Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:10:26 PM, on 11/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ForeScout SecureConnector\SecureConnector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Donna\Local Settings\Application Data\yhslik\xepdsysguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\DOCUME~1\Donna\LOCALS~1\Temp\a1re1f0q.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 winwarepro.microsoft.com
O1 - Hosts: 91.212.127.226 winwarepro.com
O1 - Hosts: 91.212.127.226 www.winwarepro.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [BearShare] "F:\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SecureConnector] "C:\Program Files\ForeScout SecureConnector\SecureConnector.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxkugiym] C:\Documents and Settings\Donna\Local Settings\Application Data\yhslik\xepdsysguard.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [lxkugiym] C:\Documents and Settings\Donna\Local Settings\Application Data\yhslik\xepdsysguard.exe
O4 - HKCU\..\Run: [BackUp Windows 2009] C:\DOCUME~1\Donna\LOCALS~1\Temp\a1re1f0q.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/m010g/EN/install/gtdownlr.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O20 - AppInit_DLLs: hawivobi.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: N24dan - Micro Vision Co.,Ltd - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SMART Board Service - SMART Technologies - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10897 bytes

Hello, my name is fenzodahl512 and welcome to the forum.. Please do the following....


Please download The Comedian.exe by Rorschach112 to your desktop

• Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
• Double click the program to run it. It will only take around several minutes to run.
• It will do a series of tasks and tell you when each one is finished.
• You will be prompted to press any key after each step
• When it is done it will close and exit itself automatically.
• You can delete The_Comedian.exe once it is finished

STOP! if you can't complete this step.. Tell me more about it..



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



NEXT


Please download RSIT by random/random and save it to your Desktop.

• Double click on RSIT.exe to run RSIT
• Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>

• Open the program and click on the Rootkit tab.
• Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
• Click on Scan.
• When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.

IMPORTANT: Do NOT run any program while you are doing this scan as it may interfere with the output result



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Hi fenzodahl512,

I had to download malwarebytes from another pc and transfer it over with a flashdrive...after I tried installing it I got the following error message:

Unable to execute file:
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

CreateProcess failed; code 2.
The system cannot find the file specified."

proceed with next steps

info.txt logfile of random's system information tool 1.06 2009-11-07 16:40:30

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon i320-->C:\WINDOWS\system32\CNMCP47.exe "-PRINTERNAMECanon i320" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i320 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
Citrix Presentation Server Client - Web Only-->MsiExec.exe /X{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}
Click to DVD 2.5.30-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B82682E-C555-45DA-8E2C-CE6525427AC9}\setup.exe" -l0x9 -removeonly
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Fingerprint Tutorial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF7BB06C-5D95-4C7C-8B9B-E1B1E37E8692}\setup.exe" -l0x9 -removeonly
HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003\HXFSETUP.EXE -U -ISnyHDANk.inf
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Image Converter 2 Plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63B8FB69-A1B6-425D-B67D-5257B7A1F663}\setup.exe" -l0x9 /CONPANE
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
J2SE Runtime Environment 5.0 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
LAN Setting Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5958CAC6-373E-402F-84FE-0A699AA920B9}\setup.exe" -l0x9
Macromedia Flash Player 8 Plugin-->MsiExec.exe /X{E3D278BD-FC97-4F87-BB1F-689AE0CB9122}
Macromedia Flash Player 8-->MsiExec.exe /X{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Memory Stick Formatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
mEoU-->MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Digital Image Starter Edition 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
OpenMG AAC Add-on Module 1.0.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3} UNINSTALL
OpenMG Limited Patch 4.5-06-05-12-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.5-06-05-12-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.5.01-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{3633BA28-67CE-4AC8-A677-3406CA84C3D8} UNINSTALL
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Safari-->MsiExec.exe /I{2D6ED011-055B-4041-B198-BB903827EBFB}
SDP Downloader-->MsiExec.exe /I{B547CB8D-549A-436E-97B5-E79F911B11E2}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SMART Board Drivers-->MsiExec.exe /X{FF7A64AB-214A-47D1-95E7-742BCBA7F6C9}
Sony Certificate PCH-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony Ericsson Wireless Modem-->C:\WINDOWS\system32\GCXXDU.exe verbose
Sony MP4 Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe" -l0x9 -removeonly
Sony Utilities DLL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9
Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}\setup.exe" -l0x9 -removeonly
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TPM Tutorial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6D24DE1-6894-452D-A714-FDA0929714EC}\setup.exe" -l0x9 -removeonly
Trend Micro Anti-Spyware-->C:\Program Files\Trend Micro\Tmas\tmas.exe -uninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VAIO Backup Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9952D4E-766C-4CD3-BF2E-A2C3D8B15EF3}\setup.exe" -l0x9 -removeonly
VAIO Breeze Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}\setup.exe" -l0x9
VAIO Camera Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1417F599-1DBD-4499-9375-B2813E9F890C}\Setup.exe" -l0x9
VAIO Central-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E993095-28F2-4060-9101-99C1FD1195C0}\setup.exe" -l0x9 -removeonly
VAIO Event Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}\setup.exe" -l0x9
VAIO Hardware Diagnostics-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A947C2B3-7445-42C4-9063-EE704CACCB22}\setup.exe" -l0x9
VAIO HDD Protection-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C518C7BF-A345-4019-815B-FFDF32EBCAD9}\setup.exe" -l0x9
VAIO Light Flo Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}\setup.exe" -l0x9
VAIO Media 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media AC3 Decoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{785EB1D4-ECEC-4195-99B4-73C47E187721}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Redistribution 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Registration Tool 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}\setup.exe" -l0x9
VAIO Original Screen Saver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}\setup.exe" -l0x9
VAIO Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{565F04D0-11FA-487E-8A92-F9D11CC011B3}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Registration-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO Security Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}\setup.exe" -l0x9 -removeonly
VAIO Support Central-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82081533-F045-469E-BD53-F16839E445C3}\setup.exe" -l0x9 -removeonly
VAIO Update 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\setup.exe" -l0x9
VAIO Wireless LAN Setup Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DF00135-D5A7-476A-BFB3-EDFF2840076A}\setup.exe" -l0x9
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vuze-->C:\Program Files\Vuze\uninstall.exe
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See KB886612 for more information]-->C:\WINDOWS\$NtUninstallKB886612$\spuninst\spuninst.exe
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wireless Switch Setting Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}\Setup.exe" -l0x9

======Hosts File======

127.0.0.1 localhost
::1 localhost
91.212.127.226 winwarepro.microsoft.com
91.212.127.226 winwarepro.com
91.212.127.226 www.winwarepro.com

======Security center information======

AV: avast! antivirus 4.8.1351 [VPS 091107-0] (disabled)

======System event log======

Computer Name: CHOMPER
Event Code: 2505
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{562E49FA-4568-466F-8F14-F0EBE8503C89} because another computer on the network has the same name. The server could not start.

Record Number: 30553
Source Name: Server
Time Written: 20091022221008.000000-240
Event Type: error
User:

Computer Name: CHOMPER
Event Code: 1002
Message: The IP address lease 172.25.22.145 for the Network Card with network address 0018DE09C690 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 30548
Source Name: Dhcp
Time Written: 20091022221003.000000-240
Event Type: error
User:

Computer Name: CHOMPER
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018DE09C690. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 30541
Source Name: Dhcp
Time Written: 20091022183418.000000-240
Event Type: warning
User:

Computer Name: CHOMPER
Event Code: 1006
Message: Your computer was unable to automatically configure the IP parameters for
the Network Card with the network address 0018DE09C690. The following error occurred
during configuration: The DHCP client has obtained an IP address that is already in use on the network. The local interface will be disabled until the DHCP client can obtain a new address.
.

Record Number: 30441
Source Name: Dhcp
Time Written: 20091020110032.000000-240
Event Type: warning
User:

Computer Name: CHOMPER
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 0018DE09C690. The IP address being used is 169.254.20.208.

Record Number: 30379
Source Name: Dhcp
Time Written: 20091019192117.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: CHOMPER
Event Code: 1002
Message: Hanging application WINWORD.EXE, version 11.0.5604.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 12867
Source Name: Application Hang
Time Written: 20090309161851.000000-300
Event Type: error
User:

Computer Name: CHOMPER
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16762, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 12716
Source Name: Application Hang
Time Written: 20090204171510.000000-300
Event Type: error
User:

Computer Name: CHOMPER
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 12576
Source Name: WinMgmt
Time Written: 20090117015117.000000-300
Event Type: warning
User: CHOMPER\Donna

Computer Name: CHOMPER
Event Code: 1517
Message: Windows saved user CHOMPER\Donna registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 12501
Source Name: Userenv
Time Written: 20090116223636.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: CHOMPER
Event Code: 1517
Message: Windows saved user CHOMPER\Donna registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 12198
Source Name: Userenv
Time Written: 20080329150034.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\Wireless\Bin;C:\Program Files\Common Files\Thunder Network\KanKan\Codecs;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Donna at 2009-11-07 16:40:27
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 53 GB (76%) free of 70 GB
Total RAM: 1022 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:10:26 PM, on 11/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ForeScout SecureConnector\SecureConnector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Donna\Local Settings\Application Data\yhslik\xepdsysguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\DOCUME~1\Donna\LOCALS~1\Temp\a1re1f0q.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 winwarepro.microsoft.com
O1 - Hosts: 91.212.127.226 winwarepro.com
O1 - Hosts: 91.212.127.226 www.winwarepro.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [BearShare] "F:\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SecureConnector] "C:\Program Files\ForeScout SecureConnector\SecureConnector.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxkugiym] C:\Documents and Settings\Donna\Local Settings\Application Data\yhslik\xepdsysguard.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [lxkugiym] C:\Documents and Settings\Donna\Local Settings\Application Data\yhslik\xepdsysguard.exe
O4 - HKCU\..\Run: [BackUp Windows 2009] C:\DOCUME~1\Donna\LOCALS~1\Temp\a1re1f0q.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/m010g/EN/install/gtdownlr.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O20 - AppInit_DLLs: hawivobi.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: N24dan - Micro Vision Co.,Ltd - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SMART Board Service - SMART Technologies - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10897 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6D223F6-C185-49a2-BA7E-A03E84744702}]
BHO - C:\WINDOWS\system32\iehelper.dll [2009-11-07 12032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-17 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-17 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-17 118784]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-11-17 118784]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-02-28 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-02-28 602182]
"EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2006-02-28 569413]
"SonyPowerCfg"=C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2006-06-13 217088]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2004-02-20 32768]
"VAIO Update 2"=C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe [2005-10-11 151552]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-20 7561216]
"Biomenu"=C:\Program Files\Protector Suite QL\menusw.exe [2006-02-22 1354240]
"Switcher.exe"=C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2006-02-14 176128]
"VAIOCameraUtility"=C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe [2005-12-27 69632]
"VAIO Recovery"=C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [2003-04-19 28672]
"BearShare"=F:\BearShare\BearShare.exe /pause []
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"SecureConnector"=C:\Program Files\ForeScout SecureConnector\SecureConnector.exe [2009-10-07 823824]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"lxkugiym"=C:\Documents and Settings\Donna\Local Settings\Application Data\yhslik\xepdsysguard.exe [2009-11-07 251136]
"nuvetujij"=c:\windows\system32\yujukumi.dll [2009-08-07 92672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2006-05-08 81920]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-10-15 2000112]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2005-09-18 1421824]
"lxkugiym"=C:\Documents and Settings\Donna\Local Settings\Application Data\yhslik\xepdsysguard.exe [2009-11-07 251136]
"BackUp Windows 2009"=C:\DOCUME~1\Donna\LOCALS~1\Temp\a1re1f0q.exe [2009-11-07 15001]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1159984807\ee\AOLSoftware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE REBOOT []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
c:\program files\sony\vaio survey\surveysa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
C:\PROGRA~1\TRENDM~1\Tmas\Tmas.exe [2006-10-04 1310720]

C:\Documents and Settings\Donna\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\yujukumi.dll,hawivobi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-06 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-17 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\fusstub.dll [2006-02-22 39936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\WINDOWS\system32\VESWinlogon.dll [2006-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
wiperodig - {31721238-fbeb-482a-94b0-7a3d179f4374} - c:\windows\system32\yujukumi.dll [2009-08-07 92672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
gahurihor - {31721238-fbeb-482a-94b0-7a3d179f4374} - c:\windows\system32\yujukumi.dll [2009-08-07 92672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"=C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-10-04 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
fusstub
migunugo.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0
"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe"="C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe:*:Enabled:SMART SNMPAgent"
"C:\Program Files\SMART Technologies\SMART Board Drivers\UCService.exe"="C:\Program Files\SMART Technologies\SMART Board Drivers\UCService.exe:*:Enabled:SMART SNMPAgent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe"="C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe:*:Enabled:Thunder"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Sony\VAIO Event Service\VESMgr.exe"="C:\Program Files\Sony\VAIO Event Service\VESMgr.exe:*:Enabled:VESMgr"
"C:\Program Files\Alwil Software\Avast4\ashServ.exe"="C:\Program Files\Alwil Software\Avast4\ashServ.exe:*:Enabled:ashServ"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f144c72-53ce-11db-9582-806d6172696f}]
shell\AutoRun\command - I:\sony\Autorun.exe


======List of files/folders created in the last 1 months======

2009-11-07 16:40:27 ----D---- C:\rsit
2009-11-07 16:40:22 ----SH---- C:\WINDOWS\system32\notabage.exe
2009-11-07 16:30:50 ----D---- C:\WINDOWS\ERDNT
2009-11-07 16:29:24 ----D---- C:\Program Files\ERUNT
2009-11-07 16:10:03 ----A---- C:\WINDOWS\system32\iehelper.dll
2009-11-07 15:33:59 ----A---- C:\luobk.exe
2009-11-06 19:19:54 ----D---- C:\Program Files\PeerGuardian2
2009-11-06 19:13:51 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2009-11-06 19:13:49 ----D---- C:\Documents and Settings\Donna\Application Data\Azureus
2009-11-06 19:13:05 ----D---- C:\Program Files\Vuze
2009-10-16 04:09:20 ----D---- C:\Program Files\SDP Multimedia
2009-10-16 02:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-16 02:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-16 02:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-16 02:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-16 02:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-15 23:54:29 ----D---- C:\NYLS
2009-10-15 20:27:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-15 20:25:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 20:24:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-15 20:24:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-12 13:38:59 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$

======List of files/folders modified in the last 1 months======

2009-11-07 16:40:22 ----D---- C:\WINDOWS\system32
2009-11-07 16:40:14 ----D---- C:\WINDOWS\Prefetch
2009-11-07 16:34:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-07 16:34:08 ----D---- C:\WINDOWS\system32\drivers
2009-11-07 16:30:50 ----D---- C:\WINDOWS
2009-11-07 16:29:24 ----RD---- C:\Program Files
2009-11-07 16:27:42 ----D---- C:\WINDOWS\Temp
2009-11-07 16:26:29 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-07 16:10:03 ----D---- C:\Program Files\Trend Micro
2009-11-07 16:07:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-07 15:56:54 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-07 15:42:00 ----D---- C:\WINDOWS\system32\Restore
2009-11-07 15:33:59 ----D---- C:\WINDOWS\system32\wbem
2009-11-07 11:07:35 ----HD---- C:\WINDOWS\inf
2009-11-06 10:46:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-06 00:56:54 ----D---- C:\Documents and Settings\Donna\Application Data\vlc
2009-11-05 22:17:34 ----D---- C:\WINDOWS\Help
2009-11-05 03:09:08 ----D---- C:\WINDOWS\ie8updates
2009-11-05 03:07:50 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-02 15:46:33 ----SHD---- C:\WINDOWS\Installer
2009-11-02 15:46:33 ----SHD---- C:\Config.Msi
2009-11-02 15:46:09 ----RSD---- C:\WINDOWS\assembly
2009-11-02 15:46:08 ----D---- C:\Program Files\SMART Technologies
2009-11-02 15:45:20 ----RSD---- C:\WINDOWS\Fonts
2009-11-02 15:45:03 ----D---- C:\Documents and Settings\All Users\Application Data\SMART Technologies
2009-11-02 15:45:02 ----D---- C:\Program Files\Common Files\SMART Technologies
2009-11-02 15:40:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-02 15:40:11 ----D---- C:\Program Files\Sony
2009-11-02 14:49:24 ----D---- C:\Program Files\DivX
2009-11-02 14:44:08 ----D---- C:\Program Files\WinTin++
2009-11-02 01:49:38 ----D---- C:\Program Files\MSN Gaming Zone
2009-11-01 12:06:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-31 11:14:59 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-31 11:14:49 ----D---- C:\Documents and Settings\Donna\Application Data\Adobe
2009-10-22 04:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-20 01:06:59 ----D---- C:\WINDOWS\network diagnostic
2009-10-16 04:24:02 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-16 02:51:00 ----D---- C:\Program Files\Internet Explorer
2009-10-16 02:04:28 ----D---- C:\WINDOWS\WinSxS
2009-10-16 02:01:52 ----A---- C:\WINDOWS\imsins.BAK
2009-10-15 23:52:39 ----D---- C:\Program Files\SUPERAntiSpyware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-07-22 21275]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 FdRedir;FdRedir; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys []
R2 FileDisk2;FileDisk Protector Kernel Driver; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-02-28 13568]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-22 108767]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-18 202112]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
R3 Mvc25U870_VID_1262&PID_25FD;Sony Visual Communication Camera VGP-VCC2; C:\WINDOWS\System32\Drivers\Mvc25U870.sys [2005-12-29 55680]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-20 3662400]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\Drivers\SonyNC.sys [2000-11-09 48896]
R3 SonyImgF;Sony Image Conversion Filter Driver; C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 30080]
R3 SPI;Sony Programmable I/O Control Device; C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2003-06-18 71961]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-05-26 1177032]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-02-22 28800]
R3 ti21sony;ti21sony; C:\WINDOWS\system32\drivers\ti21sony.sys [2007-01-24 808448]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-02-26 1428480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-10-17 241408]
S1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-17 1353820]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-02-28 5888]
S3 RTCore32;RTCore32; \??\C:\Program Files\RMClock\RTCore32.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-02-10 47488]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-04-13 108928]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-03-16 37632]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-02-08 62848]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2006-03-15 52864]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-02-24 40192]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-02-28 114753]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-20 143428]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-02-28 217164]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-02-28 540745]
R2 SMART Board Service;SMART Board Service; C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe [2009-01-25 2228224]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2006-04-13 176128]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-13 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 32768]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-04-27 53337]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-04-27 49241]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service; C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe [2009-01-25 1044480]
S3 SMART Web Server;SMART Web Server; C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe [2009-01-25 1216512]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-04-27 69718]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2006-06-13 2084864]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2006-05-18 57344]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2006-05-18 770048]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2006-06-07 155648]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

IMPORTANT!! Please disable these programs (if present) before proceed with our fixes.. . Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

1. avast! Antiviru
2. Trend Micro Anti-Spyware


Do you know anything about this folder? C:\NYLS



Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O1 - Hosts: 91.212.127.226 winwarepro.microsoft.com
O1 - Hosts: 91.212.127.226 winwarepro.com
O1 - Hosts: 91.212.127.226 www.winwarepro.com
O4 - HKLM\..\Run: [lxkugiym] C:\Documents and Settings\Donna\Local Settings\Application Data\yhslik\xepdsysguard.exe
O4 - HKCU\..\Run: [lxkugiym] C:\Documents and Settings\Donna\Local Settings\Application Data\yhslik\xepdsysguard.exe
O4 - HKCU\..\Run: [BackUp Windows 2009] C:\DOCUME~1\Donna\LOCALS~1\Temp\a1re1f0q.exe
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O20 - AppInit_DLLs: hawivobi.dll


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please download the OTM by OldTimer

• Save it to your Desktop.
• Please double-click OTM to run it. (Vista users, please right click on OTM and select "Run as an Administrator")
• Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)
  
  
  CODE
  :processes
  explorer.exe
  
  :services
  
  :files
  C:\Documents and Settings\Donna\Local Settings\Application Data\yhslik
  C:\DOCUME~1\Donna\LOCALS~1\Temp\*.*
  C:\WINDOWS\system32\iehelper.dll
  c:\windows\system32\yujukumi.dll
  C:\WINDOWS\system32\notabage.exe
  C:\luobk.exe
  
  :reg
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6D223F6-C185-49a2-BA7E-A03E84744702}]
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "lxkugiym"=-
  "nuvetujij"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "lxkugiym"=-
  "BackUp Windows 2009"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  "AppInit_DLLS"=""
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
  "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f144c72-53ce-11db-9582-806d6172696f}]
  
  :commands
  [purity]
  [emptytemp]
  [start explorer]
  [reboot]
  
  
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTM
2. RSIT log.txt

This post has been edited by fenzodahl512: Nov 7 2009, 04:26 PM

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\Documents and Settings\Donna\Local Settings\Application Data\yhslik moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\07e03703.exe moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\18be6a.mst moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\1F1205F7.TMP moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\2121_appcompat.txt moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\3dcc_appcompat.txt moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\3ef8_appcompat.txt moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\7dd1_appcompat.txt moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\889f_appcompat.txt moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\a1re1f0q.exe moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\ab20_appcompat.txt moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\bdec8932.exe moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\cc2log.txt moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\connect_result.log moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\Double Chocolate Chunk Cookies.doc moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\etilqs_Jdq1oMUBkTQPgQuDNTMg moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\etilqs_nfPvAugWA7iOb4bDIAls moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\etilqs_nfPvAugWA7iOb4bDIAls-journal moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\etilqs_pyy6oygHgxUO3Mltui1z moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\etilqs_WslztPA4lvalC0uw6fTe moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\etilqs_WslztPA4lvalC0uw6fTe-journal moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\fla28.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\flaC1.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\flaC2.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\flaE6.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\flaE7.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\flaF.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\FSA11.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\FSA13.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\FSA17.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\FSA22.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\FSA2B.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\FSA3.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\FSA32.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\FSA35.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\FSA3A9.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\FSA4.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\FSA5.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\FSA57.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\FSA6A.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\FSA7E.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\FSABB.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\FSABC.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\FSACD.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\FSAD4.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\fs_action_13143.bat moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\habnf88jkefh87ifiks.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\hunter_essay[1].doc moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\i4jdel0.exe moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\image001.gif moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\is1E.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\java_install_reg.log moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\java_install_sp.log moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\jinstall.cfg moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\jre-6u15-windows-i586-iftw.exe moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\jusched.log moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\Mr Epstein- Observation #2.doc moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\MSI1A.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\Perflib_Perfdata_b00.dat moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\QTInstallCode.log moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\sbgxz.exe moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\set1C.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\set1F.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\set25.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\Set28.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\Set29.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\Set2A.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\Set2B.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\set2C.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\Set35.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\set36.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\Set39.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\Set3A.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\SSUPDATE.EXE moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\TWAIN.LOG moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\Twain001.Mtx moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\Twunk001.MTX moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\Twunk002.MTX moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\wmplog00.sqm moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF171.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF1907.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF1CD4.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF211C.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF2537.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF275.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF29D3.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF2A62.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF2BA3.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF2BE3.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF334E.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF35F9.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF40F9.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF472A.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF48DD.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF4AE2.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF4C43.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF4D18.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF4EC.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF51AE.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF5224.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF5300.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF539C.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF5BAE.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF5E8B.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF5FD.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF6245.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF6D29.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF6DE5.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF7565.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF76EA.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF77A4.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF7E7B.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF7EBF.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF8116.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF8128.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF823C.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF82CE.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF8478.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF8860.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF88FC.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF89FC.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF94A1.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF9A91.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DF9A9D.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DFA242.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DFA95B.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DFB295.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DFB8A4.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DFBA48.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DFBDAF.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DFCC6C.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DFD291.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DFD766.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DFE00.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DFE11.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DFE90A.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DFF514.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DFF5A9.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~DFFC5A.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~TM7C.tmp moved successfully.
C:\DOCUME~1\Donna\LOCALS~1\Temp\~WRD0002.doc moved successfully.
C:\WINDOWS\system32\iehelper.dll unregistered successfully.
C:\WINDOWS\system32\iehelper.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\yujukumi.dll
c:\windows\system32\yujukumi.dll NOT unregistered.
c:\windows\system32\yujukumi.dll moved successfully.
C:\WINDOWS\system32\notabage.exe moved successfully.
C:\luobk.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6D223F6-C185-49a2-BA7E-A03E84744702}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B6D223F6-C185-49a2-BA7E-A03E84744702}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\lxkugiym not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nuvetujij deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\lxkugiym not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BackUp Windows 2009 not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f144c72-53ce-11db-9582-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f144c72-53ce-11db-9582-806d6172696f}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Denny

User: Donna
->Temp folder emptied: 8947500 bytes
File delete failed. C:\Documents and Settings\Donna\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 6968813 bytes
->Java cache emptied: 19981442 bytes
->FireFox cache emptied: 45547382 bytes
->Apple Safari cache emptied: 12892526 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 84844 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 118283897 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3052561 bytes
File delete failed. C:\WINDOWS\temp\inf1clrg.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied: 21235836 bytes
RecycleBin emptied: 495852986 bytes

Total Files Cleaned = 699.01 mb


OTM by OldTimer - Version 3.0.0.6 log created on 11072009_175144

Files moved on Reboot...
C:\WINDOWS\temp\inf1clrg.tmp moved successfully.

Registry entries deleted on Reboot...




Logfile of random's system information tool 1.06 (written by random/random)
Run by Donna at 2009-11-07 17:58:48
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 54 GB (77%) free of 70 GB
Total RAM: 1022 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:58 PM, on 11/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Donna\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Donna.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [BearShare] "F:\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nuvetujij] Rundll32.exe "c:\windows\system32\yujukumi.dll",a
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/m010g/EN/install/gtdownlr.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{562E49FA-4568-466F-8F14-F0EBE8503C89}: NameServer = 77.74.48.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{8180F9BF-A109-4231-B621-CF488F487C37}: NameServer = 77.74.48.113
O20 - AppInit_DLLs: hawivobi.dll c:\windows\system32\yujukumi.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: wiperodig - {31721238-fbeb-482a-94b0-7a3d179f4374} - c:\windows\system32\yujukumi.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {31721238-fbeb-482a-94b0-7a3d179f4374} - c:\windows\system32\yujukumi.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: N24dan - Micro Vision Co.,Ltd - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SMART Board Service - SMART Technologies - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10871 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-17 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-17 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-17 118784]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-11-17 118784]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-02-28 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-02-28 602182]
"EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2006-02-28 569413]
"SonyPowerCfg"=C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2006-06-13 217088]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2004-02-20 32768]
"VAIO Update 2"=C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe [2005-10-11 151552]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-20 7561216]
"Biomenu"=C:\Program Files\Protector Suite QL\menusw.exe [2006-02-22 1354240]
"Switcher.exe"=C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2006-02-14 176128]
"VAIOCameraUtility"=C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe [2005-12-27 69632]
"VAIO Recovery"=C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [2003-04-19 28672]
"BearShare"=F:\BearShare\BearShare.exe /pause []
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"nuvetujij"=c:\windows\system32\yujukumi.dll,a []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2006-05-08 81920]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-10-15 2000112]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2005-09-18 1421824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1159984807\ee\AOLSoftware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE REBOOT []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
c:\program files\sony\vaio survey\surveysa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
C:\PROGRA~1\TRENDM~1\Tmas\Tmas.exe -autostart []

C:\Documents and Settings\Donna\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="hawivobi.dll c:\windows\system32\yujukumi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-06 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-17 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\fusstub.dll [2006-02-22 39936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\WINDOWS\system32\VESWinlogon.dll [2006-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
wiperodig - {31721238-fbeb-482a-94b0-7a3d179f4374} - c:\windows\system32\yujukumi.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
gahurihor - {31721238-fbeb-482a-94b0-7a3d179f4374} - c:\windows\system32\yujukumi.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
migunugo.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0
"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe"="C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe:*:Enabled:SMART SNMPAgent"
"C:\Program Files\SMART Technologies\SMART Board Drivers\UCService.exe"="C:\Program Files\SMART Technologies\SMART Board Drivers\UCService.exe:*:Enabled:SMART SNMPAgent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe"="C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe:*:Enabled:Thunder"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Sony\VAIO Event Service\VESMgr.exe"="C:\Program Files\Sony\VAIO Event Service\VESMgr.exe:*:Enabled:VESMgr"
"C:\Program Files\Alwil Software\Avast4\ashServ.exe"="C:\Program Files\Alwil Software\Avast4\ashServ.exe:*:Enabled:ashServ"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-11-07 17:51:44 ----D---- C:\_OTM
2009-11-07 16:40:31 ----SH---- C:\WINDOWS\system32\winasara.exe
2009-11-07 16:40:27 ----D---- C:\rsit
2009-11-07 16:30:50 ----D---- C:\WINDOWS\ERDNT
2009-11-07 16:29:24 ----D---- C:\Program Files\ERUNT
2009-11-06 19:19:54 ----D---- C:\Program Files\PeerGuardian2
2009-11-06 19:13:51 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2009-11-06 19:13:49 ----D---- C:\Documents and Settings\Donna\Application Data\Azureus
2009-11-06 19:13:05 ----D---- C:\Program Files\Vuze
2009-10-16 04:09:20 ----D---- C:\Program Files\SDP Multimedia
2009-10-16 02:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-16 02:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-16 02:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-16 02:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-16 02:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-15 23:54:29 ----D---- C:\NYLS
2009-10-15 20:27:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-15 20:25:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 20:24:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-15 20:24:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-12 13:38:59 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$

======List of files/folders modified in the last 1 months======

2009-11-07 17:56:20 ----D---- C:\WINDOWS\Temp
2009-11-07 17:52:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-07 17:52:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-07 17:51:55 ----D---- C:\WINDOWS\system32
2009-11-07 17:51:54 ----D---- C:\WINDOWS
2009-11-07 16:40:14 ----D---- C:\WINDOWS\Prefetch
2009-11-07 16:34:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-07 16:34:08 ----D---- C:\WINDOWS\system32\drivers
2009-11-07 16:29:24 ----RD---- C:\Program Files
2009-11-07 16:10:03 ----D---- C:\Program Files\Trend Micro
2009-11-07 15:56:54 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-07 15:42:00 ----D---- C:\WINDOWS\system32\Restore
2009-11-07 15:33:59 ----D---- C:\WINDOWS\system32\wbem
2009-11-07 11:07:35 ----HD---- C:\WINDOWS\inf
2009-11-06 10:46:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-06 00:56:54 ----D---- C:\Documents and Settings\Donna\Application Data\vlc
2009-11-05 22:17:34 ----D---- C:\WINDOWS\Help
2009-11-05 03:09:08 ----D---- C:\WINDOWS\ie8updates
2009-11-05 03:07:50 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-02 15:46:33 ----SHD---- C:\WINDOWS\Installer
2009-11-02 15:46:33 ----SHD---- C:\Config.Msi
2009-11-02 15:46:09 ----RSD---- C:\WINDOWS\assembly
2009-11-02 15:46:08 ----D---- C:\Program Files\SMART Technologies
2009-11-02 15:45:20 ----RSD---- C:\WINDOWS\Fonts
2009-11-02 15:45:03 ----D---- C:\Documents and Settings\All Users\Application Data\SMART Technologies
2009-11-02 15:45:02 ----D---- C:\Program Files\Common Files\SMART Technologies
2009-11-02 15:40:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-02 15:40:11 ----D---- C:\Program Files\Sony
2009-11-02 14:49:24 ----D---- C:\Program Files\DivX
2009-11-02 14:44:08 ----D---- C:\Program Files\WinTin++
2009-11-02 01:49:38 ----D---- C:\Program Files\MSN Gaming Zone
2009-11-01 12:06:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-31 11:14:59 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-31 11:14:49 ----D---- C:\Documents and Settings\Donna\Application Data\Adobe
2009-10-22 04:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-20 01:06:59 ----D---- C:\WINDOWS\network diagnostic
2009-10-16 04:24:02 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-16 02:51:00 ----D---- C:\Program Files\Internet Explorer
2009-10-16 02:04:28 ----D---- C:\WINDOWS\WinSxS
2009-10-16 02:01:52 ----A---- C:\WINDOWS\imsins.BAK
2009-10-15 23:52:39 ----D---- C:\Program Files\SUPERAntiSpyware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-07-22 21275]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 FdRedir;FdRedir; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys []
R2 FileDisk2;FileDisk Protector Kernel Driver; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-02-28 13568]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-22 108767]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-18 202112]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
R3 Mvc25U870_VID_1262&PID_25FD;Sony Visual Communication Camera VGP-VCC2; C:\WINDOWS\System32\Drivers\Mvc25U870.sys [2005-12-29 55680]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-20 3662400]
R3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\Drivers\SonyNC.sys [2000-11-09 48896]
R3 SonyImgF;Sony Image Conversion Filter Driver; C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 30080]
R3 SPI;Sony Programmable I/O Control Device; C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2003-06-18 71961]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-05-26 1177032]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-02-22 28800]
R3 ti21sony;ti21sony; C:\WINDOWS\system32\drivers\ti21sony.sys [2007-01-24 808448]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-02-26 1428480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-10-17 241408]
S1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-17 1353820]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-02-28 5888]
S3 RTCore32;RTCore32; \??\C:\Program Files\RMClock\RTCore32.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-02-10 47488]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-04-13 108928]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-03-16 37632]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-02-08 62848]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2006-03-15 52864]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-02-24 40192]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-02-28 114753]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-20 143428]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-02-28 217164]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-02-28 540745]
R2 SMART Board Service;SMART Board Service; C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe [2009-01-25 2228224]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2006-04-13 176128]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-13 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 32768]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-04-27 53337]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-04-27 49241]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service; C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe [2009-01-25 1044480]
S3 SMART Web Server;SMART Web Server; C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe [2009-01-25 1216512]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-04-27 69718]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2006-06-13 2084864]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2006-05-18 57344]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2006-05-18 770048]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2006-06-07 155648]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

There was also an error message when I rebooted:

RUNDLL
Error loading c:\windows\system32\yujukumi.dll
The specified module could not be found.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

ComboFix 09-11-07.02 - Donna 11/07/2009 18:28.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.529 [GMT -5:00]
Running from: c:\documents and settings\Donna\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091107-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-83742158-4135017773-699860736-1003
c:\recycler\S-1-5-21-86564445-2952789227-1238152795-1003
c:\windows\setup.exe
c:\windows\system32\hawivobi.dll
c:\windows\system32\jazejumi.dll
c:\windows\system32\migunugo.dll
c:\windows\system32\wbem\proquota.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-11-07 23:34 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-07 23:34 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-07 22:51 . 2009-11-07 22:51 -------- d-----w- C:\_OTM
2009-11-07 21:40 . 2009-11-07 21:40 1278496 --sh--w- c:\windows\system32\winasara.exe
2009-11-07 21:40 . 2009-11-07 21:40 -------- d-----w- C:\rsit
2009-11-07 21:29 . 2009-11-07 21:29 -------- d-----w- c:\program files\ERUNT
2009-11-07 00:19 . 2009-11-07 23:37 -------- d-----w- c:\program files\PeerGuardian2
2009-11-07 00:13 . 2009-11-07 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-11-07 00:13 . 2009-11-07 20:27 -------- d-----w- c:\documents and settings\Donna\Application Data\Azureus
2009-11-07 00:13 . 2009-11-07 00:13 -------- d-----w- c:\program files\Vuze
2009-10-16 09:09 . 2009-10-16 09:09 -------- d-----w- c:\program files\SDP Multimedia
2009-10-16 04:54 . 2009-10-16 04:54 -------- d-----w- C:\NYLS
2009-10-12 18:13 . 2009-09-11 14:18 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-10-12 18:13 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-10-12 18:13 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-10-12 18:13 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 21:34 . 2009-06-23 01:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 21:10 . 2006-10-04 17:53 -------- d-----w- c:\program files\Trend Micro
2009-11-06 05:56 . 2009-10-06 21:20 -------- d-----w- c:\documents and settings\Donna\Application Data\vlc
2009-11-02 20:46 . 2009-03-18 13:03 -------- d-----w- c:\program files\SMART Technologies
2009-11-02 20:45 . 2009-03-18 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SMART Technologies
2009-11-02 20:45 . 2009-03-18 13:03 -------- d-----w- c:\program files\Common Files\SMART Technologies
2009-11-02 20:40 . 2006-07-22 17:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-02 20:40 . 2006-07-22 18:24 -------- d-----w- c:\program files\Sony
2009-11-02 19:49 . 2008-01-27 21:41 -------- d-----w- c:\program files\DivX
2009-11-02 19:44 . 2009-06-11 18:17 -------- d-----w- c:\program files\WinTin++
2009-10-16 04:52 . 2009-01-17 05:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-07 18:33 . 2006-10-15 03:52 56680 ----a-w- c:\documents and settings\Donna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-07 16:52 . 2009-04-25 04:40 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-10-07 16:52 . 2009-04-25 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-10-07 16:52 . 2006-07-22 18:38 -------- d-----w- c:\program files\Roxio
2009-10-07 15:04 . 2009-06-16 23:55 -------- d-----w- c:\program files\ForeScout SecureConnector
2009-10-06 21:17 . 2009-10-06 21:17 -------- d-----w- c:\program files\VideoLAN
2009-09-18 20:48 . 2006-07-22 18:11 -------- d-----w- c:\program files\Java
2009-09-18 20:47 . 2009-09-18 20:47 152576 ----a-w- c:\documents and settings\Donna\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-17 23:03 . 2009-09-17 23:03 -------- d-----w- c:\program files\RMClock
2009-09-11 14:18 . 2006-07-22 01:31 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-06-23 01:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-06-23 01:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 20:40 . 2009-05-14 19:05 117760 ----a-w- c:\documents and settings\Donna\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-09-04 21:03 . 2006-07-22 01:31 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-07-22 01:31 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2006-07-22 01:31 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 16:10 . 2009-01-17 04:59 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-01-17 04:59 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-01-17 04:59 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-01-17 04:59 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-01-17 04:59 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-01-17 04:59 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-01-17 04:59 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-01-17 04:59 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-01-17 04:59 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-03-21 17:19 . 2009-03-21 17:19 7522240 ----a-w- c:\program files\Firefox Setup 3.0.7.exe
2009-08-07 21:39 . 2009-08-07 21:39 32768 --sha-w- c:\windows\system32\godanihe.exe
2009-08-07 21:39 . 2009-08-07 21:39 44032 --sha-w- c:\windows\system32\kujonuva.exe
2009-08-07 21:39 . 2009-08-07 21:39 45056 --sha-w- c:\windows\system32\wuniferi.dll
2009-08-07 21:39 . 2009-08-07 21:39 39424 --sha-w- c:\windows\system32\zodofigu.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-16 2000112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7561216]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

c:\documents and settings\Donna\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 20:40 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-23 01:11 39936 ----a-w- c:\windows\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\UCService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [7/21/2006 8:31 PM 9216]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/16/2009 11:59 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 11:06 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 11:05 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/16/2009 11:59 PM 20560]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 8:13 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 8:13 PM 33024]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/15/2007 1:32 PM 24652]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/21/2006 8:31 PM 36352]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 11:06 AM 7408]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/21/2006 8:31 PM 30080]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [7/21/2006 8:31 PM 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/21/2006 8:31 PM 808448]
S3 N24dan;N24dan; [x]
S3 RTCore32;RTCore32;c:\program files\RMClock\RTCore32.sys [9/17/2009 6:03 PM 4608]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe [1/25/2009 10:10 PM 1044480]
S3 SMART Web Server;SMART Web Server;c:\program files\SMART Technologies\SMART Board Drivers\WebServer.exe [1/25/2009 9:59 PM 1216512]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PGFILTER
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: westlaw.com
TCP: {562E49FA-4568-466F-8F14-F0EBE8503C89} = 77.74.48.113
TCP: {8180F9BF-A109-4231-B621-CF488F487C37} = 77.74.48.113
FF - ProfilePath - c:\documents and settings\Donna\Application Data\Mozilla\Firefox\Profiles\hjo1w4qi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\Donna\Application Data\Mozilla\Firefox\Profiles\hjo1w4qi.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{7371d466-953b-4a55-acf8-5d227a8ff854} - jazejumi.dll
HKLM-Run-BearShare - f:\bearshare\BearShare.exe
HKLM-Run-nuvetujij - c:\windows\system32\yujukumi.dll
HKLM-Run-zepewonawo - migunugo.dll
SharedTaskScheduler-{31721238-fbeb-482a-94b0-7a3d179f4374} - c:\windows\system32\yujukumi.dll
SSODL-wiperodig-{31721238-fbeb-482a-94b0-7a3d179f4374} - c:\windows\system32\yujukumi.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 18:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\MiscStatus\1]
@DACL=(02 0000)
@="131473"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\PSLogon.dll
c:\program files\Protector Suite QL\vrlogon.dll
c:\program files\Protector Suite QL\ExtVapi.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\fusstub.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\AlgVer.dll
c:\program files\Protector Suite QL\TCBioLib.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'Explorer.exe'(3924)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Apoint\Apntex.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-11-07 18:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-07 23:41

Pre-Run: 56,425,930,752 bytes free
Post-Run: 56,316,121,088 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 48D7F350338B93987ED9C60CE15CB1C4




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:04 PM, on 11/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/m010g/EN/install/gtdownlr.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{562E49FA-4568-466F-8F14-F0EBE8503C89}: NameServer = 77.74.48.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{8180F9BF-A109-4231-B621-CF488F487C37}: NameServer = 77.74.48.113
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: N24dan - Micro Vision Co.,Ltd - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SMART Board Service - SMART Technologies - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10306 bytes

1. Please open Notepad

• If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter

2. Now copy/paste the entire content of the codebox below into the Notepad window:



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

ComboFix 09-11-07.02 - 11/07/2009 18:57.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.592 [GMT -5:00]
Running from: c:\documents and settings\Donna\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Donna\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091107-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\godanihe.exe"
"c:\windows\system32\kujonuva.exe"
"c:\windows\system32\winasara.exe"
"c:\windows\system32\wuniferi.dll"
"c:\windows\system32\zodofigu.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\godanihe.exe
c:\windows\system32\kujonuva.exe
c:\windows\system32\winasara.exe
c:\windows\system32\wuniferi.dll
c:\windows\system32\zodofigu.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_N24dan


((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))
.

2009-11-07 23:34 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-07 23:34 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-07 22:51 . 2009-11-07 22:51 -------- d-----w- C:\_OTM
2009-11-07 21:40 . 2009-11-07 21:40 -------- d-----w- C:\rsit
2009-11-07 21:29 . 2009-11-07 21:29 -------- d-----w- c:\program files\ERUNT
2009-11-07 00:19 . 2009-11-08 00:05 -------- d-----w- c:\program files\PeerGuardian2
2009-11-07 00:13 . 2009-11-07 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-11-07 00:13 . 2009-11-07 20:27 -------- d-----w- c:\documents and settings\Donna\Application Data\Azureus
2009-11-07 00:13 . 2009-11-07 00:13 -------- d-----w- c:\program files\Vuze
2009-10-16 09:09 . 2009-10-16 09:09 -------- d-----w- c:\program files\SDP Multimedia
2009-10-16 04:54 . 2009-10-16 04:54 -------- d-----w- C:\NYLS
2009-10-12 18:13 . 2009-09-11 14:18 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-10-12 18:13 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-10-12 18:13 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-10-12 18:13 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 21:34 . 2009-06-23 01:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 21:10 . 2006-10-04 17:53 -------- d-----w- c:\program files\Trend Micro
2009-11-06 05:56 . 2009-10-06 21:20 -------- d-----w- c:\documents and settings\Donna\Application Data\vlc
2009-11-02 20:46 . 2009-03-18 13:03 -------- d-----w- c:\program files\SMART Technologies
2009-11-02 20:45 . 2009-03-18 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SMART Technologies
2009-11-02 20:45 . 2009-03-18 13:03 -------- d-----w- c:\program files\Common Files\SMART Technologies
2009-11-02 20:40 . 2006-07-22 17:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-02 20:40 . 2006-07-22 18:24 -------- d-----w- c:\program files\Sony
2009-11-02 19:49 . 2008-01-27 21:41 -------- d-----w- c:\program files\DivX
2009-11-02 19:44 . 2009-06-11 18:17 -------- d-----w- c:\program files\WinTin++
2009-10-16 04:52 . 2009-01-17 05:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-07 18:33 . 2006-10-15 03:52 56680 ----a-w- c:\documents and settings\Donna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-07 16:52 . 2009-04-25 04:40 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-10-07 16:52 . 2009-04-25 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-10-07 16:52 . 2006-07-22 18:38 -------- d-----w- c:\program files\Roxio
2009-10-07 15:04 . 2009-06-16 23:55 -------- d-----w- c:\program files\ForeScout SecureConnector
2009-10-06 21:17 . 2009-10-06 21:17 -------- d-----w- c:\program files\VideoLAN
2009-09-18 20:48 . 2006-07-22 18:11 -------- d-----w- c:\program files\Java
2009-09-18 20:47 . 2009-09-18 20:47 152576 ----a-w- c:\documents and settings\Donna\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-17 23:03 . 2009-09-17 23:03 -------- d-----w- c:\program files\RMClock
2009-09-11 14:18 . 2006-07-22 01:31 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-06-23 01:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-06-23 01:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 20:40 . 2009-05-14 19:05 117760 ----a-w- c:\documents and settings\Donna\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-09-04 21:03 . 2006-07-22 01:31 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-07-22 01:31 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2006-07-22 01:31 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 16:10 . 2009-01-17 04:59 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-01-17 04:59 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-01-17 04:59 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-01-17 04:59 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-01-17 04:59 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-01-17 04:59 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-01-17 04:59 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-01-17 04:59 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-01-17 04:59 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-03-21 17:19 . 2009-03-21 17:19 7522240 ----a-w- c:\program files\Firefox Setup 3.0.7.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-11-07_23.37.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-08 00:03 . 2009-11-08 00:03 16384 c:\windows\Temp\Perflib_Perfdata_734.dat
+ 2009-11-08 00:03 . 2009-11-08 00:03 16384 c:\windows\Temp\Perflib_Perfdata_568.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-16 2000112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7561216]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

c:\documents and settings\Donna\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 20:40 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-23 01:11 39936 ----a-w- c:\windows\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\UCService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [7/21/2006 8:31 PM 9216]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/16/2009 11:59 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 11:06 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 11:05 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/16/2009 11:59 PM 20560]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 8:13 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 8:13 PM 33024]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/15/2007 1:32 PM 24652]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/21/2006 8:31 PM 36352]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 11:06 AM 7408]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/21/2006 8:31 PM 30080]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [7/21/2006 8:31 PM 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/21/2006 8:31 PM 808448]
S3 RTCore32;RTCore32;c:\program files\RMClock\RTCore32.sys [9/17/2009 6:03 PM 4608]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe [1/25/2009 10:10 PM 1044480]
S3 SMART Web Server;SMART Web Server;c:\program files\SMART Technologies\SMART Board Drivers\WebServer.exe [1/25/2009 9:59 PM 1216512]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: westlaw.com
TCP: {562E49FA-4568-466F-8F14-F0EBE8503C89} = 77.74.48.113
TCP: {8180F9BF-A109-4231-B621-CF488F487C37} = 77.74.48.113
FF - ProfilePath - c:\documents and settings\Donna\Application Data\Mozilla\Firefox\Profiles\hjo1w4qi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 2
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 19:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\PSLogon.dll
c:\program files\Protector Suite QL\vrlogon.dll
c:\program files\Protector Suite QL\ExtVapi.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\fusstub.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\AlgVer.dll
c:\program files\Protector Suite QL\TCBioLib.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'Explorer.exe'(3536)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Apoint\Apntex.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-11-08 19:10 - machine was rebooted [Donna]
ComboFix-quarantined-files.txt 2009-11-08 00:10
ComboFix2.txt 2009-11-07 23:42

Pre-Run: 56,307,195,904 bytes free
Post-Run: 56,263,917,568 bytes free

- - End Of File - - 21CCC8DC83E57F270665CA9918EB8D84





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:18 PM, on 11/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/m010g/EN/install/gtdownlr.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{562E49FA-4568-466F-8F14-F0EBE8503C89}: NameServer = 77.74.48.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{8180F9BF-A109-4231-B621-CF488F487C37}: NameServer = 77.74.48.113
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SMART Board Service - SMART Technologies - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10248 bytes

Now can you run Malwarebytes'? If yes, please run it and remove everything that it found.. Then post the log here.. If still can't just tell me

Sorry for the delay...

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

11/7/2009 8:55:26 PM
mbam-log-2009-11-07 (20-55-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 154701
Time elapsed: 1 hour(s), 27 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\_OTM\MovedFiles\11072009_175144\WINDOWS\system32\iehelper.dll (Trojan.BHO) -> Delete on reboot.

Well, how's the computer now?