Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I restored my computer serveral times and It keeps on getting infected....


  • This topic is locked This topic is locked
7 replies to this topic

#1 el_feroz

el_feroz

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 12 June 2009 - 08:10 PM

Hey guys, my name is Jose and thanks in advance to all who help! I got infected with something a couple of weeks ago. I'm pretty sure it was thru a torrent. Since then I restored my computer several times, but either I get a blue screen out of nowhere and my computer restarts or my computer cant get connected to the internet. I installed Malwarebytes and I have a LOG file which reads the following....

Malwarebytes' Anti-Malware 1.37
Database version: 2244
Windows 5.1.2600 Service Pack 2

6/12/2009 8:07:56 PM
mbam-log-2009-06-12 (20-07-47).txt

Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 151556
Time elapsed: 55 minute(s), 32 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\jose\reader_s.exe (Trojan.Agent) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Protect (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\drivers\protect.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\2.tmp (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\3.tmp (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\6.tmp (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\7.tmp (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\8.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\jose\reader_s.exe (Trojan.Agent) -> No action taken.








I think I received the same thing last time and I did what Malwarebytes suggested me to do and then I when it restarted my network could not connect to the internet. So now i'm here to see if any of you guys could possible guide me thru this mess....

Thanks in advance guys! :thumbup2:

BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 12 June 2009 - 10:51 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am Posted Image and I am here to help you!

I ask that you refrain from running tools other than those we suggest to you while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

As I am in the final stages of training an Expert Coach will also oversee your fix. Your benefit will be "four eyes and two brains" but responses may be somewhat delayed so please be patient!!!!

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

**********

Do this please...............
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
**********

With your next post please provide:

* RSIT log.txt
* RSIT info.txt

**********

I will review your logs and post instructions forthcoming.
Regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 el_feroz

el_feroz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 13 June 2009 - 01:10 PM

Nice to meet you thcbytes and thank you so much brother!

Here is my Info.txt.....

info.txt logfile of random's system information tool 1.06 2009-06-13 14:01:36

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATK0100 ACPI UTILITY-->C:\WINDOWS\ATK0100\XPunin.exe
BlueSpace NE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A62C3DB-2506-4FAE-A6DB-55D12A9BA370}\Setup.exe" -l0x9
Bluetooth Virtual COM Port-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A01348CB-585D-472E-B071-60DF7A1C8A88}\Setup.exe" -l0x9
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Click to DVD 2.0 Menu Data-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98A3A654-3AEF-42D9-BA91-DE5815EA5897}\setup.exe"
Click to DVD 2.0.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C2F71B2-6C73-11D6-B659-00C04F790F76}\setup.exe"
CONNECT-->"C:\Program Files\Sony\CONNECT\unwise.exe" /A "C:\Program Files\Sony\CONNECT\install.log" Uninstall CONNECT
Drag'n Drop CD+DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDC146FA-73E0-4FA1-A353-841EA14BF600}\Setup.exe" -l0x9 deleteall
DVgate Plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\setup.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
HotKey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\setup.exe" -l0x9
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
InterVideo WinDVD 5 for VAIO-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}
Java 2 Runtime Environment, SE v1.4.2_01-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memory Stick Formatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-0409-0000-0000000FF1CE}
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MoodLogic-->C:\WINDOWS\ml-uninstall-v10.exe
Mozilla Firefox (2.0.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nero 7 Ultra Edition-->MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31033}
Netscape (7.02)-->C:\WINDOWS\NSUninst.exe /ua "7.02 (en)"
Netscape Internet Service Setup-->"C:\Program Files\Online Services\Netscape Online Setup\unwise.exe" /A "C:\Program Files\Online Services\Netscape Online Setup\install.log" Uninstall Netscape Internet Service Setup
Network Smart Capture-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30642CE1-217B-40C0-92E2-6BF849599D9E}\setup.exe" -l0x9
OpenMG Limited Patch 3.4-03-12-16-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.4-03-12-16-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.4.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{657DD6DA-B07B-40FF-9DBD-2116F7E83CF6}\Setup.exe" -l0x9 UNINSTALL
Quicken 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SoftV92 Data Fax Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_818C104D\HXFSETUP.EXE -U -IVEN_8086&DEV_24C6&SUBSYS_818C104D
SonicStage 2.0.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony Certificate PCH-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony Notebook Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{936FADC9-C609-471A-B6F2-A33E2E660D1A}\setup.exe" -l0x9
Sony USB Mouse-->PMUninst.exe MouseSuite98
Sony Utilities DLL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9
Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VAIO Entertainment Platform-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}\Setup.exe" -l0x9
VAIO Help and Support-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
VAIO Media 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9 UNINSTALL
VAIO Media Redistribution 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
VAIO Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{545DB151-1514-4FFC-BF2F-FE8FBBD06987}\setup.exe" -l0x9
VAIO Registration-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO SLIT Pattern Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266AEE68-5718-4A31-BDD3-D356B1250C70}\setup.exe" -l0x9
VAIO SLIT-C Screen Saver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01AF4645-78E6-46C4-B528-54863679CC40}\setup.exe" -l0x9
VAIO Survey Standalone-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
VAIO Update 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656C}\setup.exe" -l0x9
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Welcome to VAIO life-->"C:\Program Files\Sony\Welcome to VAIO life\unwise.exe" /A "C:\Program Files\Sony\Welcome to VAIO life\install.log" Uninstall Welcome to VAIO life
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinZip 12.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}
Wireless Switch Setting Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}\Setup.exe" -l0x9
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 jL.chura.pl

======System event log======

Computer Name: VALUED-30F75E57
Event Code: 20
Message: Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll.

Record Number: 38
Source Name: Print
Time Written: 20090607140052.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: VALUED-30F75E57
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 35
Source Name: Disk
Time Written: 20090607140009.000000-240
Event Type: warning
User:

Computer Name: VALUED-30F75E57
Event Code: 1
Message: The System Restore filter encountered the unexpected error '0xC000000D' while processing the file 'MSIb5b2d.tmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

Record Number: 34
Source Name: sr
Time Written: 20090607135418.000000-240
Event Type: error
User:

Computer Name: VALUED-30F75E57
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 6
Source Name: Disk
Time Written: 20090607134448.000000-240
Event Type: warning
User:

Computer Name: VALUED-30F75E57
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 5
Source Name: W32Time
Time Written: 20090607031332.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: VALUED-30F75E57
Event Code: 19011
Message:
Record Number: 27
Source Name: MSSQL$MICROSOFTBCM
Time Written: 20090607140514.000000-240
Event Type: warning
User:

Computer Name: VALUED-30F75E57
Event Code: 62
Message: WMI ADAP was unable to process the .NET CLR Networking performance library since one of the data blobs reported to have classes but had zero size

Record Number: 25
Source Name: WinMgmt
Time Written: 20090607140435.000000-240
Event Type: warning
User:

Computer Name: VALUED-30F75E57
Event Code: 62
Message: WMI ADAP was unable to process the .NET CLR Data performance library since one of the data blobs reported to have classes but had zero size

Record Number: 24
Source Name: WinMgmt
Time Written: 20090607140435.000000-240
Event Type: warning
User:

Computer Name: VALUED-30F75E57
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 18
Source Name: ASP.NET 1.1.4322.0
Time Written: 20090607140237.000000-240
Event Type: warning
User:

Computer Name: VALUED-30F75E57
Event Code: 63
Message: A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 12
Source Name: WinMgmt
Time Written: 20090607140016.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------





Here is the Logfile.......

Logfile of random's system information tool 1.06 (written by random/random)
Run by jose at 2009-06-13 13:59:53
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 3 GB (17%) free of 20 GB
Total RAM: 767 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:01:31, on 6/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\sopidkc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\C.tmp
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Documents and Settings\jose\reader_s.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\jose\Desktop\RSIT.exe
C:\Program Files\trend micro\jose.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [ZZZ] C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld09.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\jose\reader_s.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\WINDOWS\system32\config\systemprofile\reader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [kell] c:\program Files\Manson\liser.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\WINDOWS\system32\config\systemprofile\reader_s.exe (User 'Default user')
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1244408064345
O20 - AppInit_DLLs: c:\progra~1\Manson\liser.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: sopidkc Service (sopidkc) - Elecard Lt - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

--
End of file - 13458 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Registration reminder 2.job
C:\WINDOWS\tasks\Registration reminder 3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-10 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll []
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"=C:\WINDOWS\ATK0100\Hcontrol.exe [2003-09-19 81920]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2003-11-07 135168]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 49152]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-03-03 356352]
"Mouse Suite 98 Daemon"=C:\WINDOWS\system32\ICO.EXE [2002-03-14 65536]
"BluetoothAuthenticationAgent"=irprops.cpl,,BluetoothAuthenticationAgent []
"CreateCD_Reminder"=C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe [2004-03-05 73728]
"SonyPowerCfg"=C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2003-12-12 188416]
"HKSERV.EXE"=C:\Program Files\Sony\HotKey Utility\HKserv.exe [2004-02-13 118784]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2004-02-20 53248]
"VAIO Update 2"=C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe [2004-01-17 155648]
"ezShieldProtector for Px"=C:\WINDOWS\System32\ezSP_Px.exe [2002-08-20 61440]
"VAIOSurvey"=c:\program files\sony\vaio survey\surveysa.exe [2003-11-03 1073152]
"ZZZ"=C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe [2003-05-16 45056]
"Switcher.exe"=C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2004-01-19 311296]
"VAIO Recovery"=C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [2003-04-20 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-10 148888]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 434176]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136]
"reader_s"=C:\WINDOWS\System32\reader_s.exe [2009-06-13 61441]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 176128]
"sysldtray"=C:\windows\ld09.exe [2009-06-13 38400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-06-07 342848]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"reader_s"=C:\Documents and Settings\jose\reader_s.exe [2009-06-10 61441]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 159744]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~1\Manson\liser.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-03-03 86016]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2009-06-13 13:59:55 ----D---- C:\Program Files\trend micro
2009-06-13 13:59:53 ----D---- C:\rsit
2009-06-13 13:43:00 ----D---- C:\WINDOWS\LastGood
2009-06-13 13:42:58 ----D---- C:\Program Files\Windows Live Safety Center
2009-06-13 11:54:32 ----D---- C:\Program Files\podmena
2009-06-13 11:45:38 ----A---- C:\WINDOWS\system32\C.tmp
2009-06-13 11:45:35 ----A---- C:\WINDOWS\system32\A.tmp
2009-06-13 11:44:55 ----D---- C:\WINDOWS\Minidump
2009-06-13 11:30:19 ----A---- C:\WINDOWS\system32\272.tmp
2009-06-13 11:30:17 ----A---- C:\WINDOWS\system32\tpsaxyd.exe
2009-06-13 11:30:13 ----RSHD---- C:\Program Files\Manson
2009-06-13 11:30:02 ----H---- C:\WINDOWS\ld09.exe
2009-06-13 11:30:02 ----A---- C:\WINDOWS\system32\270.tmp
2009-06-13 11:26:53 ----SHD---- C:\Config.Msi
2009-06-12 23:02:07 ----A---- C:\WINDOWS\system32\173.tmp
2009-06-12 23:02:06 ----A---- C:\WINDOWS\system32\171.tmp
2009-06-12 23:02:02 ----A---- C:\WINDOWS\system32\170.tmp
2009-06-12 22:03:30 ----D---- C:\Documents and Settings\jose\Application Data\vlc
2009-06-12 21:58:56 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-06-12 21:58:50 ----D---- C:\Program Files\WinZip
2009-06-12 21:52:28 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-12 21:42:15 ----D---- C:\Program Files\WinRAR
2009-06-12 18:57:50 ----A---- C:\WINDOWS\system32\7.tmp
2009-06-12 18:57:46 ----A---- C:\WINDOWS\system32\3.tmp
2009-06-12 18:57:45 ----A---- C:\WINDOWS\system32\2.tmp
2009-06-12 18:22:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-06-12 18:21:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-06-12 18:21:41 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-06-12 18:21:37 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-06-12 18:21:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-06-12 18:21:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-06-12 18:19:59 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-06-12 18:19:44 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-06-12 18:19:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-06-12 07:40:34 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-12 07:40:21 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-06-12 07:40:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-06-12 07:40:08 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-12 07:40:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-06-12 07:39:56 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-06-12 07:39:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-06-12 07:39:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-06-12 07:39:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-06-12 07:39:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-06-12 07:39:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-06-12 07:38:54 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-12 07:38:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-06-12 07:35:04 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-12 07:34:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-06-12 07:34:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-06-12 07:34:27 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-06-12 07:34:06 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-06-11 22:28:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-06-11 22:28:19 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 22:27:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-06-11 22:26:06 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-06-11 22:25:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-06-10 23:36:48 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-10 23:36:48 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-10 23:36:48 ----A---- C:\WINDOWS\system32\java.exe
2009-06-10 23:36:48 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-06-10 23:05:13 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-06-10 22:51:14 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-06-10 22:50:00 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-06-10 22:49:57 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-06-10 22:44:19 ----A---- C:\WINDOWS\system32\muweb.dll
2009-06-10 22:44:18 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-06-10 22:40:01 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-06-10 22:39:56 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-06-10 22:38:45 ----D---- C:\WINDOWS\system32\PreInstall
2009-06-10 22:38:42 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-06-10 22:38:42 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-10 22:35:57 ----A---- C:\WINDOWS\system32\reader_s.exe
2009-06-10 22:35:56 ----A---- C:\WINDOWS\system32\8.tmp
2009-06-10 22:35:47 ----A---- C:\WINDOWS\system32\6.tmp
2009-06-10 20:11:38 ----D---- C:\Program Files\Common Files\Adobe
2009-06-10 18:37:33 ----A---- C:\WINDOWS\irc.txt
2009-06-10 16:37:16 ----D---- C:\Documents and Settings\jose\Application Data\Ahead
2009-06-10 16:33:24 ----D---- C:\Program Files\Nero
2009-06-10 16:33:24 ----D---- C:\Program Files\Common Files\Ahead
2009-06-10 16:31:22 ----A---- C:\WINDOWS\system32\F53.tmp
2009-06-10 16:31:21 ----A---- C:\WINDOWS\system32\F52.tmp
2009-06-10 07:37:17 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-06-07 20:57:32 ----D---- C:\Documents and Settings\jose\Application Data\BitTorrent
2009-06-07 20:57:21 ----D---- C:\Program Files\DNA
2009-06-07 20:57:21 ----D---- C:\Program Files\BitTorrent
2009-06-07 20:57:21 ----D---- C:\Documents and Settings\jose\Application Data\DNA
2009-06-07 20:57:18 ----D---- C:\Program Files\AskSearch
2009-06-07 20:57:17 ----D---- C:\Program Files\AskBarDis
2009-06-07 19:54:25 ----D---- C:\Downloads
2009-06-07 19:53:49 ----D---- C:\Program Files\BitComet
2009-06-07 18:31:18 ----D---- C:\Program Files\Microsoft Silverlight
2009-06-07 18:30:43 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-06-07 18:23:30 ----D---- C:\Program Files\Microsoft Sync Framework
2009-06-07 18:22:35 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-06-07 18:22:25 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-06-07 18:22:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954708$
2009-06-07 18:21:42 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-06-07 18:20:33 ----D---- C:\Program Files\Microsoft
2009-06-07 18:20:11 ----D---- C:\Program Files\Windows Live SkyDrive
2009-06-07 18:19:41 ----D---- C:\Program Files\Windows Live
2009-06-07 18:09:24 ----D---- C:\Program Files\Common Files\Windows Live
2009-06-07 17:51:15 ----D---- C:\Documents and Settings\jose\Application Data\Apple Computer
2009-06-07 17:50:59 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-06-07 17:50:37 ----D---- C:\Program Files\iPod
2009-06-07 17:50:33 ----D---- C:\Program Files\iTunes
2009-06-07 17:50:33 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-07 17:49:54 ----D---- C:\Program Files\Bonjour
2009-06-07 17:49:05 ----D---- C:\Program Files\QuickTime
2009-06-07 17:49:04 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-06-07 17:48:33 ----D---- C:\Program Files\Apple Software Update
2009-06-07 17:48:23 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-07 17:48:05 ----D---- C:\Program Files\Common Files\Apple
2009-06-07 17:47:59 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-06-07 17:41:35 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-06-07 17:32:01 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-06-07 17:30:18 ----D---- C:\WINDOWS\Prefetch
2009-06-07 17:27:08 ----D---- C:\Program Files\VideoLAN
2009-06-07 17:20:47 ----N---- C:\WINDOWS\system32\proxycfg.exe
2009-06-07 17:20:47 ----N---- C:\WINDOWS\system32\logman.exe
2009-06-07 17:20:30 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-06-07 17:20:30 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-06-07 17:20:30 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-06-07 17:20:29 ----N---- C:\WINDOWS\system32\blastcln.exe
2009-06-07 17:20:29 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2009-06-07 17:20:29 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2009-06-07 17:20:29 ----N---- C:\WINDOWS\system32\auditusr.exe
2009-06-07 17:20:28 ----N---- C:\WINDOWS\system32\cmsetacl.dll
2009-06-07 17:20:28 ----N---- C:\WINDOWS\system32\btpanui.dll
2009-06-07 17:20:27 ----N---- C:\WINDOWS\system32\fltlib.dll
2009-06-07 17:20:27 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-06-07 17:20:26 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-06-07 17:20:26 ----N---- C:\WINDOWS\system32\httpapi.dll
2009-06-07 17:20:26 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-06-07 17:20:26 ----N---- C:\WINDOWS\system32\fwcfg.dll
2009-06-07 17:20:26 ----N---- C:\WINDOWS\system32\fsquirt.exe
2009-06-07 17:20:26 ----N---- C:\WINDOWS\system32\fltmc.exe
2009-06-07 17:20:25 ----N---- C:\WINDOWS\system32\kbdmlt48.dll
2009-06-07 17:20:25 ----N---- C:\WINDOWS\system32\kbdmlt47.dll
2009-06-07 17:20:25 ----N---- C:\WINDOWS\system32\kbdmaori.dll
2009-06-07 17:20:25 ----N---- C:\WINDOWS\system32\kbdinmal.dll
2009-06-07 17:20:25 ----N---- C:\WINDOWS\system32\kbdinben.dll
2009-06-07 17:20:25 ----N---- C:\WINDOWS\system32\kbdinbe1.dll
2009-06-07 17:20:25 ----N---- C:\WINDOWS\system32\kbdfi1.dll
2009-06-07 17:20:24 ----N---- C:\WINDOWS\system32\msdadiag.dll
2009-06-07 17:20:24 ----N---- C:\WINDOWS\system32\kbdukx.dll
2009-06-07 17:20:24 ----N---- C:\WINDOWS\system32\kbdsmsno.dll
2009-06-07 17:20:24 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll
2009-06-07 17:20:24 ----N---- C:\WINDOWS\system32\kbdno1.dll
2009-06-07 17:20:22 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-06-07 17:20:21 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-06-07 17:20:20 ----N---- C:\WINDOWS\system32\p2pnetsh.dll
2009-06-07 17:20:20 ----N---- C:\WINDOWS\system32\p2pgraph.dll
2009-06-07 17:20:20 ----N---- C:\WINDOWS\system32\p2pgasvc.dll
2009-06-07 17:20:20 ----N---- C:\WINDOWS\system32\p2p.dll
2009-06-07 17:20:19 ----N---- C:\WINDOWS\system32\powercfg.exe
2009-06-07 17:20:19 ----N---- C:\WINDOWS\system32\pnrpnsp.dll
2009-06-07 17:20:19 ----N---- C:\WINDOWS\system32\p2psvc.dll
2009-06-07 17:20:18 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-06-07 17:20:18 ----N---- C:\WINDOWS\system32\sdhcinst.dll
2009-06-07 17:20:18 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-06-07 17:20:17 ----N---- C:\WINDOWS\system32\slserv.exe
2009-06-07 17:20:17 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-06-07 17:20:17 ----N---- C:\WINDOWS\system32\slgen.dll
2009-06-07 17:20:17 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-06-07 17:20:16 ----N---- C:\WINDOWS\system32\w3ssl.dll
2009-06-07 17:20:16 ----N---- C:\WINDOWS\system32\twext.dll
2009-06-07 17:20:16 ----N---- C:\WINDOWS\system32\strmfilt.dll
2009-06-07 17:20:16 ----N---- C:\WINDOWS\system32\smbinst.exe
2009-06-07 17:20:13 ----N---- C:\WINDOWS\system32\winshfhc.dll
2009-06-07 17:20:08 ----N---- C:\WINDOWS\system32\wscsvc.dll
2009-06-07 17:20:08 ----N---- C:\WINDOWS\system32\wscntfy.exe
2009-06-07 17:20:08 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-06-07 17:20:07 ----N---- C:\WINDOWS\system32\wuauclt1.exe
2009-06-07 17:20:06 ----N---- C:\WINDOWS\system32\wuaueng1.dll
2009-06-07 17:20:06 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-06-07 17:20:05 ----N---- C:\WINDOWS\system32\xpob2res.dll
2009-06-07 17:20:05 ----N---- C:\WINDOWS\system32\xmlprovi.dll
2009-06-07 17:20:05 ----N---- C:\WINDOWS\system32\xmlprov.dll
2009-06-07 17:20:05 ----N---- C:\WINDOWS\slrundll.exe
2009-06-07 17:20:05 ----A---- C:\WINDOWS\system32\wups.dll
2009-06-07 17:19:58 ----D---- C:\WINDOWS\peernet
2009-06-07 17:19:53 ----D---- C:\WINDOWS\provisioning
2009-06-07 17:17:46 ----D---- C:\WINDOWS\ServicePackFiles
2009-06-07 17:13:46 ----A---- C:\WINDOWS\002216_.tmp
2009-06-07 17:13:31 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-06-07 17:10:44 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-06-07 17:10:40 ----D---- C:\WINDOWS\EHome
2009-06-07 16:55:25 ----D---- C:\WINDOWS\SoftwareDistribution
2009-06-07 16:54:58 ----D---- C:\Documents and Settings\jose\Application Data\Yahoo!
2009-06-07 16:54:57 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-06-07 16:54:17 ----D---- C:\Program Files\Yahoo!
2009-06-07 14:19:10 ----D---- C:\Program Files\Mozilla Firefox
2009-06-07 14:10:38 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-06-07 14:10:38 ----A---- C:\WINDOWS\system32\mtxclu.dll
2009-06-07 14:10:37 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-06-07 14:10:37 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2009-06-07 14:10:37 ----A---- C:\WINDOWS\system32\ole32.dll
2009-06-07 14:10:37 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-06-07 14:10:37 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-06-07 14:10:37 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-06-07 14:10:37 ----A---- C:\WINDOWS\system32\comuid.dll
2009-06-07 14:10:36 ----A---- C:\WINDOWS\system32\txflog.dll
2009-06-07 14:10:36 ----A---- C:\WINDOWS\system32\es.dll
2009-06-07 14:10:36 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-06-07 14:10:36 ----A---- C:\WINDOWS\system32\colbact.dll
2009-06-07 14:10:36 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-06-07 14:10:36 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-06-07 14:10:36 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-06-07 14:10:35 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-06-07 14:10:23 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2009-06-07 14:10:23 ----A---- C:\WINDOWS\system32\mf3216.dll
2009-06-07 14:10:22 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2009-06-07 14:10:22 ----A---- C:\WINDOWS\system32\h323msp.dll
2009-06-07 14:10:21 ----A---- C:\WINDOWS\system32\netapi32.dll
2009-06-07 14:06:09 ----D---- C:\WINDOWS\system32\Backup
2009-06-07 14:05:49 ----D---- C:\WINDOWS\SQLHotfix
2009-06-07 14:04:49 ----N---- C:\WINDOWS\system32\dbmsqlgc.dll
2009-06-07 14:04:49 ----N---- C:\WINDOWS\system32\dbmsgnet.dll
2009-06-07 14:03:20 ----D---- C:\Program Files\Microsoft SQL Server
2009-06-07 14:01:29 ----RSD---- C:\WINDOWS\assembly
2009-06-07 14:01:29 ----D---- C:\WINDOWS\Microsoft.NET
2009-06-07 14:01:26 ----D---- C:\WINDOWS\system32\URTTemp
2009-06-07 14:01:01 ----A---- C:\WINDOWS\ODBC.INI
2009-06-07 14:00:53 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-06-07 14:00:00 ----D---- C:\Program Files\Microsoft ActiveSync
2009-06-07 13:59:31 ----D---- C:\Program Files\Common Files\DESIGNER
2009-06-07 13:59:12 ----D---- C:\WINDOWS\SHELLNEW
2009-06-07 13:58:24 ----D---- C:\Program Files\Microsoft Office
2009-06-07 13:57:33 ----RHD---- C:\MSOCache
2009-06-07 13:52:39 ----D---- C:\Program Files\Microsoft Works
2009-06-07 13:48:15 ----D---- C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
2009-06-07 13:46:31 ----N---- C:\WINDOWS\system32\Px.ini
2009-06-07 13:46:02 ----D---- C:\Program Files\drag'n drop cd+dvd
2009-06-07 13:45:03 ----A---- C:\WINDOWS\system32\IVIresizeW7.dll
2009-06-07 13:45:03 ----A---- C:\WINDOWS\system32\IVIresizePX.dll
2009-06-07 13:45:02 ----A---- C:\WINDOWS\system32\IVIresizeP6.dll
2009-06-07 13:45:02 ----A---- C:\WINDOWS\system32\IVIresizeM6.dll
2009-06-07 13:45:02 ----A---- C:\WINDOWS\system32\IVIresizeA6.dll
2009-06-07 13:45:02 ----A---- C:\WINDOWS\system32\IVIresize.dll
2009-06-07 13:44:57 ----D---- C:\Program Files\InterVideo
2009-06-07 12:39:18 ----D---- C:\Documents and Settings\jose\Application Data\Macromedia
2009-06-07 12:39:18 ----D---- C:\Documents and Settings\jose\Application Data\Adobe
2009-06-07 12:22:30 ----D---- C:\Documents and Settings\jose\Application Data\Aim
2009-06-07 12:22:21 ----D---- C:\Program Files\AOD
2009-06-07 12:22:15 ----D---- C:\Program Files\AIM
2009-06-07 12:18:03 ----D---- C:\Documents and Settings\jose\Application Data\Malwarebytes
2009-06-07 12:17:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-07 12:17:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-07 11:29:36 ----A---- C:\WINDOWS\system32\tmp.txt
2009-06-07 11:29:27 ----A---- C:\rapport.txt
2009-06-07 11:29:14 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-06-07 11:29:14 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-06-07 11:29:14 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-06-07 11:29:14 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-06-07 11:29:14 ----A---- C:\WINDOWS\system32\swsc.exe
2009-06-07 11:29:14 ----A---- C:\WINDOWS\system32\swreg.exe
2009-06-07 11:29:14 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-06-07 11:29:14 ----A---- C:\WINDOWS\system32\Process.exe
2009-06-07 11:29:14 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-06-07 11:29:14 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-06-07 11:29:14 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-06-07 11:29:14 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-06-07 11:29:14 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-06-07 11:29:14 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-06-07 11:28:18 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-07 03:13:14 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-06-07 03:13:00 ----ASH---- C:\Documents and Settings\jose\Application Data\desktop.ini
2009-06-07 03:12:58 ----SD---- C:\Documents and Settings\jose\Application Data\Microsoft
2009-06-07 03:12:58 ----D---- C:\Documents and Settings\jose\Application Data\Symantec
2009-06-07 03:12:58 ----D---- C:\Documents and Settings\jose\Application Data\Sun
2009-06-07 03:12:58 ----D---- C:\Documents and Settings\jose\Application Data\Sony Corporation
2009-06-07 03:12:58 ----D---- C:\Documents and Settings\jose\Application Data\Mozilla
2009-06-07 03:12:58 ----D---- C:\Documents and Settings\jose\Application Data\Identities

======List of files/folders modified in the last 1 months======

2009-06-13 13:59:55 ----RD---- C:\Program Files
2009-06-13 13:43:55 ----HD---- C:\WINDOWS\inf
2009-06-13 13:43:01 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-13 13:43:00 ----D---- C:\WINDOWS
2009-06-13 13:02:39 ----D---- C:\WINDOWS\Temp
2009-06-13 11:46:31 ----D---- C:\WINDOWS\system32
2009-06-13 11:28:20 ----SHD---- C:\WINDOWS\Installer
2009-06-12 18:57:56 ----D---- C:\WINDOWS\system32\drivers
2009-06-12 18:55:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-12 18:22:16 ----DC---- C:\WINDOWS\system32\dllcache
2009-06-12 18:22:04 ----A---- C:\WINDOWS\imsins.BAK
2009-06-12 18:21:38 ----D---- C:\Program Files\Messenger
2009-06-12 07:40:49 ----D---- C:\Program Files\Internet Explorer
2009-06-12 07:40:23 ----D---- C:\WINDOWS\WinSxS
2009-06-12 07:37:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-12 07:35:16 ----SD---- C:\WINDOWS\Tasks
2009-06-12 07:35:16 ----A---- C:\WINDOWS\setuplog.txt
2009-06-10 23:05:11 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-06-10 23:01:46 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-10 23:01:46 ----D---- C:\Program Files\Sony
2009-06-10 23:01:45 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2009-06-10 22:50:01 ----D---- C:\WINDOWS\system32\DirectX
2009-06-10 22:38:41 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-10 22:34:42 ----D---- C:\WINDOWS\system32\wbem
2009-06-10 22:34:42 ----D---- C:\Program Files\Common Files
2009-06-10 22:34:09 ----D---- C:\WINDOWS\system32\config
2009-06-10 22:33:47 ----D---- C:\WINDOWS\Registration
2009-06-10 22:27:34 ----D---- C:\WINDOWS\system32\Restore
2009-06-10 18:43:50 ----SHD---- C:\RECYCLER
2009-06-10 08:08:34 ----D---- C:\Program Files\Java
2009-06-09 22:24:42 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-07 20:35:51 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-06-07 20:30:04 ----D---- C:\Program Files\Online Services
2009-06-07 18:30:44 ----D---- C:\Program Files\Common Files\System
2009-06-07 18:19:49 ----RSD---- C:\WINDOWS\Fonts
2009-06-07 18:05:10 ----D---- C:\WINDOWS\Debug
2009-06-07 18:04:05 ----D---- C:\WINDOWS\security
2009-06-07 17:32:13 ----D---- C:\WINDOWS\Help
2009-06-07 17:32:00 ----A---- C:\WINDOWS\OEWABLog.txt
2009-06-07 17:29:42 ----SHD---- C:\System Volume Information
2009-06-07 17:29:34 ----D---- C:\WINDOWS\AppPatch
2009-06-07 17:22:11 ----RASH---- C:\boot.ini
2009-06-07 17:20:46 ----D---- C:\WINDOWS\system32\oobe
2009-06-07 17:20:43 ----D---- C:\WINDOWS\system32\Setup
2009-06-07 17:20:43 ----D---- C:\WINDOWS\system32\mui
2009-06-07 17:20:42 ----D---- C:\WINDOWS\ime
2009-06-07 17:20:04 ----D---- C:\Program Files\Windows Media Player
2009-06-07 17:19:58 ----D---- C:\Program Files\Movie Maker
2009-06-07 17:19:53 ----D---- C:\WINDOWS\Media
2009-06-07 17:17:34 ----D---- C:\WINDOWS\system32\npp
2009-06-07 17:17:34 ----D---- C:\WINDOWS\msagent
2009-06-07 17:17:31 ----D---- C:\WINDOWS\srchasst
2009-06-07 17:17:29 ----D---- C:\Program Files\NetMeeting
2009-06-07 17:17:27 ----D---- C:\WINDOWS\system32\Com
2009-06-07 17:17:23 ----D---- C:\Program Files\Windows NT
2009-06-07 17:17:23 ----D---- C:\Program Files\Outlook Express
2009-06-07 17:16:57 ----D---- C:\WINDOWS\system32\usmt
2009-06-07 17:16:55 ----D---- C:\WINDOWS\system
2009-06-07 17:14:54 ----RD---- C:\WINDOWS\Web
2009-06-07 17:14:29 ----RASH---- C:\NTDETECT.COM
2009-06-07 17:13:46 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-06-07 16:55:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-07 14:04:45 ----HD---- C:\Program Files\Uninstall Information
2009-06-07 14:00:25 ----A---- C:\WINDOWS\win.ini
2009-06-07 13:58:25 ----D---- C:\WINDOWS\PCHealth
2009-06-07 13:48:10 ----D---- C:\Program Files\Common Files\InstallShield
2009-06-07 13:47:59 ----D---- C:\Program Files\Common Files\Sony Shared
2009-06-07 11:29:38 ----D---- C:\Program Files\Google
2009-06-07 03:12:57 ----D---- C:\Documents and Settings
2009-06-07 03:09:59 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DMICall;Sony DMI Call service; C:\WINDOWS\System32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 podmenadrv;podmenadrv; \??\C:\Program Files\podmena\podmena.sys []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-09 401408]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-02-13 610796]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2003-09-29 94601]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-03-03 679936]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2003-08-14 125952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-10-14 1043072]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2003-10-14 197120]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [2003-09-19 5786]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 oibtvcom;Bluetooth Virtual COM Port; C:\WINDOWS\System32\Drivers\oivmvcom.sys [2003-03-14 279680]
R3 oivmctrl;VCOMM Device Controller; C:\WINDOWS\System32\Drivers\oivmctrl.sys [2003-01-06 15616]
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\Drivers\SonyNC.sys [2000-11-09 48896]
R3 SPI;Sony Programmable I/O Control Device; C:\WINDOWS\System32\DRIVERS\SonyPI.sys [2001-08-17 37040]
R3 tifmsony;tifmsony; C:\WINDOWS\system32\drivers\tifmsony.sys [2004-03-04 64512]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w22n51;Intel® PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-01-02 1646720]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-10-14 679808]
S1 ethpxdnr;ethpxdnr; C:\WINDOWS\system32\drivers\ethpxdnr.sys [2009-06-12 136192]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\System32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-09-17 145408]
S3 gv3;Intel GV3 Processor Driver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-18 30976]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 pelmouse;Mouse Suite Driver; C:\WINDOWS\System32\DRIVERS\pelmouse.sys [2002-06-28 17251]
S3 pelusblf;USB Mouse Low Filter Driver; C:\WINDOWS\System32\DRIVERS\pelusblf.sys [2001-07-24 7520]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SONYTVC;Sony MPEG RR-Engine; C:\WINDOWS\System32\DRIVERS\SONYTVC.sys [2004-03-19 224896]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-03-03 417792]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 34816]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-10 152984]
R2 msncache;msncache; C:\WINDOWS\system32\svchost.exe [2004-08-04 34816]
R2 podmena;podmena; C:\WINDOWS\system32\svchost.exe [2004-08-04 34816]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 sopidkc;sopidkc Service; C:\WINDOWS\system32\sopidkc.exe [2003-03-31 144896]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2004-03-12 106578]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 794624]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE [2003-12-09 86105]
S3 SPTISRV;Sony SPTI Service; C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe [2003-12-09 86102]
S3 VAIO Entertainment Aggregation and Control Service;VAIO Entertainment Aggregation and Control Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe [2004-03-12 139264]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2004-03-12 90112]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe [2004-03-12 299008]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\vaio media integrated server\VMISrv.exe [2004-03-12 1712128]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe [2004-02-25 77824]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe [2004-02-25 757760]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe [2004-03-05 204800]
S3 VAIOMediaPlatform-VideoServer-AppServer;VAIO Media Video Server; C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe [2003-10-30 1306624]
S3 VAIOMediaPlatform-VideoServer-HTTP;VAIO Media Video Server (HTTP); C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe [2004-02-25 77824]
S3 VAIOMediaPlatform-VideoServer-UPnP;VAIO Media Video Server (UPnP); C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe [2004-02-25 757760]

-----------------EOF-----------------


Looks messy....thanks so much again! :thumbup2:

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 14 June 2009 - 10:27 AM

Your welcome :thumbup2:
Let me take a look at those logs and I will instruct you forthcoming.
Kind regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 el_feroz

el_feroz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 14 June 2009 - 02:43 PM

Thanks man, but my computer since that last post really bleeped up!!!! First and formost every time i searched anything in google or yahoo it redirected me somewhere else. Then its started to download some sytem protection software and then I had this youporn, porntube, and something else icons in my desktop. And finally in my bottom right it kept on telling me that I had a downloader trojan w32 something and I could not connect to the internet or anything. I had no choice but to restore my C drive to the factory settings. Since then I installed the latest java file and windows service pack 2. So I redid that hijack thing to post my new logs and here they are.

info.txt......


info.txt logfile of random's system information tool 1.06 2009-06-14 15:34:04

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AOL Setup-->"C:\Program Files\Online Services\AOL Setup\unwise.exe" /A "C:\Program Files\Online Services\AOL Setup\install.log" Uninstall AOL Setup
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATK0100 ACPI UTILITY-->C:\WINDOWS\ATK0100\XPunin.exe
BlueSpace NE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A62C3DB-2506-4FAE-A6DB-55D12A9BA370}\Setup.exe" -l0x9
Bluetooth Virtual COM Port-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A01348CB-585D-472E-B071-60DF7A1C8A88}\Setup.exe" -l0x9
Business Contact Manager for Outlook 2003-->MsiExec.exe /I{66563AD8-637B-407F-BCA7-0233A16891AB}
CC_ccProxyMSI-->MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
CC_ccStart-->MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Click to DVD 2.0 Menu Data-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98A3A654-3AEF-42D9-BA91-DE5815EA5897}\setup.exe"
Click to DVD 2.0.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C2F71B2-6C73-11D6-B659-00C04F790F76}\setup.exe"
CONNECT-->"C:\Program Files\Sony\CONNECT\unwise.exe" /A "C:\Program Files\Sony\CONNECT\install.log" Uninstall CONNECT
Drag'n Drop CD+DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDC146FA-73E0-4FA1-A353-841EA14BF600}\Setup.exe" -l0x9 deleteall
DVgate Plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\setup.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HotKey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\setup.exe" -l0x9
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
InterVideo WinDVD 5 for VAIO-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java 2 Runtime Environment, SE v1.4.2_01-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Memory Stick Formatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MoodLogic-->C:\WINDOWS\ml-uninstall-v10.exe
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
Netscape (7.02)-->C:\WINDOWS\NSUninst.exe /ua "7.02 (en)"
Netscape Internet Service Setup-->"C:\Program Files\Online Services\Netscape Online Setup\unwise.exe" /A "C:\Program Files\Online Services\Netscape Online Setup\install.log" Uninstall Netscape Internet Service Setup
Network Smart Capture-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30642CE1-217B-40C0-92E2-6BF849599D9E}\setup.exe" -l0x9
Norton AntiSpam-->MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security-->MsiExec.exe /I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
Norton Internet Security-->MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security-->MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security-->MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security-->MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
OpenMG Limited Patch 3.4-03-12-16-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.4-03-12-16-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.4.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{657DD6DA-B07B-40FF-9DBD-2116F7E83CF6}\Setup.exe" -l0x9 UNINSTALL
PictureGear Studio 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88DA0A52-3372-4803-971A-ADFB961707E8}\setup.exe"
Quicken 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SoftV92 Data Fax Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_818C104D\HXFSETUP.EXE -U -IVEN_8086&DEV_24C6&SUBSYS_818C104D
SonicStage 2.0.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony Certificate PCH-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony Notebook Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{936FADC9-C609-471A-B6F2-A33E2E660D1A}\setup.exe" -l0x9
Sony USB Mouse-->PMUninst.exe MouseSuite98
Sony Utilities DLL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9
Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
VAIO Entertainment Platform-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}\Setup.exe" -l0x9
VAIO Help and Support-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
VAIO Media 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9 UNINSTALL
VAIO Media Redistribution 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
VAIO Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{545DB151-1514-4FFC-BF2F-FE8FBBD06987}\setup.exe" -l0x9
VAIO Registration-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO SLIT Pattern Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266AEE68-5718-4A31-BDD3-D356B1250C70}\setup.exe" -l0x9
VAIO SLIT-C Screen Saver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01AF4645-78E6-46C4-B528-54863679CC40}\setup.exe" -l0x9
VAIO Survey Standalone-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
VAIO Update 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656C}\setup.exe" -l0x9
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Welcome to VAIO life-->"C:\Program Files\Sony\Welcome to VAIO life\unwise.exe" /A "C:\Program Files\Sony\Welcome to VAIO life\install.log" Uninstall Welcome to VAIO life
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Wireless Switch Setting Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}\Setup.exe" -l0x9

======System event log======

Computer Name: VALUED-30F75E57
Event Code: 16391
Message: The BITS job list is not in a recognized format. It may have been created by a different version of BITS. The job list has been cleared.

Record Number: 149
Source Name: BITS
Time Written: 20090614152559.000000-240
Event Type: error
User:

Computer Name: VALUED-30F75E57
Event Code: 1
Message: The System Restore filter encountered the unexpected error '0xC000000D' while processing the file 'MSI5f0a.tmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

Record Number: 44
Source Name: sr
Time Written: 20090614142826.000000-240
Event Type: error
User:

Computer Name: VALUED-30F75E57
Event Code: 20
Message: Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll.

Record Number: 38
Source Name: Print
Time Written: 20090614142802.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: VALUED-30F75E57
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 35
Source Name: Disk
Time Written: 20090614142651.000000-240
Event Type: warning
User:

Computer Name: VALUED-30F75E57
Event Code: 1
Message: The System Restore filter encountered the unexpected error '0xC000000D' while processing the file 'MSId8ca.tmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

Record Number: 34
Source Name: sr
Time Written: 20090614142136.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: VALUED-30F75E57
Event Code: 19011
Message:
Record Number: 27
Source Name: MSSQL$MICROSOFTBCM
Time Written: 20090614143229.000000-240
Event Type: warning
User:

Computer Name: VALUED-30F75E57
Event Code: 62
Message: WMI ADAP was unable to process the .NET CLR Networking performance library since one of the data blobs reported to have classes but had zero size

Record Number: 25
Source Name: WinMgmt
Time Written: 20090614143149.000000-240
Event Type: warning
User:

Computer Name: VALUED-30F75E57
Event Code: 62
Message: WMI ADAP was unable to process the .NET CLR Data performance library since one of the data blobs reported to have classes but had zero size

Record Number: 24
Source Name: WinMgmt
Time Written: 20090614143149.000000-240
Event Type: warning
User:

Computer Name: VALUED-30F75E57
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 18
Source Name: ASP.NET 1.1.4322.0
Time Written: 20090614142949.000000-240
Event Type: warning
User:

Computer Name: VALUED-30F75E57
Event Code: 63
Message: A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 12
Source Name: WinMgmt
Time Written: 20090614142727.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\IM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------


Logfile .......



Logfile of random's system information tool 1.06 (written by random/random)
Run by jose at 2009-06-14 15:33:51
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 12 GB (59%) free of 20 GB
Total RAM: 767 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:02 PM, on 6/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jose\Desktop\RSIT.exe
C:\Program Files\trend micro\jose.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [ZZZ] C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

--
End of file - 9968 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\Registration reminder 2.job
C:\WINDOWS\tasks\Registration reminder 3.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
CNisExtBho Class - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2003-09-06 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2004-03-29 770048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2003-08-17 103592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-14 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2004-03-29 770048]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Web assistant - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2003-09-06 126976]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2003-08-17 103592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"=C:\WINDOWS\ATK0100\Hcontrol.exe [2003-09-19 61440]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2003-11-07 114688]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-03-03 335872]
"Mouse Suite 98 Daemon"=C:\WINDOWS\system32\ICO.EXE [2002-03-14 45056]
"BluetoothAuthenticationAgent"=irprops.cpl,,BluetoothAuthenticationAgent []
"CreateCD_Reminder"=C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe [2004-03-05 53248]
"SonyPowerCfg"=C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2003-12-12 167936]
"HKSERV.EXE"=C:\Program Files\Sony\HotKey Utility\HKserv.exe [2004-02-13 98304]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2004-02-20 32768]
"VAIO Update 2"=C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe [2004-01-17 135168]
"ezShieldProtector for Px"=C:\WINDOWS\System32\ezSP_Px.exe [2002-08-20 40960]
"VAIOSurvey"=c:\program files\sony\vaio survey\surveysa.exe [2003-11-03 1052672]
"ZZZ"=C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe [2003-05-16 24576]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2003-09-06 70816]
"IS CfgWiz"=C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe [2003-08-20 124096]
"URLLSTCK.exe"=C:\Program Files\Norton Internet Security\UrlLstCk.exe [2003-09-06 70840]
"Switcher.exe"=C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2004-01-19 290816]
"VAIO Recovery"=C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [2003-04-20 28672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-14 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-03-03 86016]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-06-14 15:33:51 ----D---- C:\Program Files\trend micro
2009-06-14 15:33:50 ----D---- C:\rsit
2009-06-14 15:28:36 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-06-14 15:27:05 ----D---- C:\Program Files\Mozilla Firefox
2009-06-14 15:25:02 ----D---- C:\Program Files\VideoLAN
2009-06-14 15:23:11 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-06-14 15:21:11 ----D---- C:\WINDOWS\Prefetch
2009-06-14 15:21:02 ----D---- C:\WINDOWS\SoftwareDistribution
2009-06-14 15:14:03 ----N---- C:\WINDOWS\system32\proxycfg.exe
2009-06-14 15:14:03 ----N---- C:\WINDOWS\system32\logman.exe
2009-06-14 15:13:33 ----N---- C:\WINDOWS\system32\blastcln.exe
2009-06-14 15:13:33 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2009-06-14 15:13:33 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2009-06-14 15:13:33 ----N---- C:\WINDOWS\system32\auditusr.exe
2009-06-14 15:13:33 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-06-14 15:13:33 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-06-14 15:13:33 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-06-14 15:13:32 ----N---- C:\WINDOWS\system32\cmsetacl.dll
2009-06-14 15:13:32 ----N---- C:\WINDOWS\system32\btpanui.dll
2009-06-14 15:13:31 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-06-14 15:13:31 ----N---- C:\WINDOWS\system32\fwcfg.dll
2009-06-14 15:13:31 ----N---- C:\WINDOWS\system32\fsquirt.exe
2009-06-14 15:13:31 ----N---- C:\WINDOWS\system32\fltmc.exe
2009-06-14 15:13:31 ----N---- C:\WINDOWS\system32\fltlib.dll
2009-06-14 15:13:31 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-06-14 15:13:30 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-06-14 15:13:30 ----N---- C:\WINDOWS\system32\httpapi.dll
2009-06-14 15:13:29 ----N---- C:\WINDOWS\system32\kbdukx.dll
2009-06-14 15:13:29 ----N---- C:\WINDOWS\system32\kbdsmsno.dll
2009-06-14 15:13:29 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll
2009-06-14 15:13:29 ----N---- C:\WINDOWS\system32\kbdno1.dll
2009-06-14 15:13:29 ----N---- C:\WINDOWS\system32\kbdmlt48.dll
2009-06-14 15:13:29 ----N---- C:\WINDOWS\system32\kbdmlt47.dll
2009-06-14 15:13:29 ----N---- C:\WINDOWS\system32\kbdmaori.dll
2009-06-14 15:13:29 ----N---- C:\WINDOWS\system32\kbdinmal.dll
2009-06-14 15:13:29 ----N---- C:\WINDOWS\system32\kbdinben.dll
2009-06-14 15:13:29 ----N---- C:\WINDOWS\system32\kbdinbe1.dll
2009-06-14 15:13:29 ----N---- C:\WINDOWS\system32\kbdfi1.dll
2009-06-14 15:13:28 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-06-14 15:13:28 ----N---- C:\WINDOWS\system32\msdadiag.dll
2009-06-14 15:13:27 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-06-14 15:13:27 ----N---- C:\WINDOWS\system32\powercfg.exe
2009-06-14 15:13:27 ----N---- C:\WINDOWS\system32\pnrpnsp.dll
2009-06-14 15:13:27 ----N---- C:\WINDOWS\system32\p2psvc.dll
2009-06-14 15:13:27 ----N---- C:\WINDOWS\system32\p2pnetsh.dll
2009-06-14 15:13:27 ----N---- C:\WINDOWS\system32\p2pgraph.dll
2009-06-14 15:13:27 ----N---- C:\WINDOWS\system32\p2pgasvc.dll
2009-06-14 15:13:27 ----N---- C:\WINDOWS\system32\p2p.dll
2009-06-14 15:13:27 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-06-14 15:13:26 ----N---- C:\WINDOWS\system32\winshfhc.dll
2009-06-14 15:13:26 ----N---- C:\WINDOWS\system32\w3ssl.dll
2009-06-14 15:13:26 ----N---- C:\WINDOWS\system32\twext.dll
2009-06-14 15:13:26 ----N---- C:\WINDOWS\system32\strmfilt.dll
2009-06-14 15:13:26 ----N---- C:\WINDOWS\system32\smbinst.exe
2009-06-14 15:13:26 ----N---- C:\WINDOWS\system32\slserv.exe
2009-06-14 15:13:26 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-06-14 15:13:26 ----N---- C:\WINDOWS\system32\slgen.dll
2009-06-14 15:13:26 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-06-14 15:13:26 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-06-14 15:13:26 ----N---- C:\WINDOWS\system32\sdhcinst.dll
2009-06-14 15:13:24 ----N---- C:\WINDOWS\system32\wscsvc.dll
2009-06-14 15:13:24 ----N---- C:\WINDOWS\system32\wscntfy.exe
2009-06-14 15:13:23 ----N---- C:\WINDOWS\system32\xmlprovi.dll
2009-06-14 15:13:23 ----N---- C:\WINDOWS\system32\xmlprov.dll
2009-06-14 15:13:23 ----N---- C:\WINDOWS\system32\wuaueng1.dll
2009-06-14 15:13:23 ----N---- C:\WINDOWS\system32\wuauclt1.exe
2009-06-14 15:13:23 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-06-14 15:13:23 ----A---- C:\WINDOWS\system32\wups.dll
2009-06-14 15:13:23 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-06-14 15:13:23 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-06-14 15:13:22 ----N---- C:\WINDOWS\system32\xpob2res.dll
2009-06-14 15:13:22 ----N---- C:\WINDOWS\slrundll.exe
2009-06-14 15:13:20 ----D---- C:\WINDOWS\peernet
2009-06-14 15:13:19 ----D---- C:\WINDOWS\provisioning
2009-06-14 15:11:05 ----D---- C:\WINDOWS\ServicePackFiles
2009-06-14 15:07:02 ----A---- C:\WINDOWS\002212_.tmp
2009-06-14 15:06:46 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-06-14 15:03:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-06-14 15:03:50 ----D---- C:\WINDOWS\EHome
2009-06-14 14:59:49 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-06-14 14:59:48 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-14 14:59:48 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-14 14:59:48 ----A---- C:\WINDOWS\system32\java.exe
2009-06-14 14:57:50 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-06-14 14:37:55 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-06-14 14:37:55 ----A---- C:\WINDOWS\system32\mtxclu.dll
2009-06-14 14:37:55 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-06-14 14:37:55 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-06-14 14:37:55 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-06-14 14:37:55 ----A---- C:\WINDOWS\system32\comuid.dll
2009-06-14 14:37:54 ----A---- C:\WINDOWS\system32\txflog.dll
2009-06-14 14:37:54 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-06-14 14:37:54 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2009-06-14 14:37:54 ----A---- C:\WINDOWS\system32\ole32.dll
2009-06-14 14:37:54 ----A---- C:\WINDOWS\system32\colbact.dll
2009-06-14 14:37:53 ----A---- C:\WINDOWS\system32\es.dll
2009-06-14 14:37:53 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-06-14 14:37:53 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-06-14 14:37:53 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-06-14 14:37:53 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-06-14 14:37:53 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-06-14 14:37:40 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2009-06-14 14:37:40 ----A---- C:\WINDOWS\system32\mf3216.dll
2009-06-14 14:37:39 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2009-06-14 14:37:39 ----A---- C:\WINDOWS\system32\h323msp.dll
2009-06-14 14:37:38 ----A---- C:\WINDOWS\system32\netapi32.dll
2009-06-14 14:33:26 ----D---- C:\WINDOWS\system32\Backup
2009-06-14 14:33:05 ----D---- C:\WINDOWS\SQLHotfix
2009-06-14 14:32:01 ----N---- C:\WINDOWS\system32\dbmsqlgc.dll
2009-06-14 14:32:01 ----N---- C:\WINDOWS\system32\dbmsgnet.dll
2009-06-14 14:31:01 ----D---- C:\Program Files\Microsoft Visual Studio .NET 2003
2009-06-14 14:30:57 ----D---- C:\Program Files\Common Files\Crystal Decisions
2009-06-14 14:30:35 ----D---- C:\Program Files\Microsoft SQL Server
2009-06-14 14:28:38 ----RSD---- C:\WINDOWS\assembly
2009-06-14 14:28:37 ----D---- C:\WINDOWS\Microsoft.NET
2009-06-14 14:28:34 ----D---- C:\WINDOWS\system32\URTTemp
2009-06-14 14:28:09 ----A---- C:\WINDOWS\ODBC.INI
2009-06-14 14:28:02 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-06-14 14:27:11 ----D---- C:\Program Files\Microsoft ActiveSync
2009-06-14 14:26:44 ----D---- C:\Program Files\Common Files\DESIGNER
2009-06-14 14:26:25 ----D---- C:\WINDOWS\SHELLNEW
2009-06-14 14:25:32 ----D---- C:\Program Files\Microsoft Office
2009-06-14 14:24:50 ----RHD---- C:\MSOCache
2009-06-14 14:19:54 ----D---- C:\Program Files\Microsoft Works
2009-06-14 14:15:21 ----D---- C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
2009-06-14 14:13:43 ----N---- C:\WINDOWS\system32\Px.ini
2009-06-14 14:13:16 ----D---- C:\Program Files\drag'n drop cd+dvd
2009-06-14 14:12:18 ----A---- C:\WINDOWS\system32\IVIresizeW7.dll
2009-06-14 14:12:18 ----A---- C:\WINDOWS\system32\IVIresizePX.dll
2009-06-14 14:12:18 ----A---- C:\WINDOWS\system32\IVIresizeP6.dll
2009-06-14 14:12:18 ----A---- C:\WINDOWS\system32\IVIresizeM6.dll
2009-06-14 14:12:18 ----A---- C:\WINDOWS\system32\IVIresizeA6.dll
2009-06-14 14:12:18 ----A---- C:\WINDOWS\system32\IVIresize.dll
2009-06-14 14:12:13 ----D---- C:\Program Files\InterVideo
2009-06-14 14:11:25 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-06-14 14:11:09 ----ASH---- C:\Documents and Settings\jose\Application Data\desktop.ini
2009-06-14 14:11:08 ----D---- C:\Documents and Settings\jose\Application Data\Identities
2009-06-14 14:11:07 ----SD---- C:\Documents and Settings\jose\Application Data\Microsoft
2009-06-14 14:11:07 ----D---- C:\Documents and Settings\jose\Application Data\Symantec
2009-06-14 14:11:07 ----D---- C:\Documents and Settings\jose\Application Data\Sun
2009-06-14 14:11:07 ----D---- C:\Documents and Settings\jose\Application Data\Sony Corporation
2009-06-14 14:11:07 ----D---- C:\Documents and Settings\jose\Application Data\Mozilla

======List of files/folders modified in the last 1 months======

2009-06-14 17:08:15 ----A---- C:\WINDOWS\system.ini
2009-06-14 15:33:51 ----RD---- C:\Program Files
2009-06-14 15:32:59 ----D---- C:\WINDOWS\system32
2009-06-14 15:32:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-14 15:32:19 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-06-14 15:31:35 ----D---- C:\WINDOWS\Temp
2009-06-14 15:31:34 ----D---- C:\WINDOWS
2009-06-14 15:31:32 ----DC---- C:\WINDOWS\system32\dllcache
2009-06-14 15:31:19 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-14 15:30:07 ----D---- C:\WINDOWS\security
2009-06-14 15:30:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-14 15:29:24 ----HD---- C:\WINDOWS\inf
2009-06-14 15:24:12 ----D---- C:\WINDOWS\Debug
2009-06-14 15:23:49 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-14 15:23:25 ----D---- C:\WINDOWS\Help
2009-06-14 15:23:22 ----SHD---- C:\WINDOWS\Installer
2009-06-14 15:23:12 ----A---- C:\WINDOWS\OEWABLog.txt
2009-06-14 15:22:44 ----A---- C:\WINDOWS\imsins.BAK
2009-06-14 15:22:23 ----A---- C:\WINDOWS\setuplog.txt
2009-06-14 15:21:41 ----D---- C:\WINDOWS\system32\wbem
2009-06-14 15:20:36 ----SHD---- C:\System Volume Information
2009-06-14 15:20:30 ----D---- C:\Program Files\Messenger
2009-06-14 15:20:29 ----D---- C:\WINDOWS\AppPatch
2009-06-14 15:20:29 ----D---- C:\Program Files\Internet Explorer
2009-06-14 15:20:26 ----RSD---- C:\WINDOWS\Fonts
2009-06-14 15:20:13 ----D---- C:\WINDOWS\system32\drivers
2009-06-14 15:15:00 ----RASH---- C:\boot.ini
2009-06-14 15:14:07 ----D---- C:\WINDOWS\WinSxS
2009-06-14 15:14:02 ----D---- C:\WINDOWS\system32\oobe
2009-06-14 15:14:01 ----D---- C:\WINDOWS\system32\Setup
2009-06-14 15:14:01 ----D---- C:\WINDOWS\system32\mui
2009-06-14 15:14:00 ----D---- C:\WINDOWS\ime
2009-06-14 15:13:22 ----D---- C:\Program Files\Windows Media Player
2009-06-14 15:13:20 ----D---- C:\Program Files\Movie Maker
2009-06-14 15:13:19 ----D---- C:\WINDOWS\Media
2009-06-14 15:10:53 ----D---- C:\WINDOWS\system32\Restore
2009-06-14 15:10:53 ----D---- C:\WINDOWS\system32\npp
2009-06-14 15:10:53 ----D---- C:\WINDOWS\msagent
2009-06-14 15:10:51 ----D---- C:\WINDOWS\srchasst
2009-06-14 15:10:49 ----D---- C:\Program Files\NetMeeting
2009-06-14 15:10:47 ----D---- C:\WINDOWS\system32\Com
2009-06-14 15:10:42 ----D---- C:\Program Files\Windows NT
2009-06-14 15:10:42 ----D---- C:\Program Files\Outlook Express
2009-06-14 15:10:34 ----D---- C:\Program Files\Common Files\System
2009-06-14 15:10:16 ----D---- C:\WINDOWS\system32\usmt
2009-06-14 15:10:14 ----D---- C:\WINDOWS\system
2009-06-14 15:08:12 ----RD---- C:\WINDOWS\Web
2009-06-14 15:07:45 ----RASH---- C:\NTDETECT.COM
2009-06-14 15:07:01 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-06-14 14:58:48 ----D---- C:\Program Files\Java
2009-06-14 14:38:45 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-06-14 14:38:45 ----D---- C:\Program Files\Common Files
2009-06-14 14:30:08 ----D---- C:\WINDOWS\Registration
2009-06-14 14:27:37 ----A---- C:\WINDOWS\win.ini
2009-06-14 14:26:07 ----SHD---- C:\RECYCLER
2009-06-14 14:25:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-14 14:25:32 ----D---- C:\WINDOWS\PCHealth
2009-06-14 14:18:29 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-14 14:18:29 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2009-06-14 14:17:51 ----D---- C:\Program Files\Sony
2009-06-14 14:15:14 ----D---- C:\Program Files\Common Files\InstallShield
2009-06-14 14:15:04 ----D---- C:\Program Files\Common Files\Sony Shared
2009-06-14 14:11:06 ----D---- C:\Documents and Settings
2009-06-14 14:10:00 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DMICall;Sony DMI Call service; C:\WINDOWS\System32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2003-08-31 263240]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-09 401408]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-02-13 610796]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2003-09-29 94601]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-03-03 679936]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2003-08-14 125952]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-10-14 1043072]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2003-10-14 197120]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [2003-09-19 5786]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20030814.007\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20030814.007\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 oibtvcom;Bluetooth Virtual COM Port; C:\WINDOWS\System32\Drivers\oivmvcom.sys [2003-03-14 279680]
R3 oivmctrl;VCOMM Device Controller; C:\WINDOWS\System32\Drivers\oivmctrl.sys [2003-01-06 15616]
R3 SAVRT;SAVRT; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\Drivers\SonyNC.sys [2000-11-09 48896]
R3 SPI;Sony Programmable I/O Control Device; C:\WINDOWS\System32\DRIVERS\SonyPI.sys [2001-08-17 37040]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2003-08-31 16328]
R3 tifmsony;tifmsony; C:\WINDOWS\system32\drivers\tifmsony.sys [2004-03-04 64512]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w22n51;Intel® PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-01-02 1646720]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-10-14 679808]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\System32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-03 274304]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-09-17 145408]
S3 gv3;Intel GV3 Processor Driver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-18 30976]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 pelmouse;Mouse Suite Driver; C:\WINDOWS\System32\DRIVERS\pelmouse.sys [2002-06-28 17251]
S3 pelusblf;USB Mouse Low Filter Driver; C:\WINDOWS\System32\DRIVERS\pelusblf.sys [2001-07-24 7520]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYTVC;Sony MPEG RR-Engine; C:\WINDOWS\System32\DRIVERS\SONYTVC.sys [2004-03-19 224896]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-03-03 397312]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2003-09-06 255136]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2003-09-06 218272]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2003-09-06 234656]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-14 152984]
R2 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2003-08-17 158376]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2004-03-12 86098]
R3 SAVScan;SAVScan; C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2003-08-10 193816]
R3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2003-08-31 197896]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2003-09-06 87200]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE [2003-12-09 65625]
S3 SPTISRV;Sony SPTI Service; C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe [2003-12-09 65622]
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]
S3 VAIO Entertainment Aggregation and Control Service;VAIO Entertainment Aggregation and Control Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe [2004-03-12 118784]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2004-03-12 69632]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe [2004-03-12 278528]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\vaio media integrated server\VMISrv.exe [2004-03-12 1691648]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe [2004-02-25 57344]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe [2004-02-25 737280]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe [2004-03-05 184320]
S3 VAIOMediaPlatform-VideoServer-AppServer;VAIO Media Video Server; C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe [2003-10-30 1286144]
S3 VAIOMediaPlatform-VideoServer-HTTP;VAIO Media Video Server (HTTP); C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe [2004-02-25 57344]
S3 VAIOMediaPlatform-VideoServer-UPnP;VAIO Media Video Server (UPnP); C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe [2004-02-25 737280]

-----------------EOF-----------------

THis is probably the 5th time I restore my comp in the last 3 weeks.
thanks man! :thumbup2:

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 15 June 2009 - 06:22 AM

Hi again,
I have real bad news. Your computer is severely infected likely beyond repair!! :thumbup2: Please see below.........

**********

Your system is infected with a nasty variant of Virut, a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Virux is an even more complex file infector which can embed an iframe into the body of web-related files and infect script files (.php, .asp, and .html). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable.

The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files....some W32/Virut.h infections are corrupted beyond repair.

McAfee Risk Assessment and Overview of W32/Virut

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus...Due to the damaged caused to files by virut it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. undetected, corrupted files (possibly still containing part of the viral code) can also be found. this is caused by incorrectly written and non-function viral code present in these files.

AVG Overview of W32/VirutThis kind of infection is contracted and spread by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and an increasing source of system infection. However, the CA Security Advisor Research Blog says they have found MySpace user pages carrying the malicious Virut URL. Either way you can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:There is no guarantee this infection can be completely removed. In some instances it may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read:**********

If you insist on trying to fix this infection instead of following our advice to reformat and reinstall your operating system, there are various rescue disks available from major anti-virus vendors which you can try. Keep in mind, even the vendors like Kaspersky say there is no quarantee that some files will not get corrupted during the disinfection process. In the end most folks end up reformatting out of frustration after spending hours attempting to repair and remove infected files. IMO the safest and easiest thing to do is just reformat and reinstall Windows.

Bleeping Computer DOES NOT assume any responsibility for your attempt to repair this infection using any of the following tools. You do this at your own risk and against our advice.

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

**********

I am very sorry,
Please surf safe,
Regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 el_feroz

el_feroz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 15 June 2009 - 07:27 PM

Its ok man maybe i just need a new computer. But by there being no way to fix it...does that mean even after reformating and reinstalling.....it would not work?
Second how do I reformat?
And Finallly,
These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.

* Avira AntiVir Rescue System - Tutorial for Avira Rescue CD.
If you encounter problems running the Rescue Disk, you can get further assistance at the Avira Support Forum.
* Dr Web LiveCD. Be sure to print out and follow the instructions provided in the User Manual.
* F-Secure Rescue CD - Rescue CD 3.01 released.
Video: How to Remove Malware with F-Secure Rescue CD
If you encounter problems running the Rescue CD, you can get further assistance at the F-Secure Support Forum.
* BitDefender LiveCD - Index of /rescue_cd
If you encounter problems running the Rescue CD, you can get further assistance at the BitDefender Support Forum.
* Kaspersky RescueDisk - Index of /devbuilds/RescueDisk/
If you encounter problems running the RescueDisk, you can get further assistance at the Kaspersky Support Forum.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Would these work? Or Should I just delete everything and trow away my laptop??? I have a windows xp version...would a windows xp pro fix it?? I really dont mind deleting everything as long as I can end up using this comp again. Money is toight right now, so ill do whatever to get it up and working.
Thanks

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 15 June 2009 - 09:13 PM

Hi,
After you format (erase the hard disk) and reinstall (take your original Windows XP install disk and install a fresh copy of Windows XP) your computer will be like new!! No need to throw anything away. :thumbup2: Unfortuantely all your applications and data is lost!

As far as successfully cleaning up Virut. It is exceptionally unlikely that you will be able to clean it even with the methods outlined. The reason for this is because typically in the process of removing this infection it damages the files the computer requires to run properly......... beyond repair.

Here is detailed info about formatting:

Format
Some types of malware can result in a system so badly damaged that a Repair Install will NOT help!. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Starting over by wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action.

In case you need help with this, please review:These links include step-by-step instructions with screenshots:Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, personal data files and photos. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr) or autorun (.ini) files because they may be infected by malwareware appending itself to the executable. Some types of malware may even disguise itself by adding and hiding its extension to the existing extension of files so be sure you look closely at the full file name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

Note: If your using an IBM, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it.

If you need additional assistance with reformatting, you can start a new topic in the Windows XP Home and Professional forum.

Hope that helps,
Kind regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users