009-01-18 13:34:37 | 00,921,936 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Stopped])
SRV - [2004-08-04 04:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])
SRV - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004-08-04 04:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc [Auto | Running])
SRV - [2000-07-12 17:44:20 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH [Auto | Running])
SRV - [2000-08-06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$WALLETV1\Binn\sqlservr.exe -- (MSSQL$WALLETV1 [On_Demand | Stopped])
SRV - [2000-08-06 01:50:18 | 00,065,602 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2008-11-15 05:53:14 | 06,447,744 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe -- (MySQL [On_Demand | Stopped])
SRV - [2006-11-08 15:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2003-07-28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004-08-04 04:00:00 | 00,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc [On_Demand | Stopped])
SRV - [2004-08-04 04:00:00 | 00,526,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\p2psvc.dll -- (p2pimsvc [On_Demand | Stopped])
SRV - [2004-08-04 04:00:00 | 00,526,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\p2psvc.dll -- (p2psvc [On_Demand | Stopped])
SRV - [2006-11-08 15:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2004-08-04 04:00:00 | 00,526,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\p2psvc.dll -- (PNRPSvc [On_Demand | Stopped])
SRV - [2007-09-27 11:10:02 | 00,230,672 | ---- | M] (SonicWALL, Inc.) -- C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -- (RampartSvc [Auto | Running])
SRV - [2004-08-04 04:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp [Auto | Running])
SRV - [2004-08-04 04:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
SRV - [2006-11-20 00:42:45 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe -- (SNMP [Auto | Running])
SRV - [2004-08-04 04:00:00 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmptrap.exe -- (SNMPTRAP [Auto | Running])
SRV - [2000-08-06 01:50:18 | 00,303,170 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$WALLETV1\Binn\sqlagent.exe -- (SQLAgent$WALLETV1 [On_Demand | Stopped])
SRV - [2008-01-28 14:39:38 | 00,057,344 | ---- | M] (Apache Software Foundation) -- D:\Tomcat6.0\bin\tomcat6.exe -- (Tomcat6 [On_Demand | Stopped])
SRV - [2007-10-18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2004-08-04 04:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running])
SRV - [2007-10-25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2005-09-27 22:46:00 | 01,345,536 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2006-10-12 23:26:56 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
DRV - [2005-08-01 17:58:00 | 00,038,016 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD [On_Demand | Running])
DRV - [2005-08-01 18:00:00 | 00,349,312 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA [On_Demand | Running])
DRV - [2007-07-09 17:40:52 | 00,128,144 | R--- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE [On_Demand | Running])
DRV - [2004-08-17 03:21:00 | 00,087,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2004-07-14 02:56:00 | 00,040,448 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2004-04-14 08:36:50 | 00,007,432 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr [System | Running])
DRV - [2003-06-06 12:46:16 | 00,005,220 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb [On_Demand | Stopped])
DRV - [2007-10-17 12:53:16 | 00,043,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fssfltr.sys -- (fssfltr [Auto | Running])
DRV - [2008-04-17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2007-03-08 11:20:48 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2007-03-08 11:20:49 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2007-03-08 11:20:50 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2003-09-10 23:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])
DRV - [2004-08-03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
DRV - [2009-01-18 13:30:13 | 00,064,160 | ---- | M] () -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2007-12-18 21:01:02 | 00,008,832 | ---- | M] (QUALCOMM Incorporated.) -- C:\WINDOWS\system32\drivers\misalign.sys -- (misalign [On_Demand | Stopped])
DRV - [2004-11-26 01:15:06 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ncfvsbus.sys -- (ncfvsbus [On_Demand | Running])
DRV - [2003-09-19 01:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
DRV - [2004-08-04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008-07-31 14:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007-09-27 14:49:50 | 00,101,528 | ---- | M] (SonicWALL, Inc.) -- C:\WINDOWS\system32\drivers\RCFOX.SYS -- (RCFOX [System | Running])
DRV - [2005-11-08 08:58:20 | 00,024,876 | ---- | M] (SonicWALL, Inc.) -- C:\WINDOWS\system32\drivers\rcvpn.sys -- (rcvpn [On_Demand | Running])
DRV - [2004-08-03 14:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Running])
DRV - [2004-08-04 04:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
DRV - [2007-11-13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004-07-14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2004-07-14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2001-08-17 12:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2007-09-15 02:09:44 | 00,213,696 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008-06-20 01:52:06 | 00,225,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6 [System | Running])
DRV - [2004-08-03 01:05:00 | 00,025,723 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2004-08-03 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2004-08-03 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2004-08-03 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2004-08-03 01:05:00 | 00,086,138 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2004-08-03 01:05:00 | 00,014,715 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2004-08-03 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2004-08-03 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2004-08-03 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2006-07-06 13:44:10 | 00,168,448 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2004-08-04 04:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Running])
DRV - [2006-03-24 01:00:00 | 00,006,272 | ---- | M] (EyePower Games Pte. Ltd.) -- C:\WINDOWS\system32\drivers\V0230Vfx.sys -- (V0230Vfx [On_Demand | Stopped])
DRV - [2006-11-20 01:02:00 | 00,500,608 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\V0230VID.sys -- (V0230VID [On_Demand | Stopped])
DRV - [2004-08-03 15:07:42 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live OneCare Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CoolIrisIEHelperObject.CoolIrisIEBHO) - {AD0BAB4B-212D-45D7-9E5B-CB1579132715} - C:\Program Files\CoolIris\CoolIrisIEHelperObject.dll (Cooliris)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O2 - BHO: (JJFormBHO.CFormBHO) - {DC5F9604-C6E2-47D0-8E0F-E60FCCB334C7} - C:\Program Files\iBit-Lab\JJFormBHO.dll (iBit-Lab)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart (Google)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [WScheduler] C:\PROGRA~1\SYSTEM~1\WScheduler.exe /LOGON ()
O4 - HKCU..\Run: [Animated reminder] C:\Program Files\Animated Reminder\ani_reminder.exe (NiceKit Software)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Sonic RecordNow!] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO (Piriform Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2008-02-16 01:20:05 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Start Menu\Programs\Startup\MediaRing Talk.lnk = C:\Program Files\MediaRing\MediaRing Talk\mrtalk.exe (MediaRing Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Cute Password Manager - {1C86808B-076C-462C-9B24-6B943453DA95} - C:\Program Files\iBit-Lab [2008-04-19 20:58:07 00,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Cute Password Manager - {1C86808B-076C-462C-9B24-6B943453DA95} - C:\Program Files\iBit-Lab [2008-04-19 20:58:07 00,000,000 | ---D | M]
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: CoolIris Preferences - {449DB14A-F988-4fd8-9361-F212D7B6414B} - C:\Program Files\CoolIris\CoolIrisPreferences.exe (Cooliris)
O9 - Extra 'Tools' menuitem : CoolIris Preferences - {449DB14A-F988-4fd8-9361-F212D7B6414B} - C:\Program Files\CoolIris\CoolIrisPreferences.exe (Cooliris)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [PNRP Cloud Namespace Provider] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [PNRP Name Namespace Provider] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_13)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.cooliris....ed/plinstll.cab (Reg Error: Value error.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\wvUkIATL: DllName - Reg Error: Value error. - File not found
O24 - Desktop Components:0 () -
O30 - LSA: Authentication Packages - (setuid) - C:\WINDOWS\system32\setuid.dll (March-Hare Software Ltd)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-02-02 07:46:06 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005-05-02 16:00:46 | 00,000,000 | ---- | M] () - X:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{54effd07-a518-11dd-adbf-006073ed2f4c}\Shell - "" = AutoRun
O33 - MountPoints2\{54effd07-a518-11dd-adbf-006073ed2f4c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{54effd07-a518-11dd-adbf-006073ed2f4c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009-02-10 23:14:38 | 00,488,960 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\OTListIt2.exe
[2009-02-10 20:35:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\attachments_2009_02_10
[2009-02-10 20:26:19 | 05,183,129 | ---- | C] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\attachments_2009_02_10.zip
[2009-02-10 17:47:35 | 00,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Toad for SQL Server 4.1 Trial.lnk
[2009-02-10 17:47:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Quest Software
[2009-02-10 17:27:11 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\~$aze Mobile Wallet API Specs1.doc
[2009-02-10 17:19:27 | 02,919,117 | R--- | C] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\ComboFix.exe
[2009-02-10 17:19:27 | 02,737,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\mbam-setup.exe
[2009-02-10 17:19:27 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\HJTInstall.exe
[2009-02-10 08:30:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Application Data\Malwarebytes
[2009-02-10 08:30:38 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-02-10 08:30:38 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009-02-10 08:30:36 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-02-10 08:30:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-02-10 08:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009-02-10 07:05:54 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009-02-09 23:47:26 | 00,000,922 | ---- | C] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\customer_information
[2009-02-08 11:43:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\My Documents\Aptana Studio
[2009-02-08 08:13:28 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009-02-08 08:13:21 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009-02-08 08:13:16 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009-02-07 20:24:14 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-02-07 20:24:14 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-02-07 20:24:14 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-02-07 20:24:14 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-02-07 20:24:14 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009-02-07 20:24:14 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-02-07 20:24:14 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-02-07 20:24:14 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009-02-07 20:24:14 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-02-07 20:24:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-02-07 20:24:08 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-02-07 15:49:13 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009-02-07 15:49:12 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009-02-07 15:49:12 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009-02-07 15:49:12 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009-02-07 15:49:12 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009-02-07 15:47:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\gmer
[2009-02-07 04:20:55 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-02-07 03:31:16 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009-02-06 23:46:29 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009-02-06 23:46:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009-02-06 22:17:14 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009-02-06 22:15:58 | 00,064,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009-02-06 22:01:42 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009-02-06 22:01:32 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009-02-05 13:01:24 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009-02-05 13:01:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009-02-05 12:58:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Application Data\Google
[2009-02-05 12:47:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009-02-05 11:58:40 | 00,176,640 | ---- | C] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\Malware Removal Starter Kit.doc
[2009-02-05 11:54:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009-02-05 11:53:55 | 00,000,422 | ---- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for ttellamsetty.job
[2009-02-05 11:53:33 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2009-02-05 10:10:54 | 00,000,000 | ---D | C] -- C:\Program Files\WebShow
[2009-02-05 10:00:07 | 00,002,816 | ---- | C] () -- C:\WINDOWS\bqjovqpu
[2009-02-05 04:55:38 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Local Settings\Application Data\.#
[2009-02-05 04:06:15 | 00,000,067 | ---- | C] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\new 2
[2009-02-04 10:47:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\commons-attributes-compiler
[2009-02-03 20:38:28 | 00,942,078 | ---- | C] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\air india e tkt 001.jpg
[2009-02-03 17:37:29 | 00,002,883 | ---- | C] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\bookmarks.xml
[2009-01-31 20:08:14 | 00,012,729 | ---- | C] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\mysample_html.html
[2009-01-30 11:04:23 | 00,076,288 | ---- | C] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\Resume_Trinadh.doc
[2009-01-27 01:49:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\ScrollPastEOF.1.0
[2009-01-27 01:49:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\LightExplorer_1_6_dll
[2009-01-27 01:49:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\NppLogPlugin.v1.0.dll
[2009-01-26 12:15:56 | 02,209,280 | ---- | C] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\Blaze Mobile Wallet API Specs1.doc
[2009-01-26 11:44:27 | 00,138,878 | ---- | C] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\Network Drawing with Preprod-v1.0.jpg
[2009-01-26 11:41:35 | 00,119,296 | ---- | C] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\MCD Server Environment-20061110-v1.0.vsd
[2009-01-22 10:32:58 | 00,125,952 | ---- | C] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\CarrierPortsforBlaze 20090121.xls
[2009-01-22 10:11:08 | 00,000,000 | ---D | C] -- C:\E-mail Templates
[2009-01-21 22:19:27 | 00,046,592 | ---- | C] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\BM Contact Sheet-January 21, 2009.doc
[2009-01-20 10:13:06 | 00,000,884 | ---- | C] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Start Menu\Programs\Startup\MediaRing Talk.lnk
[2009-01-20 02:57:41 | 00,005,839 | ---- | C] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\top10command_bkup
[2009-01-20 00:50:01 | 00,005,101 | ---- | C] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\EhCacheManager.class
[2009-01-20 00:50:01 | 00,000,792 | ---- | C] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\EhCacheInterface.class
[2009-01-19 13:55:11 | 00,076,288 | ---- | C] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\Resume_Trinadh1.doc
[2009-01-19 08:19:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Application Data\MRTalk
[2009-01-19 08:19:27 | 00,000,000 | ---D | C] -- C:\Program Files\MediaRing
[2009-01-19 00:07:39 | 00,071,168 | ---- | C] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\Resume_Trinadh_6yrs.doc
[2009-01-17 17:52:24 | 00,000,041 | ---- | C] () -- C:\XMLFile.xml
[2009-01-14 15:54:00 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009-01-14 15:53:53 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009-01-14 15:53:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009-01-14 15:53:29 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009-01-14 15:52:14 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009-01-14 15:52:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009-01-14 15:50:14 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009-01-14 15:49:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009-02-10 23:14:38 | 00,488,960 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\OTListIt2.exe
[2009-02-10 23:11:01 | 00,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009-02-10 22:56:46 | 00,001,166 | -H-- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\My Documents\Default.rdp
[2009-02-10 21:20:10 | 00,001,256 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2713597342-960583686-2948504062-1292.job
[2009-02-10 20:27:09 | 05,183,129 | ---- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\attachments_2009_02_10.zip
[2009-02-10 19:50:50 | 00,000,884 | ---- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Start Menu\Programs\Startup\MediaRing Talk.lnk
[2009-02-10 19:49:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-02-10 19:49:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-02-10 17:47:35 | 00,001,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Toad for SQL Server 4.1 Trial.lnk
[2009-02-10 17:27:11 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\~$aze Mobile Wallet API Specs1.doc
[2009-02-10 08:30:38 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009-02-10 08:19:15 | 00,000,588 | ---- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\My Documents\My Sharing Folders.lnk
[2009-02-10 07:10:34 | 02,737,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\mbam-setup.exe
[2009-02-09 23:52:33 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009-02-09 23:47:28 | 00,000,922 | ---- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\customer_information
[2009-02-09 15:05:56 | 00,000,422 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for ttellamsetty.job
[2009-02-09 08:59:32 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-02-09 08:59:22 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-02-09 08:49:05 | 02,919,117 | R--- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\ComboFix.exe
[2009-02-08 08:13:28 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009-02-07 16:05:11 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009-02-07 15:49:12 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009-02-07 15:49:12 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009-02-07 15:49:12 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009-02-07 04:19:51 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\HJTInstall.exe
[2009-02-07 03:27:03 | 00,000,536 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009-02-06 00:20:51 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009-02-06 00:20:50 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009-02-05 15:46:46 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009-02-05 15:46:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009-02-05 13:32:14 | 00,002,816 | ---- | M] () -- C:\WINDOWS\bqjovqpu
[2009-02-05 13:30:46 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009-02-05 13:30:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009-02-05 11:58:43 | 00,176,640 | ---- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\Malware Removal Starter Kit.doc
[2009-02-05 09:52:53 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009-02-05 09:52:53 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009-02-05 06:10:03 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009-02-05 06:10:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009-02-05 06:10:00 | 00,000,594 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-02-05 06:10:00 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009-02-05 05:58:19 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009-02-05 05:58:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009-02-05 05:12:02 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009-02-05 05:12:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009-02-05 05:00:33 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009-02-05 05:00:33 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009-02-05 04:06:15 | 00,000,067 | ---- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\new 2
[2009-02-04 03:47:23 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009-02-04 03:47:23 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009-02-04 00:29:38 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009-02-04 00:29:38 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009-02-03 20:38:34 | 00,942,078 | ---- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\air india e tkt 001.jpg
[2009-02-03 17:37:29 | 00,002,883 | ---- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\bookmarks.xml
[2009-02-02 04:59:40 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009-02-02 04:59:40 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009-01-31 20:25:00 | 00,012,729 | ---- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\mysample_html.html
[2009-01-31 18:07:16 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009-01-31 18:07:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009-01-31 09:49:08 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009-01-31 09:49:08 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009-01-31 08:32:15 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009-01-31 08:32:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009-01-30 15:21:36 | 00,076,288 | ---- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\Resume_Trinadh.doc
[2009-01-30 05:31:02 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009-01-30 05:31:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009-01-27 19:11:59 | 00,076,288 | ---- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\Resume_Trinadh1.doc
[2009-01-26 11:44:28 | 00,138,878 | ---- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\Network Drawing with Preprod-v1.0.jpg
[2009-01-26 11:41:30 | 00,119,296 | ---- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\MCD Server Environment-20061110-v1.0.vsd
[2009-01-22 11:51:46 | 00,125,952 | ---- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\CarrierPortsforBlaze 20090121.xls
[2009-01-21 23:44:03 | 02,209,280 | ---- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\Blaze Mobile Wallet API Specs1.doc
[2009-01-21 22:06:10 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\BM Contact Sheet-January 21, 2009.doc
[2009-01-20 02:57:41 | 00,005,839 | ---- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\top10command_bkup
[2009-01-20 00:35:00 | 00,005,101 | ---- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\EhCacheManager.class
[2009-01-20 00:35:00 | 00,000,792 | ---- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\EhCacheInterface.class
[2009-01-19 00:36:33 | 00,071,168 | ---- | M] () -- C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Desktop\Resume_Trinadh_6yrs.doc
[2009-01-18 13:30:13 | 00,064,160 | ---- | M] () -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009-01-18 04:57:46 | 00,000,041 | ---- | M] () -- C:\XMLFile.xml
[2009-01-14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-01-14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-01-14 15:50:17 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-01-14 13:18:13 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009-01-14 13:18:13 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009-01-14 08:49:07 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009-01-14 08:49:07 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009-01-14 00:32:27 | 00,000,268 | -H-- | M] () -- C:\sq
  • 0

#15
kahdah
Posted 11 February 2009 - 06:35 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi can you attach those files please.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP