Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan-clicker.win32.delf.cbe problem


  • This topic is locked This topic is locked
8 replies to this topic

#1 kks

kks

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 28 May 2009 - 10:15 AM

DDS (Ver_09-05-14.01) - NTFSx86
Run by K***** S****** at 15:58:35.34 on 28/05/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3326.2455 [GMT 1:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\Program Files\Gemplus\GemSafe Libraries\BIN\GCardSrvNT.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Gemplus\GemSafe Libraries\BIN\GCardSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
C:\Program Files\Panasonic\HD Writer AE 1\HDWriterAutoStart.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\KESHUV~1\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {13dc63e2-8bf8-4657-990f-092bd30e9630} - c:\windows\system32\nipxvwwx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {45c7dd5d-0925-46f5-b729-5169691707af} - c:\windows\system32\crfwpoj.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {a2595f37-48d0-46a1-9b51-478591a97764} - No File
TB: {8B68564D-53FD-4293-B80C-993A9F3988EE} - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [VZRemoteCommander] c:\program files\sony\vaio zone remote commander\AvRmtCtr.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [utils] c:\utils\utils.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\keshuv sharma\start menu\programs\startup\santa.bat
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audiof~1.lnk - c:\program files\sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hdwrit~1.lnk - c:\program files\panasonic\hd writer ae 1\HDWriterAutoStart.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Search with Wanadoo - c:\progra~1\wanadoo\wsbar\WSBar.dll/VSearch.htm
IE: Transfer by Image Converter 2 - c:\program files\sony\image converter 2\menu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.astonmartin.com/configurator/v8vantage_load.html
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} - hxxp://www.navigram.com/engine/v812/PageDive5.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.tvucricket.com/player/vjocx-en-black.cab
TCP: NameServer = 85.255.112.22,85.255.112.130
TCP: {5F20541B-B599-4EB6-B275-BD8613940969} = 85.255.112.22,85.255.112.130
Notify: scxknwlq - crfwpoj.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: cholecyst - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\keshuv~1\applic~1\mozilla\firefox\profiles\wc4nrmwr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

============= SERVICES / DRIVERS ===============

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-6 35328]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-4-1 150544]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-10-7 353672]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 GemSAFE Card Server;GemSAFE Card Server;c:\program files\gemplus\gemsafe libraries\bin\GCardSrvNT.exe [2006-1-20 118784]
R2 hmnocqzr;StarForce Protection Synchronization (version 3.x)Controller;c:\windows\system32\svchost.exe -k netsvcs [2005-8-29 14336]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [2008-9-21 1239552]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 vvdsvc;VJVodClientServices;c:\windows\system32\svchost.exe -k vvdsvc [2005-8-29 14336]
S3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [2006-2-26 6828]
S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [2007-2-7 61776]
S3 LinksysFVNETusbl(AR)®;Linksys FVNETusbl(AR)® Service for Instant Wireless USB Network Adapter ver.2.6;c:\windows\system32\drivers\vnetusbl.sys [2004-3-9 108032]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 yeddef;YEDDEF driver;c:\windows\system32\drivers\yeddef.sys --> c:\windows\system32\drivers\yeddef.sys [?]
S3 ZSMC302;Audio Web Cam 31;c:\windows\system32\drivers\usbvm302.sys [2006-9-29 90559]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-05-28 15:36 <DIR> --d----- C:\Drivers etc
2009-05-28 15:05 <DIR> --d----- c:\program files\Trend Micro
2009-05-28 10:38 <DIR> a-dshr-- C:\autorun.inf
2009-05-28 09:40 <DIR> --d----- c:\program files\Microsoft WSE
2009-05-28 09:39 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2009-05-28 09:39 <DIR> --d----- c:\windows\Logs
2009-05-28 09:26 40,960 a------- c:\windows\system32\drivers\kungsfjddcvosf.sys
2009-05-28 09:26 20,992 a------- c:\windows\system32\kungsfncdbnoyx.dll
2009-05-28 09:26 9,720 a------- c:\windows\system32\kungsfxjfktrpu.dat
2009-05-28 09:03 92,563 a------- c:\windows\InstByVid.exe
2009-05-27 18:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-05-27 18:43 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-05-27 18:39 <DIR> --d----- c:\docume~1\keshuv~1\applic~1\DAEMON Tools Lite
2009-05-23 17:09 <DIR> --d----- c:\windows\system32\nagasoft
2009-05-13 20:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Panasonic
2009-05-13 19:28 33,408 a------- c:\windows\system32\drivers\cdrbsdrv.sys
2009-05-13 19:28 145,504 a------- c:\windows\system32\bgsvcgen.exe
2009-05-13 19:28 59,488 a------- c:\windows\system32\GenSvcInst.exe
2009-05-05 18:19 <DIR> --d----- c:\docume~1\keshuv~1\applic~1\AVS4YOU
2009-05-05 18:19 <DIR> --d----- c:\program files\AVS4YOU
2009-05-05 18:17 <DIR> --d----- c:\program files\AVSMEDIA

==================== Find3M ====================

2009-05-28 09:04 157,660,192 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-27 18:40 1,985,840 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-27 18:39 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-03-31 19:20 72,584 a------- c:\windows\zllsputility.exe
2009-03-31 19:20 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 00:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-03 01:18 826,368 a------- c:\windows\system32\wininet.dll
2007-01-10 18:08 278,528 ac------ c:\program files\common files\FDEUnInstaller.exe
2006-01-04 20:28 0 ac------ c:\docume~1\keshuv~1\applic~1\wklnhst.dat
2008-07-10 00:09 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008071020080711\index.dat

============= FINISH: 15:59:21.85 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:48 AM

Posted 28 May 2009 - 12:48 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 kks

kks
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 28 May 2009 - 03:04 PM

hi sam

i have installed MBAM but the program will not start, the computer hasnt crashed but the program will not start !!

i managed to execute the OTListIt2 program and here is the log:

OTListIt logfile created on: 28/05/2009 20:56:15 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Keshuv Sharma\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 50.58 Gb Free Space | 67.88% Space Free | Partition Type: NTFS
Drive D: | 216.59 Gb Total Space | 101.45 Gb Free Space | 46.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHARMAVAIO
Current User Name: Keshuv Sharma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2004/10/04 04:47:04 | 00,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2009/03/06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006/01/20 19:15:32 | 00,118,784 | ---- | M] (Gemplus) -- C:\Program Files\Gemplus\GemSafe Libraries\BIN\GCardSrvNT.exe
PRC - [2005/06/17 07:55:58 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
PRC - [2006/01/20 19:50:18 | 00,262,144 | ---- | M] (Gemplus) -- C:\Program Files\Gemplus\GemSafe Libraries\BIN\GCardSrv.exe
PRC - [2007/12/03 15:21:24 | 00,869,672 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/09/17 23:55:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2004/10/04 03:40:50 | 00,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2005/06/17 19:04:48 | 00,397,312 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
PRC - [2005/05/20 17:41:42 | 00,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/06/12 15:03:34 | 01,957,888 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
PRC - [2005/06/15 11:17:38 | 00,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/06/15 11:17:44 | 00,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2005/06/07 03:38:26 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
PRC - [2005/06/15 11:17:44 | 00,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2006/05/22 13:34:12 | 00,770,048 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
PRC - [2005/06/15 11:17:46 | 00,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
PRC - [2005/06/17 17:54:12 | 00,143,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
PRC - [2005/06/17 07:56:14 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
PRC - [2005/01/31 10:10:44 | 00,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/09/10 13:30:00 | 05,649,408 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
PRC - [2009/02/17 13:03:52 | 00,193,880 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Panasonic\HD Writer AE 1\HDWriterAutoStart.exe
PRC - [2009/04/28 21:03:18 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/28 20:54:22 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Keshuv Sharma\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2004/10/04 04:47:04 | 00,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor [Auto | Running])
SRV - [2009/03/06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/06/15 12:57:42 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen [Auto | Stopped])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2006/01/20 19:15:32 | 00,118,784 | ---- | M] (Gemplus) -- C:\Program Files\Gemplus\GemSafe Libraries\BIN\GCardSrvNT.exe -- (GemSAFE Card Server [Auto | Running])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/08/04 13:00:00 | 00,104,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\crfwpoj.dll -- (hmnocqzr [Auto | Running])
SRV - [2005/06/17 07:55:58 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe -- (IAANTMon [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2005/04/05 13:06:36 | 00,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\image converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment [On_Demand | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2006/04/27 17:35:16 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -- (MSSQL$VAIO_VEDB [Auto | Running])
SRV - [2002/12/17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2007/12/03 15:21:24 | 00,869,672 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/12/13 20:10:56 | 00,447,784 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2008/09/17 23:55:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/04/27 17:27:06 | 00,049,241 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2004/10/04 03:40:50 | 00,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect [Auto | Running])
SRV - [2006/04/27 17:16:28 | 00,069,718 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2002/12/17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -- (SQLAgent$VAIO_VEDB [On_Demand | Stopped])
SRV - [2006/05/08 04:24:54 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV [On_Demand | Stopped])
SRV - [2005/06/17 17:54:12 | 00,143,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service [On_Demand | Running])
SRV - [2005/06/17 19:04:48 | 00,397,312 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe -- (VAIO Entertainment Task Scheduler [Auto | Running])
SRV - [2005/06/15 11:17:46 | 00,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service [On_Demand | Running])
SRV - [2005/05/20 17:41:42 | 00,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service [Auto | Running])
SRV - [2006/06/12 15:03:34 | 01,957,888 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer [Auto | Running])
SRV - [2005/06/07 03:38:26 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP [Auto | Running])
SRV - [2006/05/22 13:34:12 | 00,770,048 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP [Auto | Running])
SRV - [2006/05/17 18:19:26 | 00,155,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway [On_Demand | Stopped])
SRV - [2005/01/04 11:09:36 | 00,398,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe -- (VCI [Auto | Stopped])
SRV - [2005/06/15 11:17:38 | 00,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw [On_Demand | Running])
SRV - [2009/03/31 19:20:50 | 02,404,232 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Stopped])
SRV - [2009/03/18 14:04:44 | 01,685,024 | ---- | M] (NanJing Nagasoft Co, LTD.) -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc [Auto | Stopped])
SRV - [2005/06/15 11:17:44 | 00,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc [Auto | Running])
SRV - [2005/06/15 11:17:44 | 00,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2003/12/08 12:53:48 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\system32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Stopped])
DRV - [2003/12/08 11:53:46 | 00,070,688 | ---- | M] (THOMSON) -- C:\WINDOWS\system32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Stopped])
DRV - [2005/09/12 15:59:40 | 01,239,552 | ---- | M] (Philips Consumer Electronics) -- C:\WINDOWS\system32\DRIVERS\camdrv41.sys -- (camvid40 [On_Demand | Running])
DRV - [2006/02/20 19:17:40 | 00,033,408 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv [System | Running])
DRV - [2000/12/05 16:18:02 | 00,003,952 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\DMICall.sys -- (DMICall [System | Running])
DRV - [2006/11/28 15:17:14 | 00,246,680 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Stopped])
DRV - [2005/12/27 10:11:10 | 00,321,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2004/01/19 16:27:18 | 00,019,153 | R--- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS [On_Demand | Stopped])
DRV - [2004/01/19 16:27:26 | 00,006,828 | R--- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ftlund.sys -- (FTLUND [On_Demand | Stopped])
DRV - [2004/01/19 16:27:32 | 00,050,396 | R--- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2002/10/04 12:21:18 | 00,061,776 | ---- | M] (Gemplus) -- C:\WINDOWS\System32\Drivers\GTwinUSB.sys -- (GTwinUSB [On_Demand | Stopped])
DRV - [2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/05/23 18:30:48 | 00,178,048 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2005/05/23 18:31:46 | 01,034,752 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2005/06/17 15:33:40 | 00,872,064 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2009/03/31 17:18:30 | 00,150,544 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2004/03/09 20:48:08 | 00,108,032 | ---- | M] (Cisco-Linksys LLC) -- C:\WINDOWS\system32\DRIVERS\vnetusbl.sys -- (LinksysFVNETusbl(AR)® [On_Demand | Running])
DRV - [2004/03/17 20:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2005/05/27 16:13:12 | 00,007,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped])
DRV - [2005/05/27 16:13:12 | 00,011,001 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped])
DRV - [2005/05/27 16:13:12 | 00,128,295 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped])
DRV - [2008/09/17 23:55:00 | 06,132,576 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2007/01/10 18:05:38 | 00,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
DRV - [2005/02/01 14:27:00 | 00,348,640 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\PRISMA02.sys -- (PRISM_A02 [On_Demand | Stopped])
DRV - [2004/08/04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/07/27 00:06:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/08/10 13:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2005/05/16 14:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2005/12/06 16:11:18 | 00,035,328 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync03.sys -- (sfsync03 [Boot | Running])
DRV - [2005/02/01 02:16:44 | 00,786,816 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\smrt.sys -- (smrt [On_Demand | Running])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2009/05/27 18:39:10 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/11/17 02:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2005/12/22 12:24:50 | 00,080,272 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\sscdbus.sys -- (sscdbus [On_Demand | Stopped])
DRV - [2005/12/22 12:24:52 | 00,010,864 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])
DRV - [2005/12/22 12:24:52 | 00,137,884 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])
DRV - [2005/08/30 01:47:38 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\ssm_bus.sys -- (ssm_bus [On_Demand | Stopped])
DRV - [2005/08/30 01:49:34 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys -- (ssm_mdfl [On_Demand | Stopped])
DRV - [2005/08/30 01:49:38 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys -- (ssm_mdm [On_Demand | Stopped])
DRV - [2008/11/08 21:02:04 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
DRV - [2006/03/31 18:27:06 | 01,155,672 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2006/10/15 17:07:39 | 00,076,560 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2009/03/06 00:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2009/03/31 19:20:54 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - [2005/06/13 10:03:12 | 00,060,768 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w800bus.sys -- (w800bus [On_Demand | Stopped])
DRV - [2005/06/13 10:05:08 | 00,009,264 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w800mdfl.sys -- (w800mdfl [On_Demand | Stopped])
DRV - [2005/06/13 10:05:16 | 00,096,224 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w800mdm.sys -- (w800mdm [On_Demand | Stopped])
DRV - [2005/06/13 10:06:58 | 00,087,792 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w800mgmt.sys -- (w800mgmt [On_Demand | Stopped])
DRV - [2005/06/13 10:08:36 | 00,085,664 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w800obex.sys -- (w800obex [On_Demand | Stopped])
DRV - [2005/05/23 18:30:42 | 00,716,288 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2004/03/22 09:22:28 | 00,090,559 | R--- | M] (VM) -- C:\WINDOWS\System32\Drivers\usbvm302.sys -- (ZSMC302 [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default = E2 63 DC 13 F8 8B 57 46 99 0F 09 2B D3 0E 96 30 [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default = E2 63 DC 13 F8 8B 57 46 99 0F 09 2B D3 0E 96 30 [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default = E2 63 DC 13 F8 8B 57 46 99 0F 09 2B D3 0E 96 30 [binary data]
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default = E2 63 DC 13 F8 8B 57 46 99 0F 09 2B D3 0E 96 30 [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/

IE - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default = E2 63 DC 13 F8 8B 57 46 99 0F 09 2B D3 0E 96 30 [binary data]
IE - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\S-1-5-21-3204288191-3142184070-2289752310-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\S-1-5-21-3204288191-3142184070-2289752310-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.34

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/15 10:39:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/28 21:03:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 21:03:21 | 00,000,000 | ---D | M]

[2009/03/07 21:59:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Keshuv Sharma\Application Data\mozilla\Extensions
[2008/07/31 20:03:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Keshuv Sharma\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/07 21:59:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Keshuv Sharma\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/05/28 15:04:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Keshuv Sharma\Application Data\mozilla\Firefox\Profiles\wc4nrmwr.default\extensions
[2009/05/13 19:49:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Keshuv Sharma\Application Data\mozilla\Firefox\Profiles\wc4nrmwr.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2009/05/28 15:04:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 21:03:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/04/01 18:11:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/04/28 21:03:17 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 21:03:17 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/01/04 16:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 19:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 16:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 10:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/14 18:32:30 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 19:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 16:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {13DC63E2-8BF8-4657-990F-092BD30E9630} - C:\WINDOWS\system32\nipxvwwx.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: () - {45C7DD5D-0925-46F5-B729-5169691707AF} - c:\windows\system32\crfwpoj.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\..\Toolbar\WebBrowser: (no name) - {A2595F37-48D0-46A1-9B51-478591A97764} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe (Sony Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKLM..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{DC6E3~1\Setup.exe -rebootC:\PROGRA~1\INSTAL~1\{DC6E3~1\reboot.ini (InstallShield Software Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audio Filter.lnk = C:\Program Files\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HD Writer AE 1.0.lnk = C:\Program Files\Panasonic\HD Writer AE 1\HDWriterAutoStart.exe (Panasonic Corporation)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\Keshuv Sharma\Start Menu\Programs\Startup\santa.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm File not found
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\sony\image converter 2\menu.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .csd - C:\Program Files\Gemplus\GemSafe eSigner\plugin\Npcsig.dll (Gemplus)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} https://components.viewpoint.com/MTSInstall...ntage_load.html (MetaStreamCtl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} http://www.navigram.com/engine/v812/PageDive5.cab (PageDive Control)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.tvucricket.com/player/vjocx-en-black.cab (VodClient Control Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.22,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{5F20541B-B599-4EB6-B275-BD8613940969}\\NameServer = 85.255.112.22,85.255.112.130
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\scxknwlq: DllName - crfwpoj.dll - C:\WINDOWS\system32\crfwpoj.dll (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\system32\VESWinlogon.dll (Sony Corporation)
O22 - SharedTaskScheduler: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - Reg Error: Key error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 02:12:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/28 10:38:28 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/05/28 10:38:28 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: ("autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*") - * [2009/05/28 20:54:21 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (smrgdf) - C:\WINDOWS\System32\smrgdf.exe ()
O34 - HKLM BootExecute: (C:\Program) - File not found
O34 - HKLM BootExecute: (Files\iolo\System) - File not found
O34 - HKLM BootExecute: (Mechanic) - File not found
O34 - HKLM BootExecute: (6\) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/05/28 20:54:19 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Keshuv Sharma\Desktop\OTListIt2.exe
[2009/05/28 20:46:01 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/28 20:45:58 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/28 20:45:56 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/28 20:45:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/28 20:45:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/28 20:44:58 | 03,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Keshuv Sharma\Desktop\mbam-setup.exe
[2009/05/28 18:48:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keshuv Sharma\My Documents\EA Games
[2009/05/28 15:42:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keshuv Sharma\My Documents\My Videos
[2009/05/28 15:38:11 | 00,000,000 | ---D | C] -- C:\Utils
[2009/05/28 15:14:01 | 00,359,883 | ---- | C] () -- C:\Documents and Settings\Keshuv Sharma\Desktop\dds.scr
[2009/05/28 15:05:08 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/28 10:38:28 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/05/28 09:41:19 | 00,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2009/05/28 09:40:45 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2009/05/28 09:39:45 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2009/05/28 09:39:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/05/28 09:26:14 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\kungsfjddcvosf.sys
[2009/05/28 09:26:14 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\kungsfncdbnoyx.dll
[2009/05/28 09:26:14 | 00,009,720 | ---- | C] () -- C:\WINDOWS\System32\kungsfxjfktrpu.dat
[2009/05/28 09:03:41 | 00,000,274 | -H-- | C] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/05/28 09:03:16 | 00,092,563 | ---- | C] () -- C:\WINDOWS\InstByVid.exe
[2009/05/28 09:03:13 | 00,000,181 | -H-- | C] () -- C:\Documents and Settings\Keshuv Sharma\Start Menu\Programs\Startup\santa.bat
[2009/05/27 18:43:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/05/27 18:43:32 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2009/05/27 18:39:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keshuv Sharma\Application Data\DAEMON Tools Lite
[2009/05/23 17:09:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nagasoft
[2009/05/23 13:40:42 | 00,001,864 | ---- | C] () -- C:\Documents and Settings\Keshuv Sharma\Desktop\The Sims 2 Pets.lnk
[2009/05/13 20:33:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2009/05/13 20:33:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keshuv Sharma\Application Data\Panasonic
[2009/05/13 19:28:23 | 00,033,408 | ---- | C] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys
[2009/05/13 19:28:22 | 00,145,504 | ---- | C] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe
[2009/05/13 19:28:22 | 00,059,488 | ---- | C] (B.H.A Corporation) -- C:\WINDOWS\System32\GenSvcInst.exe
[2009/05/13 19:27:37 | 00,001,607 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HD Writer AE 1.0.lnk
[2009/05/13 19:27:34 | 00,000,000 | ---D | C] -- C:\Program Files\Panasonic
[2009/05/05 18:19:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keshuv Sharma\Application Data\AVS4YOU
[2009/05/05 18:19:08 | 00,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2009/05/05 18:17:55 | 00,000,000 | ---D | C] -- C:\Program Files\AVSMEDIA
[2009/01/04 20:57:53 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/10/28 23:58:48 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/28 23:58:48 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/07 22:29:28 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/09/21 20:04:17 | 00,308,736 | ---- | C] () -- C:\WINDOWS\System32\fpxlib.dll
[2008/09/21 20:04:17 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\jpeglib.dll
[2008/08/17 14:03:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\optiflash.INI
[2008/07/27 08:19:59 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/07/23 17:50:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 17:47:34 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/23 17:47:34 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/07/23 17:46:38 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/07/03 19:30:46 | 00,000,858 | ---- | C] () -- C:\WINDOWS\SysMech6.INI
[2008/07/03 17:43:14 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/05/23 19:58:24 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/04/17 18:32:22 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/04/16 20:33:32 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/04/16 20:31:03 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX7400DEFGIPS.ini
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/12/05 02:41:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/26 18:42:59 | 00,000,241 | ---- | C] () -- C:\WINDOWS\exampro32.ini
[2007/02/19 22:08:11 | 00,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/11/11 14:34:13 | 00,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2006/11/11 00:30:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/11/11 00:11:55 | 00,127,059 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll
[2006/09/20 19:30:33 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/02/26 15:13:46 | 00,000,092 | R--- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2006/01/08 17:36:35 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/29 14:39:49 | 00,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2005/12/10 17:45:43 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/10/14 11:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 11:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 11:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 11:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 11:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 11:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/14 11:56:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005/09/05 17:03:25 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/05 16:58:17 | 00,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/09/05 16:56:37 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2005/08/30 14:52:47 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/30 11:22:42 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/30 11:22:42 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/30 11:22:42 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/30 11:22:42 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/30 11:22:42 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/30 11:22:42 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/30 11:04:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/08/30 02:14:52 | 00,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/29 19:00:51 | 00,001,906 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/29 19:00:43 | 00,000,809 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/29 19:00:42 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/29 19:00:39 | 00,143,872 | ---- | C] () -- C:\WINDOWS\System32\nipxvwwx.dll.vzr
[2005/08/29 19:00:39 | 00,143,872 | ---- | C] () -- C:\WINDOWS\System32\nipxvwwx.dll
[2005/08/02 16:30:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/08/02 16:30:00 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/08/02 16:30:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/08/02 16:30:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/07/08 17:40:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/13 09:57:36 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL
[1999/07/23 14:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/05/28 20:54:22 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Keshuv Sharma\Desktop\OTListIt2.exe
[2009/05/28 20:46:01 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/28 20:45:02 | 03,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Keshuv Sharma\Desktop\mbam-setup.exe
[2009/05/28 20:40:25 | 00,191,953 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/28 20:38:04 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/28 20:37:35 | 00,351,220 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/05/28 20:37:01 | 00,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/05/28 20:36:59 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Keshuv Sharma\Local Settings\desktop.ini
[2009/05/28 20:36:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/28 20:36:48 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/28 20:36:32 | 34,877,60384 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/28 16:44:16 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/05/28 15:57:21 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/28 15:14:01 | 00,359,883 | ---- | M] () -- C:\Documents and Settings\Keshuv Sharma\Desktop\dds.scr
[2009/05/28 10:44:30 | 00,009,720 | ---- | M] () -- C:\WINDOWS\System32\kungsfxjfktrpu.dat
[2009/05/28 09:27:17 | 00,020,992 | ---- | M] () -- C:\WINDOWS\System32\kungsfncdbnoyx.dll
[2009/05/28 09:26:14 | 00,040,960 | ---- | M] () -- C:\WINDOWS\System32\drivers\kungsfjddcvosf.sys
[2009/05/28 09:04:45 | 15,766,0192 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/05/28 09:03:16 | 00,092,563 | ---- | M] () -- C:\WINDOWS\InstByVid.exe
[2009/05/28 09:03:13 | 00,000,181 | -H-- | M] () -- C:\Documents and Settings\Keshuv Sharma\Start Menu\Programs\Startup\santa.bat
[2009/05/28 08:10:34 | 00,000,805 | ---- | M] () -- C:\rollback.ini
[2009/05/27 18:40:26 | 01,985,840 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/05/27 18:39:10 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/23 13:40:42 | 00,001,864 | ---- | M] () -- C:\Documents and Settings\Keshuv Sharma\Desktop\The Sims 2 Pets.lnk
[2009/05/18 17:48:58 | 00,303,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/17 20:54:43 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/13 19:27:37 | 00,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HD Writer AE 1.0.lnk
[2009/05/10 22:05:36 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/05/07 08:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >


OTListIt Extras logfile created on: 28/05/2009 20:56:15 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Keshuv Sharma\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 50.58 Gb Free Space | 67.88% Space Free | Partition Type: NTFS
Drive D: | 216.59 Gb Total Space | 101.45 Gb Free Space | 46.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHARMAVAIO
Current User Name: Keshuv Sharma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3204288191-3142184070-2289752310-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/12/02 22:44:52 | 00,582,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2008/12/02 23:41:54 | 03,882,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2005/01/31 06:45:26 | 00,270,410 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\vaio media 3.1\Vc.exe:*:Enabled:[VAIO Media] VAIO Media
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2008/12/16 21:16:10 | 00,637,232 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2008/03/14 09:21:18 | 00,287,040 | ---- | M] () -- C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA
[2008/12/17 19:42:02 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
[2008/09/18 20:01:52 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2008/12/02 22:44:52 | 00,582,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2008/12/02 23:41:54 | 03,882,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/03/31 19:20:50 | 02,404,232 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service
[2009/04/02 16:10:58 | 13,646,632 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01AE599F-7B72-4135-8C56-9191F4ACBA88}" = VAIO Edit Components
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A91D1FA-B9B3-4556-9878-5C61059A19B2}" = InterVideo WinDVDX
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 4.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{220F6386-5D1F-4DA5-94DB-F12133C3AE2C}" = Philips SPC 900NC PC Camera
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"{25CF0627-2EF6-4FCE-A0DE-7D6350C774B2}" = VAIO Original Screen Saver VAIO Scene HD Normal Contents
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29999594-B540-4C88-A8D3-C99CA43809FC}" = Image Converter 2
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33585139-FF59-4D35-A3E2-E0885BA40ACD}" = Gemplus
"{33711828-7194-4446-8C05-0DC0E59A0C1B}" = CANON iMAGE GATEWAY Task
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{36C65B50-37BA-4467-AAD5-0523EFDF6F62}" = Camera Window MC
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3D249F10-79EC-48D4-93E5-C470ABE523FA}" = Nokia Connectivity Cable Driver
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{531C0C3A-7112-4986-8222-5778FB547D81}" = VAIO Original Screen Saver VAIO Motion HD Normal Contents
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = EOS Capture 1.5
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{5FCCD531-1B38-4A94-924C-127F722F1033}" = Nero 8
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 4.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7998F67D-655B-42E3-B651-18D96DD17268}" = Adobe Premiere Standard
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 4.2
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96B361E4-A86E-4335-99FF-6C3604788DAB}" = HD Writer AE 1.0 for HDC
"{9710F174-2AA2-426B-A052-D2D15328383E}" = eSigner_Core Module
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.0
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43F939E-A863-433D-AC78-0897E44CFEB2}" = VAIO Launcher
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A54453DD-9408-45B2-B179-9BBD83498249}" = GemSafe Libraries 4.2.0 SP3 Patch 4203-4
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 4.0
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C7EEC93A-2A61-4B1E-B696-A264680A889D}" = MobileMe Control Panel
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-in 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E8C34D-19D2-49FD-A900-88DEB788FF86}" = Internet Library
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DC6E3CD5-A93D-44EA-85AE-894C1603B7E2}" = VAIO TV Tuner Library 1.4
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E09E82C3-6C4D-45B0-8790-BBBEE39F1A3C}" = VAIO Zone Remote Commander
"{E3A54A70-1CFA-4D79-ACD6-5AA2A98C212F}" = Samsung PC Studio 3
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5E6E687-1033-0000-0000-000000000002}" = Adobe Acrobat 7.0 Elements
"{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}" = Philips VLounge
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED8D39F2-7FFA-45EC-B148-EF2472955BB4}" = VAIO Zone
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Acrobat 7.0 Elements" = Adobe Acrobat 7.0 Elements
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 Userís Guide" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
"Exampro AA_BIOB" = Exampro AQA GCE Biology B
"FTDICOMM" = SEMC DSS SyncStation Driver
"Gemplus Smart Card Reader Tools" = Gemplus Smart Card Reader Tools
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"InstallShield_{33585139-FF59-4D35-A3E2-E0885BA40ACD}" = GemSafe eSigner 3.0.2
"InstallShield_{33711828-7194-4446-8C05-0DC0E59A0C1B}" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InstallShield_{36C65B50-37BA-4467-AAD5-0523EFDF6F62}" = Canon Camera Window MC 5 for ZoomBrowser EX
"InstallShield_{3D249F10-79EC-48D4-93E5-C470ABE523FA}" = Nokia Connectivity Cable Driver
"InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = Canon Utilities EOS Capture 1.5
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO Online Registration (English)
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{D0E8C34D-19D2-49FD-A900-88DEB788FF86}" = Canon Internet Library for ZoomBrowser EX
"LimeWire" = LimeWire PRO 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MoodLogic" = MoodLogic
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01
"PeerGuardian_is1" = PeerGuardian 2.0
"PROR" = Microsoft Office Professional 2007
"PROSet" = Intel® PRO Network Connections Drivers
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave" = Shockwave
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoneAlarm Security Suite" = ZoneAlarm Security Suite

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3204288191-3142184070-2289752310-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/05/2009 12:21:58 | Computer Name = SHARMAVAIO | Source = VzFw | ID = 203
Description = Failed to register data of file/folder. (00000000) C:\Documents and
Settings\All Users\Application Data\Sony Corporation\PictureGear Studio\Samples\PhotoCollection\Samples

Error - 28/05/2009 12:21:58 | Computer Name = SHARMAVAIO | Source = VzFw | ID = 108
Description = Failed to start monitoring folder. (00000000) C:\Documents and Settings\All
Users\Application Data\Sony Corporation\PictureGear Studio\Samples\PhotoCollection\Samples

Error - 28/05/2009 12:21:58 | Computer Name = SHARMAVAIO | Source = VzCdbSvc | ID = 21
Description = Failed to create database. (drive = C:\)(Error code = 0x80043108)

Error - 28/05/2009 12:21:58 | Computer Name = SHARMAVAIO | Source = VzFw | ID = 203
Description = Failed to register data of file/folder. (00000000) C:\Documents and
Settings\All Users\VAIO Media Integrated Server\Incoming

Error - 28/05/2009 12:22:11 | Computer Name = SHARMAVAIO | Source = VzCdbSvc | ID = 21
Description = Failed to create database. (drive = C:\)(Error code = 0x80043108)

Error - 28/05/2009 12:22:13 | Computer Name = SHARMAVAIO | Source = VzFw | ID = 203
Description = Failed to register data of file/folder. (00000000) C:\Documents and
Settings\All Users\VAIO Media Integrated Server\Incoming

Error - 28/05/2009 12:55:23 | Computer Name = SHARMAVAIO | Source = Application Error | ID = 1000
Description = Faulting application VzFw.exe, version 1.3.1.4220, faulting module
MSVCR71.DLL, version 7.10.3052.4, fault address 0x00002eee.

Error - 28/05/2009 13:46:15 | Computer Name = SHARMAVAIO | Source = Application Error | ID = 1000
Description = Faulting application VzFw.exe, version 1.3.1.4220, faulting module
VzCsDsAudioFile.vzcs, version 1.5.0.5271, fault address 0x000041d7.

Error - 28/05/2009 13:47:02 | Computer Name = SHARMAVAIO | Source = Application Error | ID = 1000
Description = Faulting application VzFw.exe, version 1.3.1.4220, faulting module
VzCsDsAudioFile.vzcs, version 1.5.0.5271, fault address 0x000041d7.

Error - 28/05/2009 15:37:42 | Computer Name = SHARMAVAIO | Source = VzFw | ID = 205
Description = Failed to delete data of file/folder. (00000000) D:\Music, videos,
pictures\My Music\

[ OSession Events ]
Error - 28/10/2008 19:03:59 | Computer Name = SHARMAVAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 485 seconds with 120 seconds of active time. This session ended with a crash.

Error - 28/10/2008 19:04:33 | Computer Name = SHARMAVAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 16 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 28/05/2009 08:17:38 | Computer Name = SHARMAVAIO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%2

Error - 28/05/2009 08:17:38 | Computer Name = SHARMAVAIO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%2

Error - 28/05/2009 08:17:38 | Computer Name = SHARMAVAIO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%2

Error - 28/05/2009 08:17:38 | Computer Name = SHARMAVAIO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%2

Error - 28/05/2009 08:17:38 | Computer Name = SHARMAVAIO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%2

Error - 28/05/2009 08:28:35 | Computer Name = SHARMAVAIO | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{5F20541B-B599-4EB6-B275-BD8613940969}. The
backup browser is stopping.

Error - 28/05/2009 11:20:18 | Computer Name = SHARMAVAIO | Source = Service Control Manager | ID = 7034
Description = The VAIO Entertainment File Import Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 28/05/2009 13:47:51 | Computer Name = SHARMAVAIO | Source = Service Control Manager | ID = 7034
Description = The VAIO Entertainment File Import Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 28/05/2009 15:33:00 | Computer Name = SHARMAVAIO | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
SHARMAHPDESKTOP that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{5F20541B-B59. The master browser is stopping or an election is being
forced.

Error - 28/05/2009 15:49:16 | Computer Name = SHARMAVAIO | Source = Service Control Manager | ID = 7034
Description = The B's Recorder GOLD Library General Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >

THANKS IN ADVANCE..

KKS

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:48 AM

Posted 29 May 2009 - 11:56 AM

Let's clean up a few things and then come back to malwarebytes.


Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O2 - BHO: (no name) - {13DC63E2-8BF8-4657-990F-092BD30E9630} - C:\WINDOWS\system32\nipxvwwx.dll ()
    O2 - BHO: () - {45C7DD5D-0925-46F5-B729-5169691707AF} - c:\windows\system32\crfwpoj.dll (Microsoft Corporation)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
    O3 - HKLM\..\Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - Reg Error: Key error. File not found
    O3 - HKLM\..\Toolbar: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - Reg Error: Key error. File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\..\Toolbar\WebBrowser: (no name) - {A2595F37-48D0-46A1-9B51-478591A97764} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-3204288191-3142184070-2289752310-1007\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - Reg Error: Key error. File not found
    O4 - Startup: C:\Documents and Settings\Keshuv Sharma\Start Menu\Programs\Startup\santa.bat ()
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.22,85.255.112.130
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{5F20541B-B599-4EB6-B275-BD8613940969}\\NameServer = 85.255.112.22,85.255.112.130
    O20 - Winlogon\Notify\scxknwlq: DllName - crfwpoj.dll - C:\WINDOWS\system32\crfwpoj.dll (Microsoft Corporation)
    O32 - AutoRun File - [2009/05/28 10:38:28 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2009/05/28 10:38:28 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (smrgdf) - C:\WINDOWS\System32\smrgdf.exe ()
    
    :Files
    C:\WINDOWS\tasks\At*.job
    C:\WINDOWS\System32\drivers\kungsfjddcvosf.sys
    C:\WINDOWS\System32\kungsfncdbnoyx.dll
    C:\WINDOWS\System32\kungsfxjfktrpu.dat
    C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
    C:\WINDOWS\InstByVid.exe
    C:\Documents and Settings\Keshuv Sharma\Start Menu\Programs\Startup\santa.bat
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL2 log.


After rebooting, see if you can Malwarebytes to run a scan. If so, please post the resulting log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 kks

kks
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 30 May 2009 - 11:37 AM

Hi Sam,

Thanks for your help,

My computer crashed and would not get further than the logon screen before it crashed again, so i used the vaio recovery tool and it has restored the computer back to its original state( as setup when i got it out the box).

I still have a few questions though:

I think the virus has been removed as part of the recovery, but just to make sure that this is the case how can i check that i no longer have any viruses and would you be able to check from logs i send you that the computer is clean?

Also what free programs do you recommend to stay protected against viruses?

Thanks again in advance and for your help..

KKS.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:48 AM

Posted 31 May 2009 - 09:29 AM

Go ahead and post a new log from OTListIt and I'll take a look to see if any malware is still present. If it's all clear I'll post some final steps and recommendations for you on what to run to keep clean going forward.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 kks

kks
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 01 June 2009 - 11:58 AM

Heres the OTlistIt2 log:

OTListIt logfile created on: 01/06/2009 17:51:29 - Run 2
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Sharma Vaio\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 51.82 Gb Free Space | 69.55% Space Free | Partition Type: NTFS
Drive D: | 216.59 Gb Total Space | 167.55 Gb Free Space | 77.36% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHARMAVAIO
Current User Name: Sharma Vaio
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/05/01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/03/31 19:20:50 | 02,404,232 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/03/31 17:18:14 | 00,143,360 | ---- | M] (Kaspersky Lab.) -- C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
PRC - [2004/10/04 04:47:04 | 00,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/06/17 07:55:58 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
PRC - [2009/05/31 15:44:19 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
PRC - [2004/10/04 03:40:50 | 00,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2005/05/20 17:41:42 | 00,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2005/06/15 11:17:38 | 00,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/03/31 17:18:14 | 00,143,360 | ---- | M] (Kaspersky Lab.) -- C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
PRC - [2005/06/15 11:17:44 | 00,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/06/15 11:17:44 | 00,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/06/17 17:54:12 | 00,143,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/06/17 07:56:14 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
PRC - [2009/05/31 15:44:19 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/01/31 10:10:44 | 00,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
PRC - [2005/03/03 21:47:18 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
PRC - [2008/08/24 11:59:12 | 00,870,240 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/03/31 19:20:50 | 00,982,408 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2005/04/01 13:43:04 | 04,656,640 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/02/05 16:57:26 | 00,869,648 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
PRC - [2006/10/18 21:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/06/01 17:51:12 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sharma Vaio\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2004/10/04 04:47:04 | 00,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor [Auto | Running])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/03 14:53:08 | 00,033,176 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/06/17 07:55:58 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe -- (IAANTMon [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Running])
SRV - [2005/04/05 13:06:36 | 00,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\image converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment [On_Demand | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/05/31 15:44:19 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -- (MSSQL$VAIO_VEDB [Auto | Running])
SRV - [2002/12/17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/05/01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/12/14 01:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2004/10/04 03:40:50 | 00,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect [Auto | Running])
SRV - [2007/02/05 10:11:16 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service [On_Demand | Stopped])
SRV - [2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2002/12/17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -- (SQLAgent$VAIO_VEDB [On_Demand | Stopped])
SRV - [2007/02/05 10:11:18 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV [On_Demand | Stopped])
SRV - [2005/06/17 17:54:12 | 00,143,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service [On_Demand | Running])
SRV - [2005/06/17 19:04:48 | 00,397,312 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe -- (VAIO Entertainment Task Scheduler [On_Demand | Stopped])
SRV - [2005/06/15 11:17:46 | 00,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped])
SRV - [2005/05/20 17:41:42 | 00,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service [Auto | Running])
SRV - [2006/06/12 14:03:34 | 01,957,888 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer [On_Demand | Stopped])
SRV - [2005/06/07 03:38:26 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP [On_Demand | Stopped])
SRV - [2006/05/22 12:34:12 | 00,770,048 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP [On_Demand | Stopped])
SRV - [2006/05/17 17:19:26 | 00,155,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway [On_Demand | Stopped])
SRV - [2005/01/04 11:09:36 | 00,398,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe -- (VCI [Auto | Stopped])
SRV - [2005/06/15 11:17:38 | 00,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw [On_Demand | Running])
SRV - [2009/03/31 19:20:50 | 02,404,232 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2005/06/15 11:17:44 | 00,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc [Auto | Running])
SRV - [2005/06/15 11:17:44 | 00,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2000/12/05 16:18:02 | 00,003,952 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\DMICall.sys -- (DMICall [System | Running])
DRV - [2006/11/28 14:17:14 | 00,246,680 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/05/23 18:30:48 | 00,178,048 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2005/05/23 18:31:46 | 01,034,752 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2005/06/17 15:33:40 | 00,872,064 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2009/03/31 17:18:30 | 00,150,544 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2004/03/09 19:48:08 | 00,108,032 | ---- | M] (Cisco-Linksys LLC) -- C:\WINDOWS\system32\DRIVERS\vnetusbl.sys -- (LinksysFVNETusbl(AR)® [On_Demand | Running])
DRV - [2004/03/17 20:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2009/04/30 22:02:00 | 08,055,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/08/04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2009/04/15 21:25:42 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/04/13 17:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/02/01 02:16:44 | 00,786,816 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\smrt.sys -- (smrt [On_Demand | Running])
DRV - [2008/11/17 02:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2006/03/31 17:27:06 | 01,155,672 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2009/03/31 19:20:54 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - [2005/05/23 18:30:42 | 00,716,288 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/

IE - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\S-1-5-21-3623983187-388047759-1719168769-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\S-1-5-21-3623983187-388047759-1719168769-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/31 15:44:21 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VAIO Update 4] "C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe" /Stationary (Sony Corporation)
O4 - HKLM..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe (Sony Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audio Filter.lnk = C:\Program Files\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: adobe.com ([eurostore] http in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: adobe.com ([istore] https in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: club-vaio.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: moodlogic.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: sony-europe.com ([www.club-vaio] http in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: sony-europe.com ([www.vaio] http in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: sonystyle-europe.com ([shop] http in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: sonystyle-europe.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: symantecstore.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: tvtv.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: tvtv.de ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: tvtv.es ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: tvtv.fr ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: tvtv.it ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: tvtv.nl ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: utimaco.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: yahoo.com ([*.personals] http in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: yahoo.com ([*.rd] http in Trusted sites)
O15 - HKU\S-1-5-21-3623983187-388047759-1719168769-1007\..Trusted Domains: 12 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\system32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 02:12:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/01 17:51:12 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/06/01 17:51:12 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sharma Vaio\Desktop\OTListIt2.exe
[2009/06/01 08:58:20 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2009/05/31 16:24:19 | 00,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2009/05/31 16:24:16 | 00,000,000 | ---D | C] -- C:\Program Files\Codec Pack - All In 1
[2009/05/31 16:18:51 | 00,000,000 | R-SD | C] -- C:\Documents and Settings\Sharma Vaio\My Documents\My Stationery
[2009/05/31 16:16:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\Application Data\DivX
[2009/05/31 09:57:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/05/31 09:57:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\Application Data\Sun
[2009/05/31 00:38:15 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2009/05/30 23:51:30 | 00,001,113 | ---- | C] () -- C:\rollback.ini
[2009/05/30 23:38:04 | 34,877,60384 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/30 23:35:41 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/30 23:27:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\Application Data\MailFrontier
[2009/05/30 23:25:13 | 11,378,8448 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/05/30 23:25:13 | 01,523,468 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/05/30 23:22:43 | 00,004,212 | RH-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/05/30 23:22:37 | 00,150,544 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/05/30 23:22:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2009/05/30 23:22:10 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/05/30 23:22:08 | 00,351,219 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/05/30 23:21:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2009/05/30 22:34:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\My Documents\Keshuv
[2009/05/30 22:33:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\My Documents\heema
[2009/05/30 22:33:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\My Documents\hina's
[2009/05/30 22:33:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\My Documents\Dad
[2009/05/30 22:33:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\My Documents\My Videos
[2009/05/30 22:32:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\My Documents\My Pictures
[2009/05/30 22:31:43 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Sharma Vaio\My Documents\My Music
[2009/05/30 22:31:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\My Documents\LimeWire
[2009/05/30 21:27:57 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/05/30 21:06:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\Application Data\OfficeUpdate12
[2009/05/30 20:50:12 | 00,000,398 | ---- | C] () -- C:\Documents and Settings\Sharma Vaio\Desktop\My Multimedia.lnk
[2009/05/30 20:39:09 | 00,000,000 | ---D | C] -- C:\Program Files\PeerGuardian2
[2009/05/30 20:38:17 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/05/30 20:38:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\Application Data\uTorrent
[2009/05/30 20:37:21 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/05/30 20:37:21 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/05/30 20:37:21 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/05/30 20:29:16 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/05/30 20:29:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/05/30 20:28:49 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/05/30 20:27:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2009/05/30 20:27:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/05/30 20:26:56 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/05/30 20:26:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/05/30 20:26:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/05/30 20:26:12 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/05/30 20:25:57 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/05/30 20:25:52 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/05/30 20:20:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/05/30 20:20:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\Application Data\Apple Computer
[2009/05/30 20:20:00 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/05/30 20:19:59 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/05/30 20:19:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/30 20:19:49 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/05/30 20:19:32 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/05/30 20:19:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/05/30 20:19:24 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/30 20:19:21 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/05/30 20:19:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/05/30 20:19:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/05/30 20:17:08 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009/05/30 20:17:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/05/30 20:15:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\Application Data\WinRAR
[2009/05/30 20:14:57 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/05/30 20:08:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2009/05/30 20:07:33 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2009/05/30 19:00:16 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/05/30 18:56:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/05/30 18:52:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/05/30 18:52:46 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/05/30 18:40:53 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/05/30 18:23:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/05/30 18:23:56 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/05/30 18:23:52 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/05/30 18:23:39 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/05/30 18:23:39 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/05/30 18:23:39 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/05/30 18:23:39 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/05/30 18:23:39 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/05/30 18:23:39 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/05/30 18:23:39 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/05/30 18:21:51 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/05/30 18:21:38 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/05/30 18:20:29 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/05/30 18:20:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/05/30 18:20:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/05/30 18:10:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/05/30 18:10:32 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/05/30 18:10:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/05/30 18:10:07 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/05/30 18:09:23 | 24,699,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/30 18:09:01 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/05/30 17:56:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/30 17:53:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/05/30 17:53:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/05/30 17:53:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/05/30 17:53:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/05/30 17:53:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/05/30 17:52:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/05/30 17:52:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/05/30 17:50:41 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/05/30 17:50:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2009/05/30 17:47:35 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/05/30 17:47:30 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/05/30 17:46:45 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/05/30 17:44:14 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/05/30 17:43:36 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/05/30 17:43:36 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/05/30 17:43:36 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/05/30 17:43:36 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/05/30 17:43:36 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/05/30 17:43:36 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/05/30 17:43:35 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/05/30 17:43:35 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/05/30 17:43:35 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/05/30 17:43:35 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/05/30 17:43:34 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/05/30 17:43:34 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/05/30 17:37:58 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/05/30 17:37:52 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/05/30 17:37:16 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/05/30 17:37:09 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/05/30 17:36:58 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/05/30 17:33:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\Application Data\InstallShield
[2009/05/30 17:32:54 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/05/30 17:32:50 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/05/30 17:30:23 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/05/30 17:30:23 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/05/30 17:30:23 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/05/30 17:29:58 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2009/05/30 17:29:58 | 00,073,728 | ---- | C] (Gracenote) -- C:\WINDOWS\System32\CddbLinkSony.dll
[2009/05/30 17:24:56 | 00,770,048 | ---- | C] (Gracenote) -- C:\WINDOWS\System32\CDDBUISony.dll
[2009/05/30 17:24:56 | 00,655,360 | ---- | C] (Gracenote, Inc.) -- C:\WINDOWS\System32\CDDBControlSony.dll
[2009/05/30 17:24:56 | 00,589,824 | ---- | C] (Gracenote) -- C:\WINDOWS\System32\CddbMusicIDSony.dll
[2009/05/30 17:20:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/05/30 17:14:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/05/30 17:14:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/05/30 17:11:55 | 00,000,000 | ---D | C] -- C:\Update
[2009/05/30 17:11:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/05/30 17:10:36 | 00,000,000 | ---D | C] -- C:\Swsetup
[2009/05/30 03:45:40 | 00,000,000 | ---D | C] -- C:\Documentation
[2009/05/30 00:23:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\Application Data\Malwarebytes
[2009/05/30 00:23:34 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/30 00:23:33 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/30 00:23:33 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/30 00:23:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/29 22:06:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\Application Data\sony
[2009/05/29 22:06:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2009/05/29 20:54:26 | 00,000,349 | ---- | C] () -- C:\Documents and Settings\Sharma Vaio\Desktop\My Documents.lnk
[2009/05/29 20:54:22 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\Sharma Vaio\Desktop\My Computer.lnk
[2009/05/29 20:49:42 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/29 20:47:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\Application Data\Sonic
[2009/05/29 20:47:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\Application Data\Leadertech
[2009/05/29 20:46:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\Application Data\InterVideo
[2009/05/29 20:32:37 | 00,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audio Filter.lnk
[2009/05/29 20:08:55 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/29 20:08:50 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2009/05/29 20:06:40 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/05/29 20:05:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/05/29 20:05:13 | 00,000,000 | ---D | C] -- C:\Program Files\Skype Installer
[2009/05/29 20:03:54 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/05/29 20:03:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2009/05/29 20:02:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
[2009/05/29 20:02:09 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2009/05/29 20:01:21 | 00,068,608 | ---- | C] (QSound Labs, Inc.) -- C:\WINDOWS\System32\SonyAIwo.dll
[2009/05/29 20:01:21 | 00,061,952 | ---- | C] (QSound Labs, Inc.) -- C:\WINDOWS\System32\SonyAIds.dll
[2009/05/29 20:01:21 | 00,038,912 | ---- | C] (QSound Labs, Inc.) -- C:\WINDOWS\System32\SonyAIwd.dll
[2009/05/29 20:00:47 | 00,000,000 | ---D | C] -- C:\Program Files\Moodlogic HTML
[2009/05/29 20:00:44 | 00,000,000 | ---D | C] -- C:\Program Files\MoodLogic
[2009/05/29 19:58:50 | 00,000,894 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2009/05/29 19:57:20 | 00,974,848 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2009/05/29 19:56:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/05/29 19:56:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe PDF
[2009/05/29 19:55:50 | 00,000,000 | ---D | C] -- C:\Program Files\TvTvHTML
[2009/05/29 19:55:50 | 00,000,000 | ---D | C] -- C:\Program Files\tvtv EPG Installer
[2009/05/29 19:55:48 | 00,964,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70u.dll
[2009/05/29 19:54:49 | 00,757,760 | ---- | C] (Gracenote) -- C:\WINDOWS\System32\CDDBUI.dll
[2009/05/29 19:54:49 | 00,630,784 | ---- | C] (Gracenote (formerly CDDB, Inc.)) -- C:\WINDOWS\System32\CDDBControl.dll
[2009/05/29 19:53:04 | 00,033,340 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbmsqlgc.dll
[2009/05/29 19:53:03 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbmsgnet.dll
[2009/05/29 19:52:34 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2009/05/29 19:51:56 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/05/29 19:51:43 | 00,000,000 | RH-- | C] () -- C:\WINDOWS\System32\drivers\Sony_VGC-RC102CEK.mrk
[2009/05/29 19:51:41 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Sharma Vaio\Start Menu\Programs\Startup\desktop.ini
[2009/05/29 19:51:41 | 00,000,082 | -HS- | C] () -- C:\Documents and Settings\Sharma Vaio\My Documents\desktop.ini
[2009/05/29 19:51:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Sharma Vaio\Local Settings\desktop.ini
[2009/05/29 19:51:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Sharma Vaio\Application Data\desktop.ini
[2009/05/29 19:51:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\Application Data\Macromedia
[2009/05/29 19:51:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\Application Data\Identities
[2009/05/29 19:51:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\Application Data\Adobe
[2009/05/29 19:51:40 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Sharma Vaio\Application Data\Microsoft
[2009/05/29 19:51:40 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Sharma Vaio\Local Settings\Temporary Internet Files
[2009/05/29 19:51:40 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Sharma Vaio\Local Settings\History
[2009/05/29 19:51:40 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Sharma Vaio\Local Settings\Application Data
[2009/05/29 19:51:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\Local Settings\Temp
[2009/05/29 19:51:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\Application Data\Symantec
[2009/05/29 19:51:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sharma Vaio\Application Data\Sony Corporation
[2009/05/29 19:47:29 | 00,000,146 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/05/29 19:47:18 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys
[2009/05/04 12:59:05 | 00,078,018 | ---- | C] () -- C:\Documents and Settings\Sharma Vaio\My Documents\Meera Sharma.pptx
[2009/05/04 00:29:53 | 00,011,755 | ---- | C] () -- C:\Documents and Settings\Sharma Vaio\My Documents\that sounds cool.docx
[2009/05/01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/10/14 10:56:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/14 10:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 10:56:50 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 10:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 10:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 10:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 10:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 10:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/08/30 14:52:47 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/30 11:22:42 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/30 11:22:42 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/30 11:22:42 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/30 11:22:42 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/30 11:22:42 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/30 11:22:42 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/30 11:04:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/08/30 02:14:52 | 00,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/29 19:00:51 | 00,001,906 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/29 19:00:43 | 00,000,582 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/29 19:00:42 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/07/08 17:40:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/06/01 17:53:12 | 11,379,0240 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/06/01 17:51:12 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sharma Vaio\Desktop\OTListIt2.exe
[2009/06/01 17:07:53 | 00,001,113 | ---- | M] () -- C:\rollback.ini
[2009/06/01 17:04:37 | 00,030,074 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/06/01 17:04:29 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Sharma Vaio\Local Settings\desktop.ini
[2009/06/01 17:01:59 | 00,351,219 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/06/01 17:01:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/01 17:01:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/01 17:01:17 | 34,877,60384 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/01 13:09:01 | 01,523,468 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/06/01 08:55:29 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/31 16:23:35 | 00,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2009/05/30 23:35:53 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/30 23:27:38 | 00,004,212 | RH-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/05/30 21:35:18 | 00,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/30 21:29:36 | 00,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/30 20:50:12 | 00,000,398 | ---- | M] () -- C:\Documents and Settings\Sharma Vaio\Desktop\My Multimedia.lnk
[2009/05/30 20:19:24 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/30 18:25:52 | 00,527,184 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/30 18:25:52 | 00,458,954 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/30 18:25:52 | 00,078,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/30 18:21:43 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/05/30 18:21:43 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/05/30 18:20:29 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/05/30 18:12:21 | 00,000,082 | -HS- | M] () -- C:\Documents and Settings\Sharma Vaio\My Documents\desktop.ini
[2009/05/30 17:56:53 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/05/30 17:52:00 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/05/29 20:54:26 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\Sharma Vaio\Desktop\My Documents.lnk
[2009/05/29 20:54:22 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\Sharma Vaio\Desktop\My Computer.lnk
[2009/05/29 20:32:37 | 00,000,955 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audio Filter.lnk
[2009/05/29 20:08:55 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/05/29 20:03:54 | 00,000,059 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/05/29 19:58:50 | 00,000,894 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2009/05/29 19:58:19 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/29 19:51:43 | 00,000,000 | RH-- | M] () -- C:\WINDOWS\System32\drivers\Sony_VGC-RC102CEK.mrk
[2009/05/29 19:50:58 | 00,000,146 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/05/29 19:50:57 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/14 13:23:24 | 00,012,962 | ---- | M] () -- C:\Documents and Settings\Sharma Vaio\My Documents\Things to do.docx
[2009/05/12 06:11:53 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/04 00:29:54 | 00,011,755 | ---- | M] () -- C:\Documents and Settings\Sharma Vaio\My Documents\that sounds cool.docx
< End of report >

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:48 AM

Posted 01 June 2009 - 03:46 PM

While I'm not convinced completely that you're clean, I don't see any signs of an active infection in your log. So if everything seems to working normally, I'll post some final steps and recommendations for you.


First run OTListIt and click on the CleanUp button.
Reboot when prompted.


Run an online scan at Secunia Online Software Inspector
  • Click on the red button at the bottom of the screen that says Start Scanner.
  • Follow the prompts to install the scanning software.
  • Do not check the box for Enable thorough system inspection
  • Click the Start button.
  • The program will scan your system and identify insecure versions of software and missing security updates.
  • Using the links provided in the scan, download and install any current and secure versions that are needed.


==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:48 AM

Posted 24 June 2009 - 09:03 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users