Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32Trojan.TDSS Removal Help Please


  • Please log in to reply

#1
damnyouVirus

damnyouVirus

    New Member

  • Member
  • Pip
  • 2 posts
Hello All,

I have run TFC, System Restore, & Erunt succesfully.

I have dlded/run MalwareBytes Twice. The first time it removed 21/22 infections. It told me that it needs to remove C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot. So I rebooted. However, the computer frooze when it restart so I had to manual restart. It worked on the second restart. I decided to run malwarebytes again to see if the file had been removed. However, it had not. Also it noted an additional rootkit.trace which it removed when i told it remove object. (The trojan.agent didn't get removed on the second time either and I tried a restart to no avail which also again resulted in frozen computer/more frustration.)

This virus is also preventing me from opening my McAfee security center. Everytime i click to open it, the logo pops up but the securitycenter and the scanning facilities won't open. :S....

I ran Rootkit tracer and OTL. I have also listed the logs below. If anyone can offer advice on the next steps to take to rid this evil please let me know. Thanks and very much appreciated.

The logs:

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
C:\WINDOWS\msa.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\msa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

-------------------------------------------THat was log number 1 of MBAM, the second is below---------------

Malwarebytes' Anti-Malware 1.37
Database version: 2256
Windows 5.1.2600 Service Pack 3

6/9/2009 8:51:46 PM
mbam-log-2009-06-09 (20-51-46).txt

Scan type: Quick Scan
Objects scanned: 116691
Time elapsed: 7 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.

------------------------------------that was the 2nd, Rootkit Tracer is below----------------------------

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:89243 Mo/Free:522 Mo)
D:\ [Removable] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Tue 06/09/2009|21:07

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
---------- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
---------- C:\WINDOWS\system32\brsvc01a.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\brss01a.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Infor\Security\SystemsUnion.Security.Service.exe
---------- C:\WINDOWS\system32\Brmfrmps.exe
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\Program Files\McAfee\MPF\MPFSrv.exe
---------- C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
---------- C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
---------- C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZipm12.exe
---------- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
---------- C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
---------- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
---------- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
---------- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Infor\SunSystems\ssc\bin\ConnectServer.exe
---------- C:\Program Files\Infor\SunSystems\SessionManager.exe
---------- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
---------- C:\WINDOWS\system32\SearchIndexer.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
---------- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
---------- C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
---------- C:\Program Files\Apoint\Apoint.exe
---------- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
---------- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
---------- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
---------- C:\Program Files\Apoint\Apntex.exe
---------- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
---------- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
---------- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
---------- C:\Program Files\Protector Suite QL\menusw.exe
---------- C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
---------- C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
---------- C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
---------- C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
---------- C:\Program Files\Infor\Security\SULoginMonitor.exe
---------- C:\Program Files\PrinterOn Corporation\PrintWhere 3.5\pwcPrinterSelect.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
---------- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
---------- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
---------- C:\Program Files\WinZip\WZQKPICK.EXE
---------- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
---------- C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
---------- C:\WINDOWS\system32\wbem\unsecapp.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
---------- C:\WINDOWS\system32\taskmgr.exe
---------- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
---------- c:\program files\common files\mcafee\mna\mcnasvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
---------- C:\Program Files\Malwarebytes' Anti-Malware\malware.exe
---------- C:\WINDOWS\system32\NOTEPAD.EXE
---------- C:\WINDOWS\system32\SearchProtocolHost.exe
---------- C:\WINDOWS\system32\SearchFilterHost.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Tue 06/09/2009|21:08

----------------------\\ Scan completed at 21:08

------------------------------------------------Finally OTL is below--------------------------------------


OTL logfile created on: 6/9/2009 9:10:42 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Uday Maitra\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.75% Memory free
4.00 Gb Paging File | 3.80 Gb Available in Paging File | 95.10% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.15 Gb Total Space | 12.51 Gb Free Space | 14.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UDAY
Current User Name: Uday Maitra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
PRC - C:\WINDOWS\system32\brss01a.exe (brother Industries Ltd)
PRC - C:\Program Files\Infor\Security\SystemsUnion.Security.Service.exe (Infor)
PRC - C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZipm12.exe (HP)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Infor\SunSystems\ssc\bin\ConnectServer.exe (Systems Union Group)
PRC - C:\Program Files\Infor\SunSystems\SessionManager.exe (Infor Global Solutions Technology GmbH)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Protector Suite QL\menusw.exe (UPEK Inc.)
PRC - C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe (j2 Global Communications, Inc.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe (Google)
PRC - C:\Program Files\Sony\SonicStage\SSAAD.exe ()
PRC - C:\Program Files\Infor\Security\SULoginMonitor.exe (Infor)
PRC - C:\Program Files\PrinterOn Corporation\PrintWhere 3.5\pwcPrinterSelect.exe (PrinterOn Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Documents and Settings\Uday Maitra\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (2006 Systems Union Security Service [Auto | Running]) -- C:\Program Files\Infor\Security\SystemsUnion.Security.Service.exe (Infor)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (B-Service [On_Demand | Stopped]) -- C:\Documents and Settings\Uday Maitra\Application Data\Mikogo\B-Service.exe ()
SRV - (brmfrmps [Auto | Running]) -- C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.)
SRV - (Brother XP spl Service [Auto | Running]) -- C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
SRV - (CCITCP2 [On_Demand | Stopped]) -- C:\SunSystems4\UTILS\srvany.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND [Disabled | Stopped]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (EnterpriseManager51X15000 [Disabled | Stopped]) -- File not found
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment [On_Demand | Stopped]) -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Disabled | Stopped]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSCSPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (MsDtsServer100 [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe (Microsoft Corporation)
SRV - (MSSQL$MICROSOFTBCM [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLFDLauncher [On_Demand | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation)
SRV - (MSSQLSERVER [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper100 [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (MSSQLServerOLAPService [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe (Microsoft Corporation)
SRV - (msvsmon90 [Disabled | Stopped]) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Stopped]) -- File not found
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (OracleMTSRecoveryService [Disabled | Stopped]) -- C:\oracle\ora92\bin\omtsreco.exe (Oracle Corporation)
SRV - (OracleOraHome92Agent [Disabled | Stopped]) -- C:\oracle\ora92\bin\agntsrvc.exe (Oracle Corporation)
SRV - (OracleOraHome92ClientCache [Disabled | Stopped]) -- C:\oracle\ora92\BIN\ONRSD.EXE ()
SRV - (OracleOraHome92HTTPServer [Disabled | Stopped]) -- C:\oracle\ora92\Apache\Apache\apache.exe ()
SRV - (OracleOraHome92PagingServer [Disabled | Stopped]) -- C:\oracle\ora92 [2007/04/23 13:58:31 | 00,000,000 | ---D | M]
SRV - (OracleOraHome92SNMPPeerEncapsulator [Disabled | Stopped]) -- C:\oracle\ora92\BIN\ENCSVC.EXE ()
SRV - (OracleOraHome92SNMPPeerMasterAgent [Disabled | Stopped]) -- C:\oracle\ora92\BIN\AGNTSVC.EXE ()
SRV - (OracleOraHome92TNSListener [Disabled | Stopped]) -- C:\oracle\ora92\BIN\TNSLSNR.exe ()
SRV - (OracleServiceEINSIGHT [Disabled | Stopped]) -- c:\oracle\ora92\bin\ORACLE.EXE (Oracle Corporation)
SRV - (OracleServiceORCL [Disabled | Stopped]) -- c:\oracle\ora92\bin\ORACLE.EXE (Oracle Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PACSPTISVR [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (PALOServerService [Auto | Stopped]) -- File not found
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZipm12.exe (HP)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (ReportServer [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe (Microsoft Corporation)
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9 [Auto | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (RoxLiveShare9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (SQLAgent$MICROSOFTBCM [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (SQLBrowser [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLSERVERAGENT [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SSMASTER [On_Demand | Stopped]) -- C:\SunSystems4\UTILS\srvany.exe ()
SRV - (SSScsiSV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SunSystems Connect Server [Auto | Running]) -- C:\Program Files\Infor\SunSystems\ssc\bin\ConnectServer.exe (Systems Union Group)
SRV - (SunSystems Session Manager [Auto | Running]) -- C:\Program Files\Infor\SunSystems\SessionManager.exe (Infor Global Solutions Technology GmbH)
SRV - (Troy Encryption Service [Disabled | Stopped]) -- c:\program files\encryption service\encryptionservice.exe ( )
SRV - (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VAIO Event Service [Auto | Running]) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (Vcsw [On_Demand | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc [Auto | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw [Auto | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (WebrootSpySweeperService [Disabled | Stopped]) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.)
SRV - (WinVNC4 [Disabled | Stopped]) -- File not found
SRV - (WmcCds [Unknown | Stopped]) -- c:\program files\windows media connect\mswmccds.exe (Microsoft Corporation)
SRV - (WmcCdsLs [On_Demand | Stopped]) -- C:\Program Files\Windows Media Connect\mswmcls.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (akshasp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (brfilt [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\Brfilt.sys (Brother Industries Ltd.)
DRV - (BrSerWDM [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbScn [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\BrUsbScn.sys (Brother Industries Ltd.)
DRV - (CVirtA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA [Auto | Running]) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DMICall [System | Running]) -- C:\WINDOWS\system32\DRIVERS\DMICall.sys (Sony Corporation)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (FdRedir [Auto | Running]) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys (UPEK Inc.)
DRV - (FileDisk2 [Auto | Running]) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys (UPEK Inc.)
DRV - (Hardlock [Auto | Running]) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (Haspnt [Auto | Running]) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IFXTPM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS (Infineon Technologies AG)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mf [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mf.sys (Microsoft Corporation)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (Mvc25U870_VID_1262&PID_25FD [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\Mvc25U870.sys (Micro Vision Co.,Ltd)
DRV - (NEOFLTR_610_13103 [System | Running]) -- C:\WINDOWS\system32\Drivers\NEOFLTR_610_13103.SYS (Juniper Networks)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (PCASp50 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RimUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (RsFx0102 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RsFx0102.sys (Microsoft Corporation)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (shpf [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\shpf.sys (Sony Corporation)
DRV - (SNC [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SonyNC.sys (Sony Corporation)
DRV - (SonyImgF [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SonyImgF.sys (Sony Corporation)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (SPI [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SonyPI.sys (Sony Corporation)
DRV - (SSFS0509 [Boot | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0509.SYS (Webroot Software Inc (www.webroot.com))
DRV - (SSHRMD [Boot | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software Inc (www.webroot.com))
DRV - (SSIDRV [Boot | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software Inc (www.webroot.com))
DRV - (SSKBFD [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (TcUsb [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tcusb.sys (UPEK Inc.)
DRV - (ti21sony [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tosporte [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbd [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfbnp [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom [System | Running]) -- C:\WINDOWS\System32\Drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (Tosrfhid [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfnds [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (Tosrfusb [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (vsdatant [On_Demand | Stopped]) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (w39n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w39n51.sys (Intel® Corporation)
DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys (Marvell)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2009/06/07 13:10:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/20 19:32:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.12\Extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS\ [2009/02/01 18:23:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.12\Extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS\ [2009/05/27 23:30:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\COMPONENTS [2006/12/23 10:49:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\PLUGINS [2009/05/27 23:30:04 | 00,000,000 | ---D | M]

[2007/01/18 23:09:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Uday Maitra\Application Data\mozilla\Firefox\Profiles\r7rzkn9f.default\extensions
[2007/03/31 10:45:00 | 00,001,406 | ---- | M] () -- C:\Documents and Settings\Uday Maitra\Application Data\Mozilla\FireFox\Profiles\r7rzkn9f.default\searchplugins\siteadvisor.gif
[2007/03/31 10:45:00 | 00,000,276 | ---- | M] () -- C:\Documents and Settings\Uday Maitra\Application Data\Mozilla\FireFox\Profiles\r7rzkn9f.default\searchplugins\siteadvisor.src
[2009/06/09 11:51:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/01/18 23:00:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/02/01 18:23:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/15 14:01:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/09/07 09:11:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/09/02 23:49:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/02/01 18:23:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/02/01 18:22:49 | 00,061,038 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2009/02/01 18:22:49 | 00,049,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2009/02/01 18:22:50 | 00,166,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/02/01 18:23:05 | 00,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png
[2009/02/01 18:23:05 | 00,000,741 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src
[2009/02/01 18:23:05 | 00,001,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png
[2009/02/01 18:23:06 | 00,000,539 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src
[2009/02/01 18:23:06 | 00,000,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png
[2009/02/01 18:23:06 | 00,001,007 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src
[2009/02/01 18:23:06 | 00,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif
[2009/02/01 18:23:06 | 00,001,056 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src
[2009/02/01 18:23:06 | 00,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif
[2009/02/01 18:23:06 | 00,000,733 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2009/02/01 18:23:06 | 00,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
[2009/02/01 18:23:06 | 00,001,122 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe" (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe" (UPEK Inc.)
O4 - HKLM..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R (j2 Global Communications, Inc.)
O4 - HKLM..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" (Intel Corporation)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" (Sony Corporation)
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [PrinterOn Printer Select 3.5] C:\Program Files\PrinterOn Corporation\PrintWhere 3.5\pwcPrinterSelect.exe -NOUI (PrinterOn Corporation)
O4 - HKLM..\Run: [PrintWhere Router 3.5] C:\Program Files\PrinterOn Corporation\PrintWhere 3.5\pwcRoute.exe (PrinterOn Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe ()
O4 - HKLM..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" (Sony Corporation)
O4 - HKLM..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
O4 - HKLM..\Run: [SULoginMonitor] "C:\Program Files\Infor\Security\SULoginMonitor.exe" (Infor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" (Sony Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (Hewlett-Packard Company)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\malware.exe" /runcleanupscript (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk = C:\WINDOWS\Installer\{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}\Icon80951CEC.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Uday Maitra\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [Juniper Secure DNS (Top)] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [Juniper Secure DNS (Bottom)] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: java.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: swift.com ([service.sipn] https in Trusted sites)
O15 - HKCU\..Trusted Domains: validusre.bm ([connect] https in Trusted sites)
O15 - HKCU\..Trusted Domains: validusre.bm ([portal] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6105E6DE-B6B9-43C9-8629-7F3AD1E3800E} https://minuwet.uwat...uwetactivex.ocx (Minuwex Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_13)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://infor.webex....ort/ieatgpc.cab (GpcContainer Class)
O16 - DPF: CabBuilder http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - fusstub.dll - C:\WINDOWS\system32\fusstub.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\system32\VESWinlogon.dll (Sony Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\system32\WRLogonNTF.dll (Webroot Software, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/22 15:12:03 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{435b4bed-0886-11dc-bc40-0002c7e83566}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/09 20:39:00 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/06/09 21:09:25 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\UDAYMA~1\Desktop\OTL.exe
[2009/06/09 21:09:08 | 00,000,000 | ---D | C] -- C:\DOCUME~1\UDAYMA~1\Desktop\rooter log
[2009/06/09 21:07:51 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/09 21:07:33 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\UDAYMA~1\Desktop\Rooter.exe
[2009/06/09 20:51:56 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\yfqj.sys
[2009/06/09 20:08:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Uday Maitra\Application Data\Malwarebytes
[2009/06/09 19:58:33 | 00,000,713 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\malware.lnk
[2009/06/09 19:58:30 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/09 19:58:28 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/09 19:58:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/09 19:58:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/09 19:54:10 | 00,021,504 | ---- | C] (Doug Knox) -- C:\DOCUME~1\UDAYMA~1\Desktop\SysRestorePoint.exe
[2009/06/09 19:52:03 | 03,371,376 | ---- | C] (Malwarebytes Corporation ) -- C:\DOCUME~1\UDAYMA~1\Desktop\malware.exe
[2009/06/09 19:51:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/06/09 19:50:47 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\UDAYMA~1\Desktop\NTREGOPT.lnk
[2009/06/09 19:50:47 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\UDAYMA~1\Desktop\ERUNT.lnk
[2009/06/09 19:50:47 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/06/09 19:50:13 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\DOCUME~1\UDAYMA~1\Desktop\erunt_setup.exe
[2009/06/09 19:06:46 | 00,264,704 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\UDAYMA~1\Desktop\TFC.exe
[2009/06/09 18:48:37 | 03,021,373 | ---- | C] () -- C:\DOCUME~1\UDAYMA~1\Desktop\ComboFix.exe
[2009/06/09 18:32:34 | 03,072,054 | ---- | C] () -- C:\DOCUME~1\UDAYMA~1\Desktop\shot.bmp
[2009/06/09 11:41:11 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/06/09 10:19:51 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/06/09 10:19:35 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/06/09 10:14:31 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/06/09 10:14:27 | 00,000,867 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Ad-Aware.lnk
[2009/06/09 10:13:51 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/06/09 10:13:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/06/09 10:03:11 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/06/05 14:30:50 | 00,008,192 | -HS- | C] () -- C:\DOCUME~1\UDAYMA~1\Desktop\Thumbs.db
[2009/06/05 13:26:07 | 00,116,123 | ---- | C] () -- C:\DOCUME~1\UDAYMA~1\Desktop\Cheet.docx
[2009/06/04 20:11:42 | 00,102,729 | ---- | C] () -- C:\DOCUME~1\UDAYMA~1\Desktop\afm331_mid_term_2008_marking_key_callawa.pdf
[2009/06/04 20:10:39 | 00,127,370 | ---- | C] () -- C:\DOCUME~1\UDAYMA~1\Desktop\afm331_mid_term_2008_callaway_golf.pdf
[2009/06/03 12:18:24 | 03,512,876 | ---- | C] () -- C:\DOCUME~1\UDAYMA~1\Desktop\us_fsi_IM_ExchangeTradedFunds_May09[1].pdf
[2009/05/29 18:28:47 | 00,001,937 | ---- | C] () -- C:\DOCUME~1\UDAYMA~1\Desktop\Mikogo.lnk
[2009/05/29 18:28:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Uday Maitra\Application Data\Mikogo
[2009/05/27 23:29:52 | 00,001,604 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\QuickTime Player.lnk
[2009/05/27 23:29:26 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/05/27 23:29:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/05/27 23:27:42 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/27 23:27:36 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/05/27 23:27:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/05/26 11:32:39 | 00,000,000 | ---D | C] -- C:\DOCUME~1\UDAYMA~1\Desktop\Mcdonalds
[2009/05/26 00:11:43 | 00,047,523 | ---- | C] () -- C:\DOCUME~1\UDAYMA~1\Desktop\work-report-evaluaton-form-math SIGNED.pdf
[2009/05/25 22:29:39 | 00,000,000 | ---D | C] -- C:\DOCUME~1\UDAYMA~1\Desktop\Unused shortcuts
[2009/05/25 22:16:57 | 00,000,000 | R-SD | C] -- C:\DOCUME~1\UDAYMA~1\My Documents\My Safe
[2009/05/25 20:16:50 | 00,000,000 | ---D | C] -- C:\DOCUME~1\UDAYMA~1\Desktop\statements
[2009/05/25 13:24:06 | 00,026,575 | ---- | C] () -- C:\DOCUME~1\UDAYMA~1\Desktop\bearfish_fs.jpg
[2009/05/23 13:12:01 | 00,092,160 | ---- | C] () -- C:\DOCUME~1\UDAYMA~1\Desktop\Mcdonalds - all together FINAL.doc
[2009/05/22 21:38:13 | 00,136,656 | ---- | C] () -- C:\DOCUME~1\UDAYMA~1\Desktop\Telus.pdf
[2009/05/16 19:41:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Uday Maitra\Application Data\vlc
[2009/05/16 19:41:05 | 00,000,719 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\VLC media player.lnk
[2009/05/16 14:50:27 | 00,000,650 | ---- | C] () -- C:\DOCUME~1\UDAYMA~1\Desktop\PokerStove.lnk
[2009/05/16 14:50:27 | 00,000,000 | ---D | C] -- C:\Program Files\PokerStove
[2009/05/16 11:39:30 | 00,001,467 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Full Tilt Poker.lnk
[2009/05/16 11:39:30 | 00,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2009/05/12 11:42:10 | 00,001,796 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Choose A Printer 3.5.lnk
[2009/05/12 11:41:42 | 00,319,488 | ---- | C] (PrinterOn Corporation) -- C:\WINDOWS\System32\pwccpo35.dll
[2009/05/12 11:41:42 | 00,159,744 | ---- | C] (PrinterOn Corporation) -- C:\WINDOWS\System32\pwccln35.dll
[2009/05/12 11:41:35 | 00,000,000 | ---D | C] -- C:\Program Files\PrinterOn Corporation
[2009/05/12 09:28:12 | 00,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/05/12 09:28:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2009/05/11 21:32:21 | 00,040,493 | ---- | C] () -- C:\DOCUME~1\UDAYMA~1\Desktop\Report.docx
[2009/05/11 21:30:30 | 00,012,265 | ---- | C] () -- C:\DOCUME~1\UDAYMA~1\Desktop\Title_Page.docx
[2009/05/11 21:30:05 | 00,015,795 | ---- | C] () -- C:\DOCUME~1\UDAYMA~1\Desktop\Letter of Submital.docx
[2009/05/11 12:59:24 | 00,107,289 | ---- | C] () -- C:\DOCUME~1\UDAYMA~1\My Documents\work-report-evaluaton-form-math.pdf
[2009/02/02 13:43:57 | 00,598,016 | ---- | C] () -- C:\WINDOWS\System32\mainmediaqt.dll
[2009/02/02 00:04:01 | 00,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2009/02/01 23:52:35 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009/02/01 23:52:35 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/01 23:52:35 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009/02/01 23:52:35 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009/02/01 23:52:35 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2009/02/01 23:52:34 | 01,216,512 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/15 20:22:51 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/01/14 05:53:58 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/15 21:20:53 | 00,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2008/07/05 22:37:02 | 02,113,536 | ---- | C] () -- C:\WINDOWS\System32\python25.dll
[2008/07/05 22:37:02 | 00,327,680 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2008/07/05 22:37:02 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2008/01/19 15:41:38 | 00,000,066 | ---- | C] () -- C:\WINDOWS\System32\msremoval.ini
[2007/11/24 18:21:23 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\winetframework.dll
[2007/10/28 09:15:27 | 00,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2007/10/28 09:15:26 | 00,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/10/23 20:45:59 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/10/23 20:37:40 | 00,000,419 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2007/10/23 20:37:40 | 00,000,267 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2007/10/23 20:37:39 | 00,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/09/27 11:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/25 22:23:42 | 00,000,617 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/05/22 09:35:31 | 00,000,754 | ---- | C] () -- C:\WINDOWS\wordpad.INI
[2007/05/17 18:20:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vdoshell.INI
[2007/01/09 18:29:17 | 00,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2007/01/09 18:27:04 | 00,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/01/09 18:27:02 | 00,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/12/28 20:00:33 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/13 12:20:45 | 00,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2006/12/13 12:19:58 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2006/11/25 12:06:59 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/25 12:06:59 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/23 20:38:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2006/10/23 20:37:29 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2006/10/23 18:06:43 | 00,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2006/10/22 10:26:56 | 00,002,187 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2006/10/15 19:58:00 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll
[2006/10/15 11:01:11 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2006/10/10 13:39:21 | 00,000,081 | ---- | C] () -- C:\WINDOWS\navigationmanager.INI
[2006/10/09 11:47:10 | 00,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/06/09 04:08:50 | 00,002,158 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/06/09 03:49:55 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/06/09 03:48:45 | 00,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/09 03:48:20 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/06/09 03:48:20 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/06/09 03:48:20 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/06/09 03:48:20 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/06/09 03:48:20 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/06/09 03:48:20 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/06/09 03:38:25 | 00,000,750 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/22 20:18:56 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/22 19:53:33 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/22 19:37:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/03/22 18:21:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/03/22 15:28:59 | 00,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/22 13:56:50 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/22 13:56:43 | 00,000,758 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/03/22 13:56:32 | 00,001,005 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/03/22 13:56:30 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/11/01 21:53:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 17:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/23 00:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 20:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 17:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2002/06/12 15:21:12 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/06/27 02:24:00 | 00,000,260 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[1999/07/30 09:24:34 | 00,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini

========== Files - Modified Within 30 Days ==========

[2009/06/09 21:09:26 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\UDAYMA~1\Desktop\OTL.exe
[2009/06/09 21:07:36 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\UDAYMA~1\Desktop\Rooter.exe
[2009/06/09 21:05:43 | 00,053,105 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/06/09 20:51:56 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\yfqj.sys
[2009/06/09 20:38:17 | 00,000,713 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\malware.lnk
[2009/06/09 20:38:07 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/06/09 20:37:19 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/09 20:36:34 | 00,002,403 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk
[2009/06/09 20:35:35 | 00,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/06/09 20:32:50 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/06/09 20:32:44 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Uday Maitra\Local Settings\desktop.ini
[2009/06/09 20:32:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/09 20:32:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2009/06/09 20:32:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/09 20:32:32 | 21,454,39744 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/09 19:54:08 | 00,021,504 | ---- | M] (Doug Knox) -- C:\DOCUME~1\UDAYMA~1\Desktop\SysRestorePoint.exe
[2009/06/09 19:52:10 | 03,371,376 | ---- | M] (Malwarebytes Corporation ) -- C:\DOCUME~1\UDAYMA~1\Desktop\malware.exe
[2009/06/09 19:50:47 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\UDAYMA~1\Desktop\NTREGOPT.lnk
[2009/06/09 19:50:47 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\UDAYMA~1\Desktop\ERUNT.lnk
[2009/06/09 19:50:14 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\DOCUME~1\UDAYMA~1\Desktop\erunt_setup.exe
[2009/06/09 19:06:44 | 00,264,704 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\UDAYMA~1\Desktop\TFC.exe
[2009/06/09 18:48:45 | 03,021,373 | ---- | M] () -- C:\DOCUME~1\UDAYMA~1\Desktop\ComboFix.exe
[2009/06/09 18:32:36 | 03,072,054 | ---- | M] () -- C:\DOCUME~1\UDAYMA~1\Desktop\shot.bmp
[2009/06/09 10:19:51 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/06/09 10:19:03 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/06/09 10:18:52 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/06/09 10:14:27 | 00,000,867 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Ad-Aware.lnk
[2009/06/05 14:51:42 | 00,116,123 | ---- | M] () -- C:\DOCUME~1\UDAYMA~1\Desktop\Cheet.docx
[2009/06/05 14:30:54 | 00,008,192 | -HS- | M] () -- C:\DOCUME~1\UDAYMA~1\Desktop\Thumbs.db
[2009/06/04 20:11:42 | 00,102,729 | ---- | M] () -- C:\DOCUME~1\UDAYMA~1\Desktop\afm331_mid_term_2008_marking_key_callawa.pdf
[2009/06/04 20:10:39 | 00,127,370 | ---- | M] () -- C:\DOCUME~1\UDAYMA~1\Desktop\afm331_mid_term_2008_callaway_golf.pdf
[2009/06/03 12:18:35 | 03,512,876 | ---- | M] () -- C:\DOCUME~1\UDAYMA~1\Desktop\us_fsi_IM_ExchangeTradedFunds_May09[1].pdf
[2009/06/01 01:02:28 | 00,000,364 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/05/29 18:28:47 | 00,001,937 | ---- | M] () -- C:\DOCUME~1\UDAYMA~1\Desktop\Mikogo.lnk
[2009/05/29 17:16:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/27 23:29:52 | 00,001,604 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\QuickTime Player.lnk
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/26 00:11:43 | 00,047,523 | ---- | M] () -- C:\DOCUME~1\UDAYMA~1\Desktop\work-report-evaluaton-form-math SIGNED.pdf
[2009/05/25 21:06:28 | 00,012,265 | ---- | M] () -- C:\DOCUME~1\UDAYMA~1\Desktop\Title_Page.docx
[2009/05/25 12:58:02 | 00,026,575 | ---- | M] () -- C:\DOCUME~1\UDAYMA~1\Desktop\bearfish_fs.jpg
[2009/05/23 13:12:03 | 00,092,160 | ---- | M] () -- C:\DOCUME~1\UDAYMA~1\Desktop\Mcdonalds - all together FINAL.doc
[2009/05/22 21:38:14 | 00,136,656 | ---- | M] () -- C:\DOCUME~1\UDAYMA~1\Desktop\Telus.pdf
[2009/05/22 16:45:36 | 00,042,444 | ---- | M] () -- C:\DOCUME~1\UDAYMA~1\Desktop\Work_Term_Report.docx
[2009/05/16 19:41:05 | 00,000,719 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\VLC media player.lnk
[2009/05/16 14:50:27 | 00,000,650 | ---- | M] () -- C:\DOCUME~1\UDAYMA~1\Desktop\PokerStove.lnk
[2009/05/16 11:39:30 | 00,001,467 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Full Tilt Poker.lnk
[2009/05/15 01:23:26 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/05/13 10:11:23 | 00,712,806 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/13 10:11:23 | 00,588,418 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/13 10:11:23 | 00,129,126 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/12 11:42:10 | 00,001,796 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Choose A Printer 3.5.lnk
[2009/05/11 22:00:41 | 00,015,795 | ---- | M] () -- C:\DOCUME~1\UDAYMA~1\Desktop\Letter of Submital.docx
[2009/05/11 21:53:17 | 00,040,493 | ---- | M] () -- C:\DOCUME~1\UDAYMA~1\Desktop\Report.docx
[2009/05/11 12:59:24 | 00,107,289 | ---- | M] () -- C:\DOCUME~1\UDAYMA~1\My Documents\work-report-evaluaton-form-math.pdf
< End of report >

-------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 6/9/2009 9:10:42 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Uday Maitra\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.75% Memory free
4.00 Gb Paging File | 3.80 Gb Available in Paging File | 95.10% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.15 Gb Total Space | 12.51 Gb Free Space | 14.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UDAY
Current User Name: Uday Maitra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"49300:TCP" = 49300:TCP:*:Enabled:PrintWhere.49300
"49301:TCP" = 49301:TCP:*:Enabled:PrintWhere.49301
"49302:TCP" = 49302:TCP:*:Enabled:PrintWhere.49302
"49303:TCP" = 49303:TCP:*:Enabled:PrintWhere.49303
"49304:TCP" = 49304:TCP:*:Enabled:PrintWhere.49304
"50300:TCP" = 50300:TCP:*:Enabled:PrintWhere.50300
"50301:TCP" = 50301:TCP:*:Enabled:PrintWhere.50301
"50302:TCP" = 50302:TCP:*:Enabled:PrintWhere.50302
"50303:TCP" = 50303:TCP:*:Enabled:PrintWhere.50303
"50304:TCP" = 50304:TCP:*:Enabled:PrintWhere.50304
"48300:TCP" = 48300:TCP:*:Enabled:PrintWhere.48300
"48301:TCP" = 48301:TCP:*:Enabled:PrintWhere.48301
"48302:TCP" = 48302:TCP:*:Enabled:PrintWhere.48302
"48303:TCP" = 48303:TCP:*:Enabled:PrintWhere.48303
"48304:TCP" = 48304:TCP:*:Enabled:PrintWhere.48304

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) File not found
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\SunSystems\ssc\Bin\Serialise.exe:*:Enabled:Serialise File not found
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon File not found
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed File not found
C:\Program Files\Common Files\AOL\1149839130\ee\AOLServiceHost.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL File not found
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy (Juniper Networks)
C:\Program Files\SunSystems\ssc\Bin\SSJvm.exe:*:Enabled:SSJvm File not found
C:\Program Files\Infor\SunSystems\ssc\Bin\Serialise.exe:*:Enabled:Serialise ()
C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\Infor\SunSystems\ssc\Bin\SSJvm.exe:*:Enabled:SSJvm (Systems Union Group)
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent (McAfee, Inc.)
C:\Program Files\Sony\VAIO Media 5.0\Vc.exe:*:Disabled:[VAIO Media] VAIO Media (Sony Corporation)
F:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup File not found
C:\Documents and Settings\Uday Maitra\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player (Octoshape ApS)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\Ares Ultra\Ares Ultra.exe:*:Enabled:Ares Ultra (Ares Ultra Development Team)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) File not found
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync (Microsoft Corporation)
C:\Program Files\PrinterOn Corporation\PrintWhere 3.5\pwcCEX.exe:*:Enabled:pwcCEX.exe (PrinterOn Corporation)
C:\Program Files\PrinterOn Corporation\PrintWhere 3.5\pwcPost.exe:*:Enabled:pwcPost.exe (PrinterOn Corporation)
C:\Program Files\PrinterOn Corporation\PrintWhere 3.5\pwcRoute.exe:*:Enabled:pwcRoute.exe (PrinterOn Corporation)
C:\Program Files\PrinterOn Corporation\PrintWhere 3.5\pwcPrinterSelect.exe:*:Enabled:pwcPrinterSelect.exe (PrinterOn Corporation)
C:\Program Files\PrinterOn Corporation\PrintWhere 3.5\pwcDDE.exe:*:Enabled:pwcDDE.exe (PrinterOn Corporation)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{06A7EA72-0F00-4D53-A81C-A5D925711141}" = Microsoft SQL Server 2008 Full text search
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless LAN Setup Utility
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{12723C3A-0FF8-4A0C-8BD3-DC958F388F67}" = GoBoingo!
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb
"{14FADA6F-37AF-44A7-9CC2-BF862282A258}" = PrintWhere 3.5
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}" = Citrix Presentation Server Client - Web Only
"{23F70562-02F4-4805-ACF5-6E52BAD167C2}" = Microsoft SQL Server 2008 Reporting Services
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{246E24CB-B5B0-4C29-BC47-4183EDD474DF}" = Encryption Service
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{275ABBA2-4817-4443-9AB8-ED43CA9AAA17}" = Microsoft SQL Server 2008 BI Development Studio
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}" = VAIO Breeze Wallpaper
"{303379C9-8610-4CCF-AF37-C4BF8998C591}" = Roxio Media Manager
"{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}" = Rhapsody Player Engine
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{323AC09C-3EF4-41F4-B9D2-62CFC025179C}" = Manual Checks Module
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{32A3A4F4-B792-11D6-A78A-00B0D0150110}" = J2SE Development Kit 5.0 Update 11
"{32A3A4F4-B792-11D6-A78A-00B0D0160010}" = Java™ SE Development Kit 6 Update 1
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3431A7A3-6287-46B0-8AF1-BE2452A1FE62}" = Microsoft SQL Server 2008 Books Online (English)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35A3A4F4-B792-11D6-A78A-00B0D0142130}" = Java 2 SDK, SE v1.4.2_13
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F31F3B5-C1FF-3708-8611-869DE39C0CB6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB
"{40F34A1C-65A2-4163-98CE-A0D0646CABEF}" = Microsoft SQL Server 2008 Integration Services
"{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{49E98741-B7A4-4A44-A536-6AFCA23106FE}" = Microsoft SQL Server 2008 Reporting Services
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D28EFCF-5999-44D2-8D4E-AC643E76C33F}" = Microsoft SQL Server 2008 Client Tools
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{60D46DEE-5221-47AA-B978-BA25C5D9F560}" = Microsoft SQL Server 2008 Client Tools
"{6249567F-65C3-4EE7-B023-E4FA035B0520}" = Microsoft SQL Server 2008 Analysis Services
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6CB1B2BF-FF11-48EF-958B-7A3DC7A81243}" = TROY Checkwriting Software
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{70A696DC-293A-408D-844E-8ECF02FD8E96}" = SunSystems 5 Language Pack
"{7148F0A8-6813-11D6-A77B-00B0D0142130}" = Java 2 Runtime Environment, SE v1.4.2_13
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{78EFA95D-3310-4035-815B-A46BA4D0C6FA}" = VOB2MPG 2.5
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{82081533-F045-469E-BD53-F16839E445C3}" = VAIO Support Central
"{844DA731-B8B0-4581-AF3C-5158CC16897E}" = BlackBerry v4.2.2 for the 8320 Series Wireless Handheld
"{85A52A89-81D8-4736-BF5D-032AC2CD61E5}" = eFax Messenger 4.2
"{85AC0FFA-643D-3103-9310-7086ECB0C36C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ESN
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8DF4C627-4AF3-4245-9F13-3518FC8584DC}" = Protector Suite QL 5.3
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJSTDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJSTDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJSTDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJSTDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTDR_{75EC8FFC-B913-4991-B3A1-22576D2FC45D}" = Microsoft Office Project 2007 Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJSTDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{C1877F6E-C1C8-486D-A697-86431029690C}" = Microsoft Office Project 2007 Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{92E4A65F-7007-3357-A69A-167F71A337BD}" = Microsoft .NET Framework 3.5 Language Pack SP1 - esn
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.4
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{AC54DC1F-EDA7-448C-BA4C-218A92F5E985}" = Microsoft SQL Server 2008 BI Development Studio
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AEB03FAF-90EB-4B4F-BA32-9C4DDE2C9804}" = Microsoft SQL Server 2008 Integration Services
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B1FA73D8-AB79-3A2E-81AC-DBBAC155B2FE}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB
"{B4B5AD48-8D34-41D3-BD8A-8A10BD9BDED3}_is1" = Spy Sweeper
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}" = Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
"{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDEDB104-4067-3D5E-81F0-DBEBFE856B45}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ESN
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C33DC9DF-0841-4B28-AD0B-68EF59FAC53C}" = Brother MFL-Pro Suite
"{C518C7BF-A345-4019-815B-FFDF32EBCAD9}" = VAIO HDD Protection
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C89B00A2-B72A-4935-96FC-38796E9554EC}" = Microsoft Sync Services for ADO.NET v2.0 (x86)
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-in 1.0
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D1163365-2311-4EA8-B4AE-D6A0C4D0B489}" = Patch Set Deployment Tool
"{D123544E-A389-4ACC-BDBC-14C40DA346A2}" = Reconciliation Module
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DAA8590D-D93E-4697-9CBE-D96A7590A8E3}" = Microsoft SQL Server 2008 Analysis Services
"{DE7A46A8-D4DA-4EE0-AD6C-326049517BF2}" = BlackBerry Desktop Software 4.3
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.20
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{EF7BB06C-5D95-4C7C-8B9B-E1B1E37E8692}" = Fingerprint Tutorial
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6D24DE1-6894-452D-A714-FDA0929714EC}" = TPM Tutorial
"{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}" = Microsoft SQL Server 2008 Management Studio
"{FB239709-6E30-4098-91A7-F2A2BAF58597}" = SunSystems Security
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}" = VAIO Security Center
"274c5407c4fa26908310cb5c1c5500001954585185" = NetBeans IDE 5.5
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AOL Search Enhancement" = Search Enhancement by AOL Search
"Ares Ultra_is1" = Ares Ultra 3.5.0
"BlackBerry_{DE7A46A8-D4DA-4EE0-AD6C-326049517BF2}" = BlackBerry Desktop Software 4.3
"Bridge_Base_Online" = Bridge Base Online
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"dvdSanta 4.50 - Make your own DVD movies!_is1" = dvdSanta 4.50
"dvdSanta 4.60 - Make your own DVD movies!_is1" = dvdSanta 4.60
"ERUNT_is1" = ERUNT 1.1j
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GSpot" = GSpot Codec Information Appliance
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"JEOPARDY!" = JEOPARDY! (remove only)
"Kundli for Windows (Professional Edition)" = Kundli for Windows (Professional Edition)
"LimeWire" = LimeWire 4.12.14
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mikogo" = Mikogo
"Mozilla Firefox (1.5.0.12)" = Mozilla Firefox (1.5.0.12)
"MSC" = McAfee SecurityCenter
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"PokerStars" = PokerStars
"PRJSTDR" = Microsoft Office Project Standard 2007 Trial
"ProInst" = Intel® PROSet/Wireless Software
"PROR" = Microsoft Office Professional 2007
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 6.0
"Sony Ericsson Wireless Modem" = Sony Ericsson Wireless Modem
"SunSystems 4.2.6 - Microsoft SQL Server" = SunSystems 4.2.6 - Microsoft SQL Server
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.9
"Wheel of Fortune" = Wheel of Fortune (remove only)
"WIC" = Windows Imaging Component
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Sun Download Manager 2.0 (web)" = Sun Download Manager 2.0 (web)
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/9/2009 6:57:30 PM | Computer Name = UDAY | Source = MSSQLSERVER | ID = 17310
Description = A user request from the session with SPID 52 generated a fatal exception.
SQL Server is terminating this session. Contact Product Support Services with the
dump produced in the log directory.

Error - 6/9/2009 6:57:36 PM | Computer Name = UDAY | Source = MSSQLSERVER | ID = 8624
Description = Internal Query Processor Error: The query processor could not produce
a query plan. For more information, contact Customer Support Services.

Error - 6/9/2009 6:57:37 PM | Computer Name = UDAY | Source = MSSQLSERVER | ID = 17310
Description = A user request from the session with SPID 52 generated a fatal exception.
SQL Server is terminating this session. Contact Product Support Services with the
dump produced in the log directory.

Error - 6/9/2009 6:57:42 PM | Computer Name = UDAY | Source = MSSQLSERVER | ID = 8624
Description = Internal Query Processor Error: The query processor could not produce
a query plan. For more information, contact Customer Support Services.

Error - 6/9/2009 6:57:43 PM | Computer Name = UDAY | Source = MSSQLSERVER | ID = 17310
Description = A user request from the session with SPID 52 generated a fatal exception.
SQL Server is terminating this session. Contact Product Support Services with the
dump produced in the log directory.

Error - 6/9/2009 6:57:49 PM | Computer Name = UDAY | Source = MSSQLSERVER | ID = 8624
Description = Internal Query Processor Error: The query processor could not produce
a query plan. For more information, contact Customer Support Services.

Error - 6/9/2009 6:57:50 PM | Computer Name = UDAY | Source = MSSQLSERVER | ID = 17310
Description = A user request from the session with SPID 52 generated a fatal exception.
SQL Server is terminating this session. Contact Product Support Services with the
dump produced in the log directory.

Error - 6/9/2009 6:57:55 PM | Computer Name = UDAY | Source = MSSQLSERVER | ID = 8624
Description = Internal Query Processor Error: The query processor could not produce
a query plan. For more information, contact Customer Support Services.

Error - 6/9/2009 6:57:56 PM | Computer Name = UDAY | Source = MSSQLSERVER | ID = 17310
Description = A user request from the session with SPID 52 generated a fatal exception.
SQL Server is terminating this session. Contact Product Support Services with the
dump produced in the log directory.

Error - 6/9/2009 6:58:06 PM | Computer Name = UDAY | Source = MSSQLSERVER | ID = 8624
Description = Internal Query Processor Error: The query processor could not produce
a query plan. For more information, contact Customer Support Services.

[ OSession Events ]
Error - 3/16/2009 4:09:58 PM | Computer Name = UDAY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 40
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/9/2009 8:32:49 PM | Computer Name = UDAY | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 6/9/2009 8:32:49 PM | Computer Name = UDAY | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 6/9/2009 8:32:49 PM | Computer Name = UDAY | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 6/9/2009 8:33:43 PM | Computer Name = UDAY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service McMSCSvc with
arguments "" in order to run the server: {AB92D412-E57E-473B-B9A2-3BAE647D9C8C}

Error - 6/9/2009 8:33:43 PM | Computer Name = UDAY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service McMSCSvc with
arguments "" in order to run the server: {AB92D412-E57E-473B-B9A2-3BAE647D9C8C}

Error - 6/9/2009 8:36:17 PM | Computer Name = UDAY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service McMSCSvc with
arguments "" in order to run the server: {03082469-BA75-44A5-89CB-D187F313E572}

Error - 6/9/2009 8:37:20 PM | Computer Name = UDAY | Source = HTTP | ID = 15005
Description = Unable to bind to the underlying transport for 0.0.0.0:8080. The IP
Listen-Only list may contain a reference to an interface which may not exist on
this machine. The data field contains the error number.

Error - 6/9/2009 8:37:20 PM | Computer Name = UDAY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service McMSCSvc with
arguments "" in order to run the server: {DDA1154C-204B-41D7-BFE7-7907C6BA9D56}

Error - 6/9/2009 8:51:56 PM | Computer Name = UDAY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service McMSCSvc with
arguments "" in order to run the server: {AB92D412-E57E-473B-B9A2-3BAE647D9C8C}

Error - 6/9/2009 8:52:46 PM | Computer Name = UDAY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service McMSCSvc with
arguments "" in order to run the server: {AB92D412-E57E-473B-B9A2-3BAE647D9C8C}


< End of report >

-----------------------------------------------------------------------------------------------------------

Thank you again and I look forward to hearing from you guys soon!!
  • 0

Advertisements


#2
damnyouVirus

damnyouVirus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hello All,

I tried one more thing and I think it worked.

I ran Combofix. There doesn't appear to be a trace/any difficulties post-combofix.

Here is the log results. Please let me know if there are any threats still remaining/any actions that need to be taken.

Thanks

ComboFix 09-06-09.06 - Uday Maitra 06/09/2009 22:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1337 [GMT -4:00]
Running from: c:\documents and settings\Uday Maitra\Desktop\Comb.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\setup.exe
c:\windows\IE4 Error Log.txt
c:\windows\setup.exe
c:\windows\system32\drivers\UACpaodrhresspfdss.sys
c:\windows\system32\UACaagtuccvskdlogv.log
c:\windows\system32\UACaamxgvwkfhwnxdu.dll
c:\windows\system32\UACbmtvxrtucnigloh.dll
c:\windows\system32\UACdpuywsfknsfvqay.dll
c:\windows\system32\UACeulwvdsccoywhlr.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjeyeftepuhgcevc.dll
c:\windows\system32\UACphvwrobdoossjbr.db
c:\windows\system32\UACqbsbinxidjdahyc.log
c:\windows\system32\UACrrjmocaupbqepwv.dll
c:\windows\system32\UACvtvhyfnidpkxugj.dll
c:\windows\system32\UACytlsdujfrdiandi.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.

2009-06-10 02:38 . 2009-06-10 02:39 -------- d-s---w- C:\Combo
2009-06-10 01:07 . 2009-06-10 01:08 -------- d-----w- C:\Rooter$
2009-06-10 00:08 . 2009-06-10 00:08 -------- d-----w- c:\documents and settings\Uday Maitra\Application Data\Malwarebytes
2009-06-09 23:58 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-09 23:58 . 2009-06-10 00:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-09 23:58 . 2009-06-09 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-09 23:58 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-09 23:50 . 2009-06-09 23:50 -------- d-----w- c:\program files\ERUNT
2009-06-09 21:31 . 2009-06-09 21:31 -------- d-----w- c:\documents and settings\Uday Maitra\Local Settings\Application Data\PCHealth
2009-06-09 15:41 . 2009-06-09 14:19 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-09 14:19 . 2009-06-09 14:18 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-09 14:19 . 2009-06-09 14:19 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-09 14:19 . 2009-06-09 14:19 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-09 14:19 . 2009-06-09 14:19 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-09 14:19 . 2009-06-09 14:19 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-09 14:19 . 2009-06-09 14:19 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-09 14:19 . 2009-06-09 14:19 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-09 14:19 . 2009-06-09 14:19 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-09 14:18 . 2009-06-09 14:18 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-09 14:18 . 2009-06-09 14:18 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-09 14:18 . 2009-06-09 14:18 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-09 14:18 . 2009-06-09 14:18 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-09 14:18 . 2009-06-09 14:18 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-09 14:18 . 2009-06-09 14:18 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-09 14:18 . 2009-06-09 14:18 540536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-09 14:18 . 2009-06-09 14:18 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-09 14:18 . 2009-06-09 14:18 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-09 14:18 . 2009-06-09 14:18 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-09 14:18 . 2009-06-09 14:18 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-09 14:14 . 2009-06-09 14:14 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-09 14:14 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-09 14:13 . 2009-06-09 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-09 14:13 . 2009-06-09 14:13 -------- d-----w- c:\program files\Lavasoft
2009-06-09 14:03 . 2008-02-29 22:14 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-05-29 22:30 . 2009-05-29 22:30 24576 ----a-w- c:\documents and settings\Uday Maitra\Application Data\Mikogo\B-Capture.exe
2009-05-29 22:30 . 2009-05-29 22:30 185640 ----a-w- c:\documents and settings\Uday Maitra\Application Data\Mikogo\B-Service.exe
2009-05-29 22:28 . 2009-05-29 22:30 -------- d-----w- c:\documents and settings\Uday Maitra\Application Data\Mikogo
2009-05-29 22:28 . 2009-05-29 22:28 331776 ----a-w- c:\documents and settings\Uday Maitra\Application Data\Mikogo\remover.exe
2009-05-29 22:28 . 2009-05-29 22:28 3293184 ----a-w- c:\documents and settings\Uday Maitra\Application Data\Mikogo\Mikogo-Host.exe
2009-05-29 22:28 . 2009-05-29 22:28 1249280 ----a-w- c:\documents and settings\Uday Maitra\Application Data\Mikogo\MeetingPlayer.exe
2009-05-29 21:16 . 2009-05-29 21:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-29 21:16 . 2009-05-29 21:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-05-28 03:29 . 2009-05-28 03:30 -------- d-----w- c:\program files\QuickTime
2009-05-28 03:29 . 2009-05-28 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-28 03:27 . 2009-05-28 03:27 -------- d-----w- c:\documents and settings\Uday Maitra\Local Settings\Application Data\Apple
2009-05-28 03:27 . 2009-05-28 03:27 -------- d-----w- c:\program files\Apple Software Update
2009-05-28 03:27 . 2009-05-28 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-05-28 03:27 . 2009-05-28 03:27 -------- d-----w- c:\documents and settings\Uday Maitra\Local Settings\Application Data\Apple Computer
2009-05-17 16:45 . 2009-05-22 01:22 -------- d-----w- c:\documents and settings\Uday Maitra\Local Settings\Application Data\FullTiltPoker
2009-05-16 23:41 . 2009-05-17 00:13 -------- d-----w- c:\documents and settings\Uday Maitra\Application Data\vlc
2009-05-16 18:50 . 2009-05-16 18:50 -------- d-----w- c:\program files\PokerStove
2009-05-16 15:39 . 2009-06-01 00:38 -------- d-----w- c:\program files\Full Tilt Poker
2009-05-12 15:45 . 2009-05-12 15:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PrinterOn Corporation
2009-05-12 15:41 . 2009-05-12 15:41 -------- d-----w- c:\documents and settings\Uday Maitra\Local Settings\Application Data\PrinterOn Corporation
2009-05-12 15:41 . 2009-03-13 16:50 319488 ----a-w- c:\windows\system32\pwccpo35.dll
2009-05-12 15:41 . 2009-03-13 16:50 159744 ----a-w- c:\windows\system32\pwccln35.dll
2009-05-12 15:41 . 2009-05-12 15:42 -------- d-----w- c:\program files\PrinterOn Corporation
2009-05-12 13:28 . 2009-05-12 13:28 -------- d-----w- c:\windows\system32\KB905474
2009-05-12 13:28 . 2009-03-11 02:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-05-12 13:28 . 2009-03-11 02:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-05-11 14:27 . 2009-05-11 14:27 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 02:34 . 2007-03-16 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-09 19:00 . 2007-09-05 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-09 15:58 . 2009-05-04 04:02 -------- d-----w- c:\program files\PokerStars
2009-06-08 15:45 . 2008-09-10 13:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-05-16 15:39 . 2006-03-22 21:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-14 16:13 . 2007-04-15 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-13 14:20 . 2006-06-09 07:45 -------- d-----w- c:\program files\Common Files\AOL
2009-05-09 17:41 . 2006-06-09 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-05-08 01:30 . 2008-03-16 09:30 -------- d-----w- c:\program files\Windows Live
2009-05-08 01:28 . 2009-04-21 00:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-08 01:26 . 2009-05-08 01:26 -------- d-----w- c:\program files\Microsoft
2009-05-08 01:25 . 2009-05-08 01:25 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-08 01:17 . 2009-05-08 01:17 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-08 01:11 . 2006-10-16 00:21 -------- d-----w- c:\program files\Windows Live Toolbar
2009-05-08 01:09 . 2009-05-05 01:48 -------- d-----w- c:\program files\MSN Messenger
2009-05-05 01:34 . 2006-03-23 00:14 95552 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-05 01:31 . 2006-10-07 14:30 -------- d-----w- c:\program files\Common Files\Lasata Software
2009-05-05 01:09 . 2007-04-15 23:09 -------- d-----w- c:\program files\PokerStars.NET
2009-04-22 15:15 . 2007-06-28 22:05 -------- d-----w- c:\documents and settings\Uday Maitra\Application Data\Juniper Networks
2009-04-21 09:56 . 2009-04-21 09:56 -------- d-----w- c:\documents and settings\suadmin\Application Data\Juniper Networks
2009-04-21 02:15 . 2006-10-18 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SystemsUnion
2009-04-21 01:28 . 2009-04-21 01:28 397664 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\1033\ResourceCache.dll
2009-04-21 01:28 . 2009-04-21 01:28 397664 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\1033\ResourceCache.dll
2009-04-21 01:15 . 2009-04-21 01:12 121728 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-04-21 01:12 . 2009-04-21 01:12 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2009-04-21 01:08 . 2009-04-21 00:48 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-04-21 01:07 . 2009-04-21 01:07 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-04-21 01:01 . 2009-04-21 01:01 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-04-21 00:58 . 2009-04-21 00:58 -------- d-----w- c:\program files\Microsoft SDKs
2009-04-21 00:57 . 2009-04-21 00:57 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-04-21 00:56 . 2006-06-09 07:38 -------- d-----w- c:\program files\Microsoft SQL Server
2009-04-21 00:55 . 2009-04-21 00:55 -------- d-----w- c:\program files\Microsoft Analysis Services
2009-04-21 00:52 . 2009-04-21 00:52 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-04-21 00:48 . 2006-06-09 07:37 -------- d-----w- c:\program files\Microsoft.NET
2009-04-20 23:31 . 2009-04-20 23:31 -------- d-----w- c:\program files\MSBuild
2009-04-20 23:31 . 2009-04-20 23:31 -------- d-----w- c:\program files\Reference Assemblies
2009-04-19 14:19 . 2009-02-13 22:51 -------- d-----w- c:\documents and settings\Uday Maitra\Application Data\SACore
2009-04-19 14:19 . 2009-04-19 14:19 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-02-01 22:22 . 2007-01-19 02:59 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-02-01 22:22 . 2007-01-19 02:59 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-02-01 22:22 . 2007-01-19 02:59 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-11-09 21:10 . 2007-11-09 21:10 30288 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 21:10 . 2007-11-09 21:10 79440 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 21:10 . 2007-11-09 21:10 75344 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-11-09 21:10 . 2007-11-09 21:10 140880 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 21:10 . 2007-11-09 21:10 42576 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-11-09 21:10 . 2007-11-09 21:10 50768 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-11-09 21:10 . 2007-11-09 21:10 34384 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-11-09 21:11 . 2007-11-09 21:11 685648 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 21:11 . 2007-11-09 21:11 30288 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-08 7557120]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-01-26 212992]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-21 167936]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-22 190464]
"eFax 4.2"="c:\program files\eFax Messenger 4.2\J2GDllCmd.exe" [2006-07-14 107008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"SetDefPrt"="c:\program files\Brother\Brmfl03a\BrStDvPt.exe" [2003-07-03 45056]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"SULoginMonitor"="c:\program files\Infor\Security\SULoginMonitor.exe" [2007-07-11 57344]
"PrintWhere Router 3.5"="c:\program files\PrinterOn Corporation\PrintWhere 3.5\pwcRoute.exe" [2009-03-13 582920]
"PrinterOn Printer Select 3.5"="c:\program files\PrinterOn Corporation\PrintWhere 3.5\pwcPrinterSelect.exe" [2009-03-13 832776]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-09 518488]

c:\documents and settings\Uday Maitra\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-11-17 368640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Program Neighborhood Agent.lnk - c:\windows\Installer\{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}\Icon80951CEC.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2008-1-14 38480]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-23 415072]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-23 01:11 39936 ----a-w- c:\windows\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli fusstub

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eFax 4.2.lnk
backup=c:\windows\pss\eFax 4.2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2 (0x2)
"Troy Encryption Service"=2 (0x2)
"OracleServiceORCL"=3 (0x3)
"OracleServiceEINSIGHT"=3 (0x3)
"OracleOraHome92TNSListener"=3 (0x3)
"OracleOraHome92SNMPPeerMasterAgent"=3 (0x3)
"OracleOraHome92SNMPPeerEncapsulator"=3 (0x3)
"OracleOraHome92PagingServer"=3 (0x3)
"OracleOraHome92HTTPServer"=3 (0x3)
"OracleOraHome92ClientCache"=3 (0x3)
"OracleOraHome92Agent"=3 (0x3)
"OracleMTSRecoveryService"=3 (0x3)
"EnterpriseManager51X15000"=3 (0x3)
"CVPND"=2 (0x2)
"WinVNC4"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Infor\\SunSystems\\ssc\\Bin\\Serialise.exe"=
"c:\\Program Files\\Infor\\SunSystems\\ssc\\Bin\\SSJvm.exe"=
"c:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe"=
"c:\\Documents and Settings\\Uday Maitra\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ares Ultra\\Ares Ultra.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\PrinterOn Corporation\\PrintWhere 3.5\\pwcCEX.exe"=
"c:\\Program Files\\PrinterOn Corporation\\PrintWhere 3.5\\pwcPost.exe"=
"c:\\Program Files\\PrinterOn Corporation\\PrintWhere 3.5\\pwcRoute.exe"=
"c:\\Program Files\\PrinterOn Corporation\\PrintWhere 3.5\\pwcPrinterSelect.exe"=
"c:\\Program Files\\PrinterOn Corporation\\PrintWhere 3.5\\pwcDDE.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"49300:TCP"= 49300:TCP:PrintWhere.49300
"49301:TCP"= 49301:TCP:PrintWhere.49301
"49302:TCP"= 49302:TCP:PrintWhere.49302
"49303:TCP"= 49303:TCP:PrintWhere.49303
"49304:TCP"= 49304:TCP:PrintWhere.49304
"50300:TCP"= 50300:TCP:PrintWhere.50300
"50301:TCP"= 50301:TCP:PrintWhere.50301
"50302:TCP"= 50302:TCP:PrintWhere.50302
"50303:TCP"= 50303:TCP:PrintWhere.50303
"50304:TCP"= 50304:TCP:PrintWhere.50304
"48300:TCP"= 48300:TCP:PrintWhere.48300
"48301:TCP"= 48301:TCP:PrintWhere.48301
"48302:TCP"= 48302:TCP:PrintWhere.48302
"48303:TCP"= 48303:TCP:PrintWhere.48303
"48304:TCP"= 48304:TCP:PrintWhere.48304

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/9/2009 10:19 AM 64160]
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [3/22/2006 1:57 PM 9216]
R1 NEOFLTR_610_13103;Juniper Networks TDI Filter Driver (NEOFLTR_610_13103);c:\windows\system32\drivers\NEOFLTR_610_13103.sys [5/7/2008 1:26 AM 64160]
R2 2006 Systems Union Security Service;2006 Systems Union Security Service;c:\program files\Infor\Security\SystemsUnion.Security.Service.exe [7/11/2007 2:20 PM 45056]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 9:13 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 9:13 PM 33024]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [7/10/2008 1:22 AM 218136]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [7/10/2008 2:22 AM 1106968]
R2 SunSystems Connect Server;SunSystems Connect Server;c:\program files\Infor\SunSystems\ssc\Bin\ConnectServer.exe [4/21/2009 5:50 AM 81920]
R2 SunSystems Session Manager;SunSystems Session Manager;c:\program files\Infor\SunSystems\SessionManager.exe [4/21/2009 5:49 AM 131072]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [3/22/2006 1:57 PM 36352]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [7/10/2008 1:15 AM 31256]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [3/22/2006 1:57 PM 29184]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [3/22/2006 1:57 PM 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [3/22/2006 1:57 PM 226304]
S2 PALOServerService;Palo 2.0 Server Service;"c:\program files\Jedox\Palo\palo.exe" --start-service --service-name "PALOServerService" --data "c:\program files\Jedox\Palo\data" --> c:\program files\Jedox\Palo\palo.exe [?]
S3 B-Service;B-Service;c:\documents and settings\Uday Maitra\Application Data\Mikogo\B-Service.exe [5/29/2009 6:30 PM 185640]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [10/22/2006 10:27 AM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [10/22/2006 10:27 AM 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [10/22/2006 10:27 AM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [10/22/2006 10:26 AM 10368]
S3 CCITCP2;CCITCP2;c:\sunsystems4\UTILS\SRVANY.EXE [10/21/2006 8:04 PM 13312]
S3 SSMASTER;SSMASTER;c:\sunsystems4\UTILS\SRVANY.EXE [10/21/2006 8:04 PM 13312]
S4 EnterpriseManager51X15000;Sun SeeBeyond Enterprise Manager 5.1.2(15000);c:\javacaps512\emanager/server\bin\tomcat5.exe //RS//EnterpriseManager51X15000 --> c:\javacaps512\emanager/server\bin\tomcat5.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/9/2008 10:49 PM 47128]
S4 OracleOraHome92Agent;OracleOraHome92Agent;c:\oracle\ora92\bin\agntsrvc.exe [4/26/2002 5:29 PM 28944]
S4 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;c:\oracle\ora92\Apache\Apache\Apache.exe [4/18/2002 10:02 PM 4096]
S4 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;c:\oracle\ora92\bin\encsvc.exe [2/13/2002 8:23 AM 187392]
S4 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;c:\oracle\ora92\bin\agntsvc.exe [2/13/2002 8:23 AM 254464]
S4 OracleServiceEINSIGHT;OracleServiceEINSIGHT;c:\oracle\ora92\bin\ORACLE.EXE EINSIGHT --> c:\oracle\ora92\bin\ORACLE.EXE EINSIGHT [?]
S4 OracleServiceORCL;OracleServiceORCL;c:\oracle\ora92\bin\ORACLE.EXE ORCL --> c:\oracle\ora92\bin\ORACLE.EXE ORCL [?]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 Troy Encryption Service;Troy Encryption Service;c:\program files\Encryption Service\EncryptionService.exe [5/9/2006 2:43 PM 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-06-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:18]

2009-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-05 10:23]

2009-06-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 02:18]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
Trusted Zone: java.com
Trusted Zone: swift.com\service.sipn
Trusted Zone: validusre.bm\connect
Trusted Zone: validusre.bm\portal
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {6105E6DE-B6B9-43C9-8629-7F3AD1E3800E} - hxxps://minuwet.uwaterloo.ca/Minuwetactivex.ocx
FF - ProfilePath - c:\documents and settings\Uday Maitra\Application Data\Mozilla\Firefox\Profiles\r7rzkn9f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\qfaservices.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 23:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EnterpriseManager51X15000]
"ImagePath"="c:\javacaps512\emanager/server\bin\tomcat5.exe //RS//EnterpriseManager51X15000"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92PagingServer]
"ImagePath"="c:\oracle\ora92/bin/pagntsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92TNSListener]
"ImagePath"="c:\oracle\ora92\BIN\TNSLSNR "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Micro Focus]
@Denied: (C D) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1424)
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\AlgVer.dll
c:\program files\Protector Suite QL\TCBioLib.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\windows\system32\WRLogonNTF.dll
c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(1480)
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll

- - - - - - - > 'explorer.exe'(4924)
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\searchindexer.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\wscntfy.exe
c:\program files\Apoint\ApntEx.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
c:\program files\Java\jre1.6.0_02\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-06-10 23:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-10 03:20

Pre-Run: 13,643,825,152 bytes free
Post-Run: 13,536,636,928 bytes free

438 --- E O F --- 2009-05-27 13:18
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP