Here is the combofix log:
ComboFix 09-05-21.03 - Ankit 05/22/2009 7:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1176 [GMT -7:00]
Running from: c:\documents and settings\Ankit\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ankit\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
file zipped: c:\windows\system32\comrepl32.dll
file zipped: c:\windows\system32\NxFjl.vbs
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Ankit\Application Data\
02000000728d021f598C.manifest
c:\documents and settings\Ankit\Application Data\
02000000728d021f598O.manifest
c:\documents and settings\Ankit\Application Data\
02000000728d021f598P.manifest
c:\documents and settings\Ankit\Application Data\
02000000728d021f598S.manifest
c:\windows\system32\comrepl32.dll
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\NxFjl.vbs
c:\windows\system32\SystemService32
.
((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.
2009-05-22 06:30 . 2009-03-27 01:45 89104 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090521.040\NAVENG.SYS
2009-05-22 06:30 . 2009-03-27 01:45 876144 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090521.040\NAVEX15.SYS
2009-05-22 06:30 . 2009-03-27 01:45 371248 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090521.040\EECTRL.SYS
2009-05-22 06:30 . 2009-03-27 01:45 101936 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090521.040\ERASER.SYS
2009-05-22 06:30 . 2009-03-27 01:44 1181040 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090521.040\NAVEX32A.DLL
2009-05-22 06:30 . 2009-03-27 01:44 177520 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090521.040\NAVENG32.DLL
2009-05-22 06:30 . 2009-03-27 01:44 259368 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090521.040\ECMSVR32.DLL
2009-05-22 06:30 . 2009-03-27 01:44 2414128 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090521.040\CCERASER.DLL
2009-05-22 04:18 . 2009-03-27 01:44 165240 ----a-r c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-05-19 19:16 . 2009-03-27 01:45 396848 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSviA64.sys
2009-05-19 19:16 . 2009-03-27 01:45 292912 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSvix86.sys
2009-05-19 19:16 . 2009-03-27 01:45 276344 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSXpx86.sys
2009-05-19 19:16 . 2009-03-27 01:44 447864 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSxpx86.dll
2009-05-19 19:16 . 2009-03-16 20:03 533880 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\Scxpx86.dll
2009-05-14 00:43 . 2009-05-14 00:53 -------- d-----w c:\documents and settings\Ankit\Application Data\vlc
2009-05-12 14:51 . 2009-05-12 14:51 -------- d-----w c:\program files\Lame for Audacity
2009-04-30 14:57 . 2009-04-30 14:57 -------- d-----w c:\program files\Unity
2009-04-28 23:20 . 2009-04-28 23:20 -------- d-----w c:\documents and settings\Ankit\Local Settings\Application Data\TVU Networks
2009-04-28 23:20 . 2009-04-28 23:20 -------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2009-04-28 23:20 . 2009-04-28 23:20 -------- d-----w c:\documents and settings\Ankit\LocalLow
2009-04-28 23:20 . 2009-04-28 23:20 -------- d-----w c:\program files\TVUPlayer
2009-04-28 01:49 . 2009-04-28 01:49 -------- d-----w c:\documents and settings\Ankit\Application Data\TOMXPP
2009-04-28 01:49 . 2009-04-28 01:49 -------- d-----w c:\program files\TOM
2009-04-27 00:28 . 2009-04-27 00:28 -------- d-----w c:\program files\Veetle
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 00:40 . 2008-04-19 00:03 -------- d-----w c:\documents and settings\Ankit\Application Data\U3
2009-05-17 20:34 . 2008-05-17 03:20 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-17 20:33 . 2005-02-23 21:38 -------- d-----w c:\program files\Google
2009-05-17 01:07 . 2009-03-17 14:29 -------- d-----w c:\documents and settings\Ankit\Application Data\FrostWire
2009-05-15 14:22 . 2008-07-04 20:33 34 ----a-w c:\documents and settings\Ankit\jagex_runescape_preferences.dat
2009-05-15 00:49 . 2008-03-27 01:59 -------- d-----w c:\program files\Safari
2009-04-10 23:38 . 2009-04-10 23:38 -------- d-----w c:\program files\iTunes
2009-04-10 23:38 . 2009-04-10 23:38 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-10 23:38 . 2009-04-10 23:38 -------- d-----w c:\program files\iPod
2009-04-10 23:38 . 2008-03-23 18:42 -------- d-----w c:\program files\Common Files\Apple
2009-04-10 23:25 . 2009-04-10 23:25 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-10 22:56 . 2009-04-10 22:56 -------- d-----w c:\documents and settings\All Users\Application Data\Chat Republic Games
2009-04-06 01:15 . 2009-04-06 01:14 -------- d-----r c:\program files\Norton Support
2009-04-02 14:33 . 2005-02-23 21:24 -------- d-----w c:\program files\Java
2009-04-02 14:32 . 2009-04-02 14:32 152576 ----a-w c:\documents and settings\Ankit\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-28 23:56 . 2008-03-23 03:56 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-27 01:51 . 2009-03-27 01:44 -------- d-----w c:\program files\Norton 360
2009-03-27 01:50 . 2009-03-27 01:33 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-03-27 01:45 . 2009-03-27 01:33 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-03-27 01:45 . 2009-03-27 01:45 -------- d-----w c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-03-27 01:44 . 2009-03-27 01:44 796016 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-03-27 01:44 . 2008-03-23 01:18 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-27 01:40 . 2008-03-23 01:19 -------- d-----w c:\documents and settings\Ankit\Application Data\Symantec
2009-03-27 01:33 . 2009-03-27 01:33 -------- d-----w c:\program files\NortonInstaller
2009-03-25 15:31 . 2009-03-25 15:31 57344 ----a-w c:\documents and settings\Ankit\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-792352b0-n\Decora-SSE.dll
2009-03-25 15:31 . 2009-03-25 15:31 24064 ----a-w c:\documents and settings\Ankit\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-5c557476-n\Decora-D3D.dll
2009-03-25 15:31 . 2009-03-25 15:31 499712 ----a-w c:\documents and settings\Ankit\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-33693fb0-n\msvcp71.dll
2009-03-25 15:31 . 2009-03-25 15:31 499712 ----a-w c:\documents and settings\Ankit\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-33693fb0-n\jmc.dll
2009-03-25 15:31 . 2009-03-25 15:31 348160 ----a-w c:\documents and settings\Ankit\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-33693fb0-n\msvcr71.dll
2009-03-20 18:36 . 2009-03-17 14:50 4506256 ----a-w c:\documents and settings\Ankit\Application Data\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
2009-03-19 23:32 . 2009-03-19 23:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 23:32 . 2009-03-13 01:04 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-03-11 00:50 . 2009-03-11 00:50 57344 ----a-w c:\documents and settings\Ankit\Application Data\Sun\Java\Deployment\cache\6.0\37\3976f065-7a3ebeac-n\Decora-SSE.dll
2009-03-11 00:50 . 2009-03-11 00:50 24064 ----a-w c:\documents and settings\Ankit\Application Data\Sun\Java\Deployment\cache\6.0\37\2c4a0065-4b8b2c4d-n\Decora-D3D.dll
2009-03-11 00:50 . 2009-03-11 00:50 315392 ----a-w c:\documents and settings\Ankit\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-3885cbce-n\jogl.dll
2009-03-11 00:50 . 2009-03-11 00:50 20480 ----a-w c:\documents and settings\Ankit\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-3885cbce-n\jogl_awt.dll
2009-03-11 00:50 . 2009-03-11 00:50 114688 ----a-w c:\documents and settings\Ankit\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-3885cbce-n\jogl_cg.dll
2009-03-11 00:50 . 2009-03-11 00:50 20480 ----a-w c:\documents and settings\Ankit\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-51234948-n\gluegen-rt.dll
2009-03-11 00:50 . 2009-03-11 00:50 503808 ----a-w c:\documents and settings\Ankit\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-1d2e82be-n\msvcp71.dll
2009-03-11 00:50 . 2009-03-11 00:50 499712 ----a-w c:\documents and settings\Ankit\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-1d2e82be-n\jmc.dll
2009-03-11 00:50 . 2009-03-11 00:50 348160 ----a-w c:\documents and settings\Ankit\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-1d2e82be-n\msvcr71.dll
2009-03-11 00:48 . 2009-03-11 00:48 152576 ----a-w c:\documents and settings\Ankit\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-09 18:06 . 2008-10-01 23:57 81920 ----a-w c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2009-03-09 18:06 . 2008-07-14 19:06 98304 ----a-w c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2009-03-09 18:06 . 2008-07-14 19:06 258352 ----a-w c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2009-03-09 18:06 . 2008-07-14 19:06 159744 ----a-w c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2009-03-09 12:19 . 2008-11-23 16:45 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 17:00 . 2009-03-08 17:00 20747 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-03-08 11:34 . 2005-02-23 18:57 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2005-02-23 18:56 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2005-02-23 18:56 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2005-02-23 18:57 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2005-02-23 18:56 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2005-02-23 18:56 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2005-02-23 18:56 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2005-02-23 18:56 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2005-02-23 18:56 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2005-02-23 18:57 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2005-02-23 18:57 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-04 00:31 . 2008-07-14 19:06 335872 ----a-w c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2009-03-04 00:31 . 2008-07-14 19:06 520192 ----a-w c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2008-06-30 20:44 . 2008-07-05 20:02 324976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
.
(((((((((((((((((((((((((((((
SnapShot@2009-05-21_00.30.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-22 14:52 . 2009-05-22 14:52 16384 c:\windows\Temp\Perflib_Perfdata_750.dat
+ 2009-05-22 14:50 . 2009-05-22 14:50 16384 c:\windows\Temp\Perflib_Perfdata_650.dat
+ 2009-05-22 04:18 . 2009-05-22 04:18 16384 c:\windows\Temp\Perflib_Perfdata_5f8.dat
+ 2009-05-22 14:50 . 2009-05-22 14:50 16384 c:\windows\Temp\Perflib_Perfdata_4ac.dat
+ 2009-05-22 04:18 . 2009-05-22 04:18 16384 c:\windows\Temp\Perflib_Perfdata_3a8.dat
+ 2009-05-22 04:19 . 2009-05-22 04:19 16384 c:\windows\Temp\Perflib_Perfdata_10c.dat
+ 2005-02-23 18:57 . 2009-05-22 05:17 97786 c:\windows\system32\perfc009.dat
+ 2005-02-23 18:57 . 2009-05-22 05:17 509396 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 05:08 279944 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-14 68856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
"Google Update"="c:\documents and settings\Ankit\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-02 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2009-02-04 3215360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-04-13 88363]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-08-13 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-02 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-11-29 2748928]
c:\documents and settings\Ankit\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launchpad.lnk - c:\program files\IC Media Corp.\ICM532\Launchpad.exe [2009-1-23 49152]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-4-15 67128]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
SnapDetect.lnk - c:\windows\Twain_32\CA561A\SnapDetect.exe [2009-1-23 65536]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\
0300000.087\SymEFA.sys [3/26/2009 6:45 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\
0300000.087\BHDrvx86.sys [3/26/2009 6:45 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\
0300000.087\cchpx86.sys [3/26/2009 6:45 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSXpx86.sys [5/19/2009 12:16 PM 276344]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 4:47 AM 98304]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [3/26/2009 6:44 PM 115560]
R2 WUSB54GX4SVC;WUSB54GX4SVC;c:\program files\Wireless-G USB Network adapter with SRX400\WLService.exe [3/8/2009 10:00 AM 53307]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [4/3/2008 7:10 PM 4096]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/28/2009 4:57 PM 101936]
S2 gupdate1c9d72ea87000d8;Google Update Service (gupdate1c9d72ea87000d8);c:\program files\Google\Update\GoogleUpdate.exe [5/17/2009 1:32 PM 133104]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [5/30/2007 4:34 PM 39424]
S3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\drivers\HPx9G2k.sys [1/28/2009 4:27 PM 12658]
S3 Linksys3U;Wireless-G USB adapter with SRX400 Driver;c:\windows\system32\drivers\TMIMO31U.sys [8/21/2008 4:26 PM 722432]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]
2009-05-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-23 04:22]
2009-05-22 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 20:32]
2009-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4267568713-286430753-4127877990-1005.job
- c:\documents and settings\Ankit\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-02 00:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Ankit\Application Data\Mozilla\Firefox\Profiles\mpytkeha.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
www.cnn.comFF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Ankit\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\TOM\XPP\npXPPFF.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-22 07:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3140)
c:\progra~1\WINDOW~3\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Norton 360\AddOns\Norton AddOn Pack\Engine\3.5.0.24\ccProxy.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Streamload\MediaMax XL\StreamloadService.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Wireless-G USB Network adapter with SRX400\WUSB54GX.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\IC Media Corp\ICM532\launchpad.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\dllhost.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-22 7:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-22 14:55
ComboFix2.txt 2009-05-21 00:32
Pre-Run: 211,168,829,440 bytes free
Post-Run: 211,184,832,512 bytes free
319 --- E O F --- 2009-05-13 13:34
Here is my ESET Log:
ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=32b9591144b04c4790f29e82683b7893
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-05-22 03:34:53
# local_time=2009-05-22 08:34:53 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3589 21 100 100 31615694687500
# scanned=56731
# found=2
# cleaned=0
# scan_time=1771
C:\Documents and Settings\Ankit\My Documents\Ankit\AutoClick.exe Win32/TrojanClicker.Agent.NFX trojan 00000000000000000000000000000000
C:\Documents and Settings\Ankit\My Documents\FrostWire\Incomplete\T-4620425-turn my swag on soulja boy (best quality).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000
esets_scanner_update returned -1 esets_gle=53251
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=32b9591144b04c4790f29e82683b7893
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-05-23 12:41:56
# local_time=2009-05-22 05:41:56 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3589 21 100 100 31943928750000
# scanned=103185
# found=6
# cleaned=6
# scan_time=2675
C:\Qoobox\Quarantine\C\WINDOWS\system32\NxFjl.vbs.vir VBS/Disabler.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\SystemService32\145.music.au.vir a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\SystemService32\146.music1.mp3.vir a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\SystemService32\147.music2.mp3.vir a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\SystemService32\148.music.snd.vir a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000
C:\System Volume Information\_restore{F6751740-EB65-4F51-9F4B-AC268B6E20CE}\RP4\A0001323.vbs VBS/Disabler.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000
Here is my HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:44:03 PM, on 5/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton 360\AddOns\Norton AddOn Pack\Engine\3.5.0.24\ccProxy.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Wireless-G USB Network adapter with SRX400\WLService.exe
C:\Program Files\Wireless-G USB Network adapter with SRX400\WUSB54GX.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Ankit\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\IC Media Corp\ICM532\Launchpad.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Ankit\My Documents\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.cnn.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.135\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ankit\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Launchpad.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SnapDetect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206249052750O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) -
http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cabO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Norton 360\AddOns\Norton AddOn Pack\Engine\3.5.0.24\ccProxy.exe
O23 - Service: Google Update Service (gupdate1c9d72ea87000d8) (gupdate1c9d72ea87000d8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WUSB54GX4SVC - GEMTEKS - C:\Program Files\Wireless-G USB Network adapter with SRX400\WLService.exe
--
End of file - 15991 bytes
