Thanks .. Pls find the logs as instructed.
1. Hijack logs:
Logfile of HijackThis v1.99.1
Scan saved at 17:58:31, on 13/07/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Sashi\AppData\Local\Temp\Rar$EX00.850\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.club-vaio.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\Sashi\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: psfus - C:\Windows\system32\psqlpwd.dll
O20 - Winlogon Notify: VESWinlogon - C:\Windows\SYSTEM32\VESWinlogon.dll
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\TDSupportApp\cdrom_mon.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP (file missing)
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: ACE SMS Cast (ZMcastService) - Tanla Solutions Ltd - C:\Program Files\Tanla Solutions Ltd\ACE SMS Cast 1.0.9\TestMcaseService.exe
2. uninstall_list
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
ABC Amber vCard Converter
ACE SMS Cast 1.0.9
Active@ DVD Eraser v 1.1
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
ArcSoft Magic-i Visual Effects Installer
Bluetooth Stack for Windows by Toshiba
Browser Address Error Redirector
CCleaner (remove only)
Click to DVD 2.0.05 Menu Data
Click to DVD 2.6.00
ConvertXtoDVD 3.1.2.34
Cute CD DVD Burner V5.0
CutePDF Writer 2.7
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
ffdshow [rev 1928] [2008-04-10]
Foxit PDF Editor
GearDrvs
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Highlight Viewer (Windows Live Toolbar)
Instant Mode
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 3.7.5 Full
Lotus Notes 8.0
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Map Button (Windows Live Toolbar)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 1 (SP1)
Microsoft Office Project 2007 Service Pack 1 (SP1)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Standard 2007
Microsoft Office Project Standard 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mpegable DS decoder
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Nitro PDF Professional
Norton 360
OpenMG Limited Patch 4.7-07-15-19-01
OpenMG Secure Module 4.7.00
Protector Suite QL 5.6
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Redistributable_MM
Registry Mechanic 7.0
Roxio Easy Media Creator Home
Salesforce Outlook Edition 3.2
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Visio 2007 (KB947590)
Setting Utility Series
Skype 3.2
Skype Plugin Manager
Smart Menus (Windows Live Toolbar)
SonicStage Mastering Studio
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
SonicWALL Global VPN Client 4.0.0.830
Sony Video Shared Library
Synaptics Pointing Device Driver
Trend Micro OfficeScan Client
Trojan Remover 6.7.0
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb953463)
VAIO Aqua Breeze Wallpaper
VAIO Camera Capture Utility
VAIO Content Folder Setting
VAIO Content Importer / VAIO Content Exporter
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Cozy Orange Wallpaper
VAIO Data Restore Tool
VAIO Entertainment Platform
VAIO Event Service
VAIO Launcher
VAIO Long Battery Life Wallpaper
VAIO Media 6.0
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.1
VAIO Media Redistribution 6.0
VAIO Media Registration Tool 6.0
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO Original Function Setting
VAIO Original Screen Saver
VAIO Power Management
VAIO Tender Green Wallpaper
VAIO Update 3
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
WinDVD for VAIO
WinRAR archiver
WinSCP 4.0.7
Wireless Switch Setting Utility
Yahoo! Messenger
ZTE Mobile Connection
3. Combofix :
ComboFix 08-07-07.3 - Sashi 2008-07-13 17:40:48.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.1075 [GMT 1:00]
Running from: C:\Users\Sashi\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Sashi\AppData\Roaming\inst.exe
C:\Windows\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 )))))))))))))))))))))))))))))))
.
2008-07-13 16:32 . 2008-07-13 16:32 <DIR> d-------- C:\Users\Sashi\AppData\Roaming\Simply Super Software
2008-07-13 16:32 . 2008-07-13 16:32 <DIR> d-------- C:\ProgramData\TEMP
2008-07-13 16:32 . 2008-07-13 16:32 <DIR> d-------- C:\ProgramData\Simply Super Software
2008-07-13 16:32 . 2008-07-13 16:32 <DIR> d-------- C:\Program Files\Trojan Remover
2008-07-13 16:32 . 2006-05-25 15:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
2008-07-13 16:32 . 2003-02-02 20:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll
2008-07-13 16:32 . 2005-08-26 01:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2008-07-13 16:32 . 2002-03-06 01:00 75,264 --a------ C:\Windows\System32\unacev2.dll
2008-07-13 16:32 . 2006-06-19 13:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2008-07-12 20:34 . 2004-08-04 07:00 506,368 --a------ C:\Windows\System32\msxml.dll
2008-07-11 23:09 . 2008-07-11 23:09 <DIR> d-------- C:\ProgramData\Apple Computer
2008-07-11 22:29 . 2008-07-11 22:29 <DIR> d-------- C:\Program Files\VSO
2008-07-11 22:29 . 2004-05-04 12:53 1,645,320 --a------ C:\Windows\gdiplus.dll
2008-07-11 22:29 . 2006-05-20 17:16 1,184,984 --a------ C:\Windows\System32\wvc1dmod.dll
2008-07-11 22:29 . 2006-05-11 20:21 626,688 --a------ C:\Windows\System32\vp7vfw.dll
2008-07-11 22:29 . 2006-09-29 13:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-07-11 22:29 . 2006-09-29 13:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-07-11 22:29 . 2006-09-29 13:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-07-11 22:29 . 2007-03-18 21:37 65,602 --a------ C:\Windows\System32\cook3260.dll
2008-07-11 16:18 . 2008-07-11 16:45 <DIR> d-------- C:\Program Files\WinAVIVideoConverter
2008-07-11 12:52 . 2008-06-26 02:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-11 12:51 . 2008-06-26 02:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-11 12:51 . 2008-06-26 04:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-10 23:23 . 2008-07-10 23:23 <DIR> d-------- C:\Program Files\CCleaner
2008-07-09 22:41 . 2008-07-09 22:41 3,586 --a------ C:\Windows\System32\tmp.reg
2008-07-09 22:41 . 2008-07-09 22:41 691 --a------ C:\Users\Sashi\AppData\Roaming\GetValue.vbs
2008-07-09 22:41 . 2008-07-09 22:41 35 --a------ C:\Users\Sashi\AppData\Roaming\SetValue.bat
2008-07-09 22:32 . 2008-07-09 22:32 <DIR> d-------- C:\Windows\System32\SmitfraudFix
2008-07-09 19:18 . 2008-07-09 19:20 <DIR> d-------- C:\ProgramData\Lavasoft
2008-07-09 09:05 . 2005-08-27 02:38 1,435,272 --a------ C:\Windows\System32\Flash.ocx
2008-07-09 09:05 . 2003-11-19 13:59 512,688 --a------ C:\Windows\System32\XceedCry.dll
2008-07-09 09:05 . 2004-05-11 09:56 423,784 --a------ C:\Windows\System32\XceedBkp.dll
2008-07-09 09:05 . 2004-03-08 23:00 131,856 --a------ C:\Windows\System32\MSADODC.ocx
2008-07-09 09:04 . 2004-02-05 20:53 389,120 --a------ C:\Windows\System32\ACTSKN43.OCX
2008-07-09 09:04 . 2004-01-09 10:54 188,416 --a------ C:\Windows\System32\actsplash.ocx
2008-07-09 09:04 . 2001-03-28 22:02 89,088 --a------ C:\Windows\System32\ProgressBar4.ocx
2008-07-09 09:04 . 1999-01-26 19:36 11,012 --a------ C:\Windows\System32\threadapi.tlb
2008-07-08 22:44 . 2008-07-08 22:44 <DIR> d-------- C:\Users\Sashi\AppData\Roaming\Nitro PDF
2008-07-08 22:42 . 2008-07-08 22:42 <DIR> d-------- C:\ProgramData\Nitro PDF
2008-07-08 22:42 . 2008-07-08 22:42 <DIR> d-------- C:\Program Files\Nitro PDF
2008-07-08 22:42 . 2008-07-08 22:42 <DIR> d-------- C:\Program Files\Common Files\Nitro PDF
2008-07-08 22:42 . 2008-07-08 22:42 <DIR> d-------- C:\Program Files\Common Files\BCL Technologies
2008-07-08 22:15 . 2008-07-08 22:15 <DIR> d-------- C:\Windows\PrimoPDF4
2008-07-08 22:15 . 2008-07-08 22:38 <DIR> d-------- C:\Program Files\activePDF
2008-07-08 22:15 . 2006-12-11 21:12 176,235 --a------ C:\Windows\System32\Primomonnt.dll
2008-07-08 21:56 . 2008-07-08 21:56 <DIR> d-------- C:\Program Files\GPLGS
2008-07-08 21:56 . 2008-07-08 21:56 <DIR> d-------- C:\Program Files\Acro Software
2008-07-08 21:56 . 2007-07-12 22:33 87,552 --a------ C:\Windows\System32\cpwmon2k.dll
2008-07-08 21:22 . 2008-07-08 21:22 <DIR> d-------- C:\Users\Sashi\AppData\Roaming\Software602
2008-07-08 20:33 . 2008-07-08 20:33 0 --a------ C:\Windows\System32\602port
2008-07-08 20:32 . 2007-07-30 14:36 3,518,464 --a------ C:\Windows\System32\cdintf300.dll
2008-07-08 20:32 . 2007-07-30 14:36 1,843,200 --a------ C:\Windows\System32\acXMLParser.dll
2008-07-08 18:43 . 2008-07-08 18:43 0 --a------ C:\Windows\tosOBEX.INI
2008-07-08 18:39 . 2007-07-31 19:36 <DIR> dr------- C:\Users\Administrator\Videos
2008-07-08 18:39 . 2008-07-08 18:39 <DIR> dr------- C:\Users\Administrator\Searches
2008-07-08 18:39 . 2007-07-30 21:27 <DIR> dr------- C:\Users\Administrator\Saved Games
2008-07-08 18:39 . 2007-07-31 19:39 <DIR> dr------- C:\Users\Administrator\Pictures
2008-07-08 18:39 . 2007-07-30 21:27 <DIR> dr------- C:\Users\Administrator\Music
2008-07-08 18:39 . 2008-07-08 18:39 <DIR> dr------- C:\Users\Administrator\Links
2008-07-08 18:39 . 2007-07-30 21:27 <DIR> dr------- C:\Users\Administrator\Downloads
2008-07-08 18:39 . 2008-07-08 18:42 <DIR> dr------- C:\Users\Administrator\Documents
2008-07-08 18:39 . 2007-07-30 21:26 <DIR> dr------- C:\Users\Administrator\Contacts
2008-07-08 18:39 . 2007-08-23 07:16 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Sony Corporation
2008-07-08 18:39 . 2007-07-30 22:47 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\InstallShield
2008-07-08 18:39 . 2007-07-30 21:27 <DIR> d--h----- C:\Users\Administrator\AppData
2008-07-08 18:39 . 2008-07-08 18:39 <DIR> d-------- C:\Users\Administrator
2008-07-08 18:17 . 2001-05-22 07:00 22,016 --a------ C:\Windows\System32\borlndmm.dll
2008-07-08 18:16 . 2008-07-08 18:16 <DIR> d-------- C:\Program Files\Software602
2008-07-08 18:16 . 2008-07-08 21:32 <DIR> d-------- C:\Program Files\Common Files\soft602
2008-07-08 17:53 . 2008-07-08 17:53 <DIR> d-------- C:\Program Files\Foxit Software
2008-06-27 23:11 . 2008-06-27 23:11 <DIR> d-------- C:\Users\Sashi\AppData\Roaming\Alien Skin
2008-06-27 13:25 . 2008-06-27 13:25 <DIR> d-------- C:\Program Files\Rok Mobile
2008-06-27 13:20 . 2008-06-27 13:20 <DIR> d-------- C:\Program Files\WinSCP
2008-06-25 12:13 . 2008-06-25 12:13 509,208 --a------ C:\Windows\System32\ICCProfiles.dll
2008-06-22 15:55 . 2008-06-22 15:55 <DIR> d-------- C:\ProgramData\Macrovision
2008-06-22 12:49 . 2008-06-22 12:49 <DIR> d-------- C:\Users\Sashi\AppData\Roaming\U3
2008-06-19 14:26 . 2008-06-19 14:26 <DIR> d-------- C:\Program Files\Tanla Solutions Ltd
2008-06-17 20:56 . 2008-06-17 20:56 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-15 00:03 . 2008-06-22 20:17 <DIR> d-------- C:\Program Files\Macromedia
2008-06-15 00:03 . 2008-06-22 20:17 <DIR> d-------- C:\Program Files\Common Files\Macromedia
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 16:12 --------- d-----w C:\ProgramData\Google Updater
2008-07-12 19:31 --------- d-----w C:\Users\Sashi\AppData\Roaming\Vso
2008-07-11 21:30 47,360 ----a-w C:\Users\Sashi\AppData\Roaming\pcouffin.sys
2008-07-11 11:58 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-10 18:48 --------- d-----w C:\Users\Sashi\AppData\Roaming\uTorrent
2008-07-09 18:34 --------- d-----w C:\Program Files\Trend Micro
2008-07-09 16:45 --------- d-----w C:\Program Files\Windows Mail
2008-07-08 20:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 14:35 --------- d-----w C:\Program Files\ZTE Mobile Connection
2008-06-03 15:27 --------- d-----w C:\Program Files\Java
2008-05-29 14:19 174 --sha-w C:\Program Files\desktop.ini
2008-05-29 14:08 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-29 14:08 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-29 14:08 --------- d-----w C:\Program Files\Windows Journal
2008-05-29 14:08 --------- d-----w C:\Program Files\Windows Defender
2008-05-29 14:08 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-29 14:08 --------- d-----w C:\Program Files\Windows Calendar
2008-05-19 07:50 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-19 21:18 47,104 ------w C:\Windows\AKDeInstall.exe
2008-03-10 15:12 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-10 15:12 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-10 15:12 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2002-04-16 11:27 5 --sha-w C:\Windows\System32\CdI5T.drv
1998-03-20 01:00 1,048 --sha-w C:\Windows\System32\flfnlf.sys
1998-03-20 01:00 1,048 --sha-w C:\Windows\System32\rlfnlf.sys
1998-03-20 01:00 1,048 --sha-w C:\Windows\System32\TMailRL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-06-06 07:16 2955264 --a------ C:\Program Files\Protector Suite QL\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-06-06 07:16 2955264 --a------ C:\Program Files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 08:33 1233920]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-07 21:49 68856]
"googletalk"="C:\Users\Sashi\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-06-30 02:08 137752]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-06-30 02:07 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-06-30 02:07 133656]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 02:58 835584]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-12 02:27 317560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2007-06-06 06:40 49168]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-12-11 14:01 710000]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Nitro PDF Printer Monitor"="C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-06-25 12:13 210224]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-06-03 20:33 878672]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-08 03:33 4423680 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-23 00:57:26 2756608]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-07 21:49:01 125624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-06-06 07:03 90112 C:\Windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-25 03:26 98304 C:\Windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B79A4AAD-FBEE-4C24-AC5B-D249BCFB22C9}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{C76F22E1-5BE2-464C-BA2B-741C2E5E62D5}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{2208CA90-1CB5-44BA-8816-71FB8EEA355D}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{3BAB29ED-E438-4C71-8245-4F76820C4C0E}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{10BDEF4C-C824-4CC6-8494-DFAE1B0968C4}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0473365E-B1BC-4443-B069-0C75ED21243F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{AE2D8443-A9E1-4B16-AC98-B57B2D5C529B}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BE07AE5B-DA08-4239-A107-126BE80AD526}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{525FE0B4-6146-4A7B-97E8-880D5B9CE690}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{E2E9263A-861B-4706-8B2E-CDB8140800F6}C:\\program files\\sonicwall\\sonicwall global vpn client\\swgvpnclient.exe"= UDP:C:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe:SonicWALL Global VPN Client
"UDP Query User{52724BB3-7FAC-471C-8E2D-8CF73B114E6E}C:\\program files\\sonicwall\\sonicwall global vpn client\\swgvpnclient.exe"= TCP:C:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe:SonicWALL Global VPN Client
"{D54FECC8-59E0-4BC0-ACB2-5DE630258CD3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{46767004-A0E5-4498-A257-FA9E16129D4D}C:\\program files\\lotus\\notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\\jre\\bin\\notes2w.exe"= UDP:C:\program files\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\jre\bin\notes2w.exe:Lotus Notes
"UDP Query User{9D2F0B19-51F0-4BA1-A1F6-3AD6FDDBEC3F}C:\\program files\\lotus\\notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\\jre\\bin\\notes2w.exe"= TCP:C:\program files\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\jre\bin\notes2w.exe:Lotus Notes
"TCP Query User{9FCEAA69-085B-47E1-9E4A-81E208B15567}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{1836FCDF-15D9-4B40-A292-91F11909C737}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{7AD65289-D877-41E2-A05D-0188BC4965ED}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C6D7C07A-C65E-4BAC-818A-B31E3AD4668E}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8C882ADF-5E70-44AF-8082-E78C5D85CCB2}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{267488A7-9380-4740-91BE-7A4B1037F4FE}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{2EFB8811-E37C-4792-A167-2577C916BC7D}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{DBE121A7-B90D-4825-A09B-D31F943D697E}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{1AB506DF-EDF7-4C3C-B097-669AF2F83185}C:\\program files\\ibm\\lotus\\notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\\jre\\bin\\notes2w.exe"= UDP:C:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\jre\bin\notes2w.exe:Lotus Notes
"UDP Query User{75170601-D717-4D42-8CE3-90F9692CCF4F}C:\\program files\\ibm\\lotus\\notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\\jre\\bin\\notes2w.exe"= TCP:C:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.5.0.sr4-200707311521\jre\bin\notes2w.exe:Lotus Notes
"TCP Query User{97223D37-6F9A-400F-9D87-BE14F497B7EB}C:\\viaobup_d\\sashi_india on sashi\\s a s h i\\personal\\software\\pdfedit.exe"= UDP:C:\viaobup_d\sashi_india on sashi\s a s h i\personal\software\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"UDP Query User{5CAC7446-E494-4E6E-9B82-73FC2B4B5715}C:\\viaobup_d\\sashi_india on sashi\\s a s h i\\personal\\software\\pdfedit.exe"= TCP:C:\viaobup_d\sashi_india on sashi\s a s h i\personal\software\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"{BD5CAE1A-C503-4319-A302-F3C241FDAAA8}"= UDP:35629:Trend Micro OfficeScan Listener
R1 RCFOX;SonicWALL IPsec Driver;C:\Windows\system32\Drivers\RCFOX.sys [2007-09-27 16:49]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;C:\Windows\system32\TDSupportApp\cdrom_mon.exe [2007-10-06 15:56]
R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-18 04:09]
R2 ZMcastService;ACE SMS Cast;C:\Program Files\Tanla Solutions Ltd\ACE SMS Cast 1.0.9\TestMcaseService.exe [2008-05-07 17:54]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-04-20 01:01]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-04-20 01:01]
R3 rcvpn;SonicWALL VPN Adapter;C:\Windows\system32\DRIVERS\rcvpn.sys [2005-11-08 10:58]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 01:00]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 00:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 23:34]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 23:34]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-06 03:12]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 19:52]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\GMTsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e8c6a0f-d753-11dc-b821-c7a2f49de6f2}]
\shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a93b6bf-1e92-11dd-ada9-f84313514fc4}]
\shell\AutoRun\command - H:\GMTsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96918a22-195b-11dd-bf07-f3d284cb187a}]
\shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9b1718f-d7d2-11dc-b4c0-fb929f9c69c5}]
\shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef58db07-339b-11dd-ad03-98d0b9a14b34}]
\shell\AutoRun\command - G:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 10:33:43 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-13 17:48:00
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\System32\igfxext.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-07-13 17:54:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-13 16:53:42
Pre-Run: 62,553,038,848 bytes free
Post-Run: 62,164,430,848 bytes free
280 --- E O F --- 2008-07-11 12:00:01
Thnks. Look forward to your reply - amit