shanbhar
2011-03-23, 06:52
When I run spy bot on my machine i get an error saying that "Win32.fraudload.edt" malware exists on my machine. Tried running spybot multiple times but the malware seems to come back.
Here is DDS.txt output:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by ramanaths at 21:00:44.67 on Tue 03/22/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.481 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Documents and Settings\All Users\Application Data\Rpcnet\Bin\rpcld.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Uvohea.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Microsoft Team Foundation Server 2008 Power Tools\TfsComProviderSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\DOCUME~1\RAMANA~1\LOCALS~1\Temp\Us6.exe
C:\WINDOWS\system32\dllhost.exe
\\?\c:\windows\microsoft.net\framework\v1.1.4322\aspnet_wp.exe
C:\DOCUME~1\RAMANA~1\LOCALS~1\Temp\Us0.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\notepad.exe
C:\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = https://support.yardi.com/clientcentral.asp
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [EPSON NX510 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifia.exe /fu "c:\windows\temp\E_S34C.tmp" /EF "HKCU"
uRun: [Google Update] "c:\documents and settings\ramanaths\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [A9YA3MI1CF] c:\docume~1\ramana~1\locals~1\temp\Us0.exe
uRun: [NtWqIVLZEWZU] c:\docume~1\ramana~1\locals~1\temp\Us3.exe
uRun: [C2MJB7NYRU] c:\docume~1\ramana~1\locals~1\temp\Us4.exe
uRun: [Knuwogufage] rundll32.exe "c:\windows\Undpox32.dll",Startup
uRunOnce: [SpybotDeletingB8770] command.com /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
uRunOnce: [SpybotDeletingD3217] cmd.exe /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
uRunOnce: [SpybotDeletingB7909] command.com /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
uRunOnce: [SpybotDeletingD7914] cmd.exe /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
uRunOnce: [SpybotDeletingB2843] command.com /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
uRunOnce: [SpybotDeletingD6463] cmd.exe /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
uRunOnce: [SpybotDeletingB1246] command.com /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
uRunOnce: [SpybotDeletingD1811] cmd.exe /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
uRunOnce: [SpybotDeletingB1450] command.com /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
uRunOnce: [SpybotDeletingD4646] cmd.exe /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
uRunOnce: [SpybotDeletingB4271] command.com /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
uRunOnce: [SpybotDeletingD2467] cmd.exe /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
uRunOnce: [SpybotDeletingB7794] command.com /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
uRunOnce: [SpybotDeletingD9210] cmd.exe /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
uRunOnce: [SpybotDeletingB5524] command.com /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
uRunOnce: [SpybotDeletingD7488] cmd.exe /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
uRunOnce: [SpybotDeletingB4848] command.com /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
uRunOnce: [SpybotDeletingD6059] cmd.exe /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
uRunOnce: [SpybotDeletingB6508] command.com /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
uRunOnce: [SpybotDeletingD4506] cmd.exe /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
uRunOnce: [SpybotDeletingB7674] command.com /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
uRunOnce: [SpybotDeletingD8818] cmd.exe /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
uRunOnce: [SpybotDeletingB8330] command.com /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
uRunOnce: [SpybotDeletingD3451] cmd.exe /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [AClntUsr] c:\program files\altiris\aclient\AClntUsr.EXE
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [SpybotDeletingA738] command.com /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
mRunOnce: [SpybotDeletingC6821] cmd.exe /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
mRunOnce: [SpybotDeletingA3293] command.com /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
mRunOnce: [SpybotDeletingC7874] cmd.exe /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
mRunOnce: [SpybotDeletingA4837] command.com /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
mRunOnce: [SpybotDeletingC9411] cmd.exe /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
mRunOnce: [SpybotDeletingA5173] command.com /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
mRunOnce: [SpybotDeletingC1980] cmd.exe /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
mRunOnce: [SpybotDeletingA1999] command.com /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
mRunOnce: [SpybotDeletingC6141] cmd.exe /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
mRunOnce: [SpybotDeletingA9362] command.com /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
mRunOnce: [SpybotDeletingC1745] cmd.exe /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
mRunOnce: [SpybotDeletingA7515] command.com /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
mRunOnce: [SpybotDeletingC9699] cmd.exe /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
mRunOnce: [SpybotDeletingA7414] command.com /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
mRunOnce: [SpybotDeletingC1239] cmd.exe /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
mRunOnce: [SpybotDeletingA2782] command.com /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
mRunOnce: [SpybotDeletingC6531] cmd.exe /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
mRunOnce: [SpybotDeletingA9808] command.com /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
mRunOnce: [SpybotDeletingC3340] cmd.exe /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
mRunOnce: [SpybotDeletingA1957] command.com /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
mRunOnce: [SpybotDeletingC2718] cmd.exe /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
mRunOnce: [SpybotDeletingA5289] command.com /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
mRunOnce: [SpybotDeletingC5712] cmd.exe /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: horizonbay.com\citrix
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www4.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {C53EE992-020F-40B8-A1B4-16518D8C7948} - hxxp://localhost/voyager600822pi5.1/ysiNetClientInstaller.CAB
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CED616F0-2859-4BF8-8538-9DAF544AF2CB} - hxxp://ysicash02/voyager600822pi5.1/ysiComm.CAB
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27LB/webex/ieatgpc.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-7-26 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-7-26 108392]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2009-5-27 202584]
R2 msftesql$SQL2005;SQL Server FullText Search (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2007-6-22 95592]
R2 MSSQL$SQL2005;SQL Server (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 rpcld;Remote Procedure Call (RPC) LD;c:\documents and settings\all users\application data\rpcnet\bin\rpcld.exe --> c:\documents and settings\all users\application data\rpcnet\bin\rpcld.exe [?]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-7-26 1831024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-1-16 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110322.020\NAVENG.SYS [2011-3-22 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110322.020\NAVEX15.SYS [2011-3-22 1360760]
R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-1-7 23888]
S3 MSOLAP$SQL2005;SQL Server Analysis Services (SQL2005);c:\program files\microsoft sql server\mssql.2\olap\bin\msmdsrv.exe [2009-5-27 14950232]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SQLAgent$SQL2005;SQL Server Agent (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\SQLAGENT90.EXE [2008-11-24 346976]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\microsoft visual studio 9.0\team tools\performance tools\VSPerfDrv90.sys [2007-9-4 55664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
.
=============== File Associations ===============
.
.txt=UltraEdit.txt
.
=============== Created Last 30 ================
.
2011-03-23 03:59:09 625664 ----a-w- C:\dds.scr
2011-03-23 03:14:36 102400 ----a-w- c:\docume~1\ramana~1\applic~1\microsoft\visualstudio\7.1\projectassemblies\xiws7keb01\YSI.BaseApp.dll
2011-03-23 03:14:31 364544 ----a-w- c:\docume~1\ramana~1\applic~1\microsoft\visualstudio\7.1\projectassemblies\y9akzq-r01\YSI.Controls.dll
2011-03-23 03:14:31 204800 ----a-w- c:\docume~1\ramana~1\applic~1\microsoft\visualstudio\7.1\projectassemblies\tv24yan201\YSI.Systems.dll
2011-03-23 03:14:30 102400 ----a-w- c:\docume~1\ramana~1\applic~1\microsoft\visualstudio\7.1\projectassemblies\wleppmw-01\YSI.BasePage.dll
2011-03-23 01:55:57 0 ----a-w- c:\windows\Mxudeca.bin
2011-03-23 01:55:48 -------- d-----w- c:\docume~1\ramana~1\locals~1\applic~1\{32F4AAA8-C119-4FF6-AB3F-A7A905544B97}
2011-03-23 01:52:42 108544 --sha-r- c:\windows\system32\wuauservr.dll
2011-03-23 01:52:41 140288 ----a-w- c:\windows\Uvohea.exe
2011-03-17 06:02:15 -------- d-----w- C:\ChartwellReportsPath
2011-03-16 20:03:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\UB-04 Software, Inc
2011-03-15 23:45:38 -------- d-----w- c:\program files\iPod
2011-03-15 23:45:35 -------- d-----w- c:\program files\iTunes
2011-03-15 23:37:53 -------- d-----w- c:\program files\Bonjour
2011-03-09 18:40:00 270848 -c----w- c:\windows\system32\dllcache\sbe.dll
2011-03-09 18:40:00 186880 -c----w- c:\windows\system32\dllcache\encdec.dll
.
==================== Find3M ====================
.
2011-03-23 01:59:35 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-03-23 01:59:32 57752 ----a-w- c:\windows\system32\rpcnet.dll
2011-02-18 23:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-11 17:27:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-11 17:27:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-07 18:20:15 72080 ----a-w- c:\documents and settings\ramanaths\g2mdlhlpx.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-16 09:16:58 57752 ------w- c:\windows\system32\rpcnet.exe
2011-01-16 09:14:47 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-25 22:36:22 11873890 ----a-w- C:\audacity-win-unicode-1.3.12.exe
.
============= FINISH: 21:03:17.15 ===============
I have also attached the "Attach.txt" output.
Here is DDS.txt output:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by ramanaths at 21:00:44.67 on Tue 03/22/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.481 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Documents and Settings\All Users\Application Data\Rpcnet\Bin\rpcld.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Uvohea.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Microsoft Team Foundation Server 2008 Power Tools\TfsComProviderSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\DOCUME~1\RAMANA~1\LOCALS~1\Temp\Us6.exe
C:\WINDOWS\system32\dllhost.exe
\\?\c:\windows\microsoft.net\framework\v1.1.4322\aspnet_wp.exe
C:\DOCUME~1\RAMANA~1\LOCALS~1\Temp\Us0.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\notepad.exe
C:\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = https://support.yardi.com/clientcentral.asp
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [EPSON NX510 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifia.exe /fu "c:\windows\temp\E_S34C.tmp" /EF "HKCU"
uRun: [Google Update] "c:\documents and settings\ramanaths\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [A9YA3MI1CF] c:\docume~1\ramana~1\locals~1\temp\Us0.exe
uRun: [NtWqIVLZEWZU] c:\docume~1\ramana~1\locals~1\temp\Us3.exe
uRun: [C2MJB7NYRU] c:\docume~1\ramana~1\locals~1\temp\Us4.exe
uRun: [Knuwogufage] rundll32.exe "c:\windows\Undpox32.dll",Startup
uRunOnce: [SpybotDeletingB8770] command.com /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
uRunOnce: [SpybotDeletingD3217] cmd.exe /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
uRunOnce: [SpybotDeletingB7909] command.com /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
uRunOnce: [SpybotDeletingD7914] cmd.exe /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
uRunOnce: [SpybotDeletingB2843] command.com /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
uRunOnce: [SpybotDeletingD6463] cmd.exe /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
uRunOnce: [SpybotDeletingB1246] command.com /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
uRunOnce: [SpybotDeletingD1811] cmd.exe /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
uRunOnce: [SpybotDeletingB1450] command.com /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
uRunOnce: [SpybotDeletingD4646] cmd.exe /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
uRunOnce: [SpybotDeletingB4271] command.com /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
uRunOnce: [SpybotDeletingD2467] cmd.exe /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
uRunOnce: [SpybotDeletingB7794] command.com /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
uRunOnce: [SpybotDeletingD9210] cmd.exe /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
uRunOnce: [SpybotDeletingB5524] command.com /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
uRunOnce: [SpybotDeletingD7488] cmd.exe /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
uRunOnce: [SpybotDeletingB4848] command.com /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
uRunOnce: [SpybotDeletingD6059] cmd.exe /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
uRunOnce: [SpybotDeletingB6508] command.com /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
uRunOnce: [SpybotDeletingD4506] cmd.exe /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
uRunOnce: [SpybotDeletingB7674] command.com /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
uRunOnce: [SpybotDeletingD8818] cmd.exe /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
uRunOnce: [SpybotDeletingB8330] command.com /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
uRunOnce: [SpybotDeletingD3451] cmd.exe /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [AClntUsr] c:\program files\altiris\aclient\AClntUsr.EXE
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [SpybotDeletingA738] command.com /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
mRunOnce: [SpybotDeletingC6821] cmd.exe /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
mRunOnce: [SpybotDeletingA3293] command.com /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
mRunOnce: [SpybotDeletingC7874] cmd.exe /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
mRunOnce: [SpybotDeletingA4837] command.com /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
mRunOnce: [SpybotDeletingC9411] cmd.exe /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
mRunOnce: [SpybotDeletingA5173] command.com /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
mRunOnce: [SpybotDeletingC1980] cmd.exe /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
mRunOnce: [SpybotDeletingA1999] command.com /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
mRunOnce: [SpybotDeletingC6141] cmd.exe /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
mRunOnce: [SpybotDeletingA9362] command.com /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
mRunOnce: [SpybotDeletingC1745] cmd.exe /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
mRunOnce: [SpybotDeletingA7515] command.com /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
mRunOnce: [SpybotDeletingC9699] cmd.exe /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
mRunOnce: [SpybotDeletingA7414] command.com /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
mRunOnce: [SpybotDeletingC1239] cmd.exe /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
mRunOnce: [SpybotDeletingA2782] command.com /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
mRunOnce: [SpybotDeletingC6531] cmd.exe /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
mRunOnce: [SpybotDeletingA9808] command.com /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
mRunOnce: [SpybotDeletingC3340] cmd.exe /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
mRunOnce: [SpybotDeletingA1957] command.com /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
mRunOnce: [SpybotDeletingC2718] cmd.exe /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
mRunOnce: [SpybotDeletingA5289] command.com /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
mRunOnce: [SpybotDeletingC5712] cmd.exe /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: horizonbay.com\citrix
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www4.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {C53EE992-020F-40B8-A1B4-16518D8C7948} - hxxp://localhost/voyager600822pi5.1/ysiNetClientInstaller.CAB
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CED616F0-2859-4BF8-8538-9DAF544AF2CB} - hxxp://ysicash02/voyager600822pi5.1/ysiComm.CAB
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27LB/webex/ieatgpc.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-7-26 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-7-26 108392]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2009-5-27 202584]
R2 msftesql$SQL2005;SQL Server FullText Search (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2007-6-22 95592]
R2 MSSQL$SQL2005;SQL Server (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 rpcld;Remote Procedure Call (RPC) LD;c:\documents and settings\all users\application data\rpcnet\bin\rpcld.exe --> c:\documents and settings\all users\application data\rpcnet\bin\rpcld.exe [?]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-7-26 1831024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-1-16 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110322.020\NAVENG.SYS [2011-3-22 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110322.020\NAVEX15.SYS [2011-3-22 1360760]
R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-1-7 23888]
S3 MSOLAP$SQL2005;SQL Server Analysis Services (SQL2005);c:\program files\microsoft sql server\mssql.2\olap\bin\msmdsrv.exe [2009-5-27 14950232]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SQLAgent$SQL2005;SQL Server Agent (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\SQLAGENT90.EXE [2008-11-24 346976]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\microsoft visual studio 9.0\team tools\performance tools\VSPerfDrv90.sys [2007-9-4 55664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
.
=============== File Associations ===============
.
.txt=UltraEdit.txt
.
=============== Created Last 30 ================
.
2011-03-23 03:59:09 625664 ----a-w- C:\dds.scr
2011-03-23 03:14:36 102400 ----a-w- c:\docume~1\ramana~1\applic~1\microsoft\visualstudio\7.1\projectassemblies\xiws7keb01\YSI.BaseApp.dll
2011-03-23 03:14:31 364544 ----a-w- c:\docume~1\ramana~1\applic~1\microsoft\visualstudio\7.1\projectassemblies\y9akzq-r01\YSI.Controls.dll
2011-03-23 03:14:31 204800 ----a-w- c:\docume~1\ramana~1\applic~1\microsoft\visualstudio\7.1\projectassemblies\tv24yan201\YSI.Systems.dll
2011-03-23 03:14:30 102400 ----a-w- c:\docume~1\ramana~1\applic~1\microsoft\visualstudio\7.1\projectassemblies\wleppmw-01\YSI.BasePage.dll
2011-03-23 01:55:57 0 ----a-w- c:\windows\Mxudeca.bin
2011-03-23 01:55:48 -------- d-----w- c:\docume~1\ramana~1\locals~1\applic~1\{32F4AAA8-C119-4FF6-AB3F-A7A905544B97}
2011-03-23 01:52:42 108544 --sha-r- c:\windows\system32\wuauservr.dll
2011-03-23 01:52:41 140288 ----a-w- c:\windows\Uvohea.exe
2011-03-17 06:02:15 -------- d-----w- C:\ChartwellReportsPath
2011-03-16 20:03:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\UB-04 Software, Inc
2011-03-15 23:45:38 -------- d-----w- c:\program files\iPod
2011-03-15 23:45:35 -------- d-----w- c:\program files\iTunes
2011-03-15 23:37:53 -------- d-----w- c:\program files\Bonjour
2011-03-09 18:40:00 270848 -c----w- c:\windows\system32\dllcache\sbe.dll
2011-03-09 18:40:00 186880 -c----w- c:\windows\system32\dllcache\encdec.dll
.
==================== Find3M ====================
.
2011-03-23 01:59:35 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-03-23 01:59:32 57752 ----a-w- c:\windows\system32\rpcnet.dll
2011-02-18 23:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-11 17:27:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-11 17:27:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-07 18:20:15 72080 ----a-w- c:\documents and settings\ramanaths\g2mdlhlpx.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-16 09:16:58 57752 ------w- c:\windows\system32\rpcnet.exe
2011-01-16 09:14:47 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-25 22:36:22 11873890 ----a-w- C:\audacity-win-unicode-1.3.12.exe
.
============= FINISH: 21:03:17.15 ===============
I have also attached the "Attach.txt" output.