View Full Version : Malware/Virus won't stay gone
Default Malware/Virus won't stay gone
My computer has lots of fake virus software pop ups and keeps logging me off. I've removed the threats several times, but they return. Please help.
I cannot post HJT log because my computer will not let me log in. It immediately logs me off.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:09 AM, on 2/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\temp\fold1\FAH504-Console.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Robert Varnadore\Application Data\SystemProc\lsass.exe
C:\Program Files\Common Files\AOL\1139368192\ee\AOLSoftware.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\MDM.EXE
C:\temp\fold1\FahCore_78.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\smss32.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\Documents and Settings\Robert Varnadore\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: C:\WINDOWS\system32\srveota.dll - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS\system32\srveota.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139368192\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vogipavibo] Rundll32.exe "kulagira.dll",s
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKLM\..\Run: [mizoruveg] Rundll32.exe "c:\windows\system32\gunowini.dll",a
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Gxegerisuba] rundll32.exe "C:\WINDOWS\efedicuv.dll",Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\Robert Varnadore\Application Data\SystemProc\lsass.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://*.buy-internetsecurity10.com
O15 - Trusted Zone: http://*.buy-is2010.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.is-software-download25.com
O15 - Trusted Zone: http://*.is10-soft-download.com
O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM)
O15 - Trusted Zone: http://*.buy-is2010.com (HKLM)
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll,voginuhu.dll c:\windows\system32\gunowini.dll c:\windows\system32\hibunevo.dll
O21 - SSODL: hulololef - {cab7e239-3160-47a1-a725-507ece1040d1} - c:\windows\system32\zuragiwu.dll (file missing)
O21 - SSODL: yawoforiw - {cf4cad8e-5b15-4484-9f4e-c6f091950e06} - c:\windows\system32\sobamehu.dll (file missing)
O21 - SSODL: feputohig - {ea111da5-6b61-4fa3-be46-5d0acc0418b5} - c:\windows\system32\sobamehu.dll (file missing)
O21 - SSODL: golagukez - {e826b5cb-2e45-4636-9e61-503bc9f2e654} - c:\windows\system32\sobamehu.dll (file missing)
O21 - SSODL: vevugejoz - {b86e294b-9bbb-489c-8a77-247035dc576f} - c:\windows\system32\hibunevo.dll
O21 - SSODL: natibaker - {872c8655-65c6-4919-8fc5-46d8c4f54395} - c:\windows\system32\riguhoyu.dll (file missing)
O21 - SSODL: sohewolih - {f9be83aa-ca92-4c67-a8c6-b2b0416c1ec7} - c:\windows\system32\kehitulo.dll (file missing)
O21 - SSODL: forufibig - {b33b8422-a6a6-4713-9d77-392b41681c73} - c:\windows\system32\riguhoyu.dll (file missing)
O21 - SSODL: hojobuduz - {96a21697-a5b4-4665-a1f2-557093ca4064} - c:\windows\system32\hibunevo.dll
O21 - SSODL: pimihebag - {74cc9f53-0d09-49b2-8462-379b4b8f0876} - c:\windows\system32\hibunevo.dll
O21 - SSODL: tijubopib - {35c061d0-836a-4749-aa45-414aa3e5eaef} - c:\windows\system32\hibunevo.dll
O21 - SSODL: korinales - {277483f4-169e-4283-8d0a-44eeeff2cc31} - c:\windows\system32\hibunevo.dll
O21 - SSODL: tewepitim - {3c82df3f-11ef-41df-ac75-1cb4a62440ed} - c:\windows\system32\hibunevo.dll
O21 - SSODL: vuzozojut - {bf148403-d621-4c2b-a52e-318659fbc453} - c:\windows\system32\hibunevo.dll
O21 - SSODL: tizujuluw - {d1e54f74-f1dc-43b2-8cf5-3349fcdd600e} - c:\windows\system32\gunowini.dll
O21 - SSODL: luwavowul - {79683124-4c1c-468b-96c3-215479c67e25} - c:\windows\system32\gunowini.dll
O22 - SharedTaskScheduler: kupuhivus - {cab7e239-3160-47a1-a725-507ece1040d1} - c:\windows\system32\zuragiwu.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {cf4cad8e-5b15-4484-9f4e-c6f091950e06} - c:\windows\system32\sobamehu.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {ea111da5-6b61-4fa3-be46-5d0acc0418b5} - c:\windows\system32\sobamehu.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {e826b5cb-2e45-4636-9e61-503bc9f2e654} - c:\windows\system32\sobamehu.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {b86e294b-9bbb-489c-8a77-247035dc576f} - c:\windows\system32\hibunevo.dll
O22 - SharedTaskScheduler: tokatiluy - {872c8655-65c6-4919-8fc5-46d8c4f54395} - c:\windows\system32\riguhoyu.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {f9be83aa-ca92-4c67-a8c6-b2b0416c1ec7} - c:\windows\system32\kehitulo.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {b33b8422-a6a6-4713-9d77-392b41681c73} - c:\windows\system32\riguhoyu.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {96a21697-a5b4-4665-a1f2-557093ca4064} - c:\windows\system32\hibunevo.dll
O22 - SharedTaskScheduler: gahurihor - {74cc9f53-0d09-49b2-8462-379b4b8f0876} - c:\windows\system32\hibunevo.dll
O22 - SharedTaskScheduler: gahurihor - {35c061d0-836a-4749-aa45-414aa3e5eaef} - c:\windows\system32\hibunevo.dll
O22 - SharedTaskScheduler: jugezatag - {277483f4-169e-4283-8d0a-44eeeff2cc31} - c:\windows\system32\hibunevo.dll
O22 - SharedTaskScheduler: mujuzedij - {3c82df3f-11ef-41df-ac75-1cb4a62440ed} - c:\windows\system32\hibunevo.dll
O22 - SharedTaskScheduler: kupuhivus - {bf148403-d621-4c2b-a52e-318659fbc453} - c:\windows\system32\hibunevo.dll
O22 - SharedTaskScheduler: gahurihor - {d1e54f74-f1dc-43b2-8cf5-3349fcdd600e} - c:\windows\system32\gunowini.dll
O22 - SharedTaskScheduler: kupuhivus - {79683124-4c1c-468b-96c3-215479c67e25} - c:\windows\system32\gunowini.dll
O22 - SharedTaskScheduler: lkjah87hfijgnfasidofgysgiughnjfkgfgdfgf - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS\system32\srveota.dll (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: http://forums.spybot.info/misc.php?do=email_dev&email=RkFIQEM6K3RlbXArZm9sZDErRkFINTA0LUNvbnNvbGUuZXhl - Stanford University - C:\temp\fold1\FAH504-Console.exe
O23 - Service: Google Update Service (gupdate1c9e48f2e706486) (gupdate1c9e48f2e706486) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 15326 bytes
Hi and Welcome, sorry for the delay the forum is really busy.
My name is Cypher, and I will be helping you with your malware problems.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
please note the following important guidelines.
The instructions being given are for YOUR computer and system only!.
Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
If you don't know or understand something, please don't hesitate to ask.
Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
Absence of symptoms does not mean that everything is clear.
Please DO NOT run any other tools or scans whilst I am helping you.
Please DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
Print each set of instructions... if possible...your Internet connection might not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
The logs from the tools we use can take some time to research so please be patient.
Please post an Uninstall list.
Open HijackThis.
Click on the Open the Misc Tools section button.
Look under System tools.
Click on the Open Uninstall Manager... button.
Click on the Save list... button.
It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
Notepad will open. Please post this log in your next reply.
Logs/Information to Post in your Next Reply
Uninstall list.
Please give me an update on your computers performance.
UNINSTALL LOG
#######################
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop Elements 4.0
Adobe Premiere Standard
Adobe Reader 7.0.5
Advertisement Service
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bonjour
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.00
CONNECT
Digidesign Mbox 2 Factory
Digidesign Pro Tools LE 7.0
Digidesign Shared Plug-Ins 7.0
DISCover
DSD Direct
DSD Playback Plug-in 1.0
DVgate Plus
Free Bomb Factory Plug-Ins 7.0
Google Chrome
Google Update Helper
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Image Converter 2 Plus
ImageStation
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
InterLok Driver Kit
InterVideo WinDVD for VAIO
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) SE Runtime Environment 6 Update 1
JEOPARDY! (remove only)
LaCie Device Updater
Memory Stick Formatter
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
MobileMe Control Panel
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netscape Browser (remove only)
NoteWorthy Composer
Office 2003 Trial Assistant
OpenMG Limited Patch 4.3-05-10-05-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.3.00
PC Magazine StartupCop Pro
PowerDesk 5.0
Quicken 2006
QuickTime
RealPlayer
Reason Adapted for Digidesign 3.0.1
Rhapsody Player Engine
Rhapsody Player Engine
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
Safari
Search Enhancement by AOL Search
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sibelius Scorch (ActiveX Only)
SigmaTel Audio
Sonic Encoders
SonicStage 3.3
SonicStage Mastering Studio 2.1
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Certificate PCH
Sony Download Taxi 1.5.0.0
Sony MP4 Shared Library
Sony TV Tuner Library 1.0
Sony Utilities DLL
Sony Video Shared Library
Spybot - Search & Destroy
SureThing CD Labeler Deluxe 4
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
USB2 Storage Adapter V3 (LaCie)
VAIO Breeze Wallpaper
VAIO Central
VAIO Edit Components
VAIO Entertainment Platform
VAIO Event Service
VAIO Light Flo Wallpaper
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen HD Normal Contents
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 2
VAIOSurveySA
Wheel of Fortune (remove only)
Windows Internet Explorer 8
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Wireless Desktop
Xerox Phaser 8200
COMPUTER PERFORMANCE UPDATE
###################################
Lots of fake antivirus popups, system apps like taskmanager refuse to open, system warnings aout infection, backgound replaced with a "you're infected" background, etc.
Hi jezzzzy.
Please continue with the instructions below.
Download/run Rkill:
Please download Rkill from one of the following links and save to your Desktop:
One (http://download.bleepingcomputer.com/grinler/rkill.exe), Two (http://download.bleepingcomputer.com/grinler/rkill.com),Three (http://download.bleepingcomputer.com/grinler/rkill.scr) or Four (http://download.bleepingcomputer.com/grinler/rkill.pif)
Double click on Rkill.
A command window will open then disappear upon completion, this is normal.
Please leave Rkill on the Desktop until otherwise advised.
Note: If your security software warns about Rkill, please ignore and allow the download to continue.
Next.
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.If you use Firefox browser Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Next.
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware (http://mbam.malwarebytes.org/program/random.php) and save to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Next.
RSIT (Random's System Information Tool)
Please download RSIT (http://images.malwareremoval.com/random/RSIT.exe) by random/random... and save it to your desktop.
Double click on RSIT.exe to run it.
Please read the disclaimer... click on Continue.
RSIT will start running. When done... 2 logs files...will be produced.
The first one, "log.txt", << will be maximized
The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)
Logs/Information to Post in your Next Reply
malwarebytes log.
RSIT log.txt file contents and info.txt file contents.
Please give me an update on your computers performance.
Malwarebytes won't install. Gives error code 707 (3,0).
RSIT Log.txt
######################
Logfile of random's system information tool 1.06 (written by random/random)
Run by Robert Varnadore at 2010-02-12 16:10:26
Microsoft Windows XP Professional Service Pack 3
System drive C: has 260 GB (87%) free of 298 GB
Total RAM: 1022 MB (55% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:10:31 PM, on 2/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\temp\fold1\FAH504-Console.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\temp\fold1\FahCore_78.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1139368192\ee\AOLSoftware.exe
C:\Documents and Settings\Robert Varnadore\Application Data\SystemProc\lsass.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\smss32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol toolbar\AolTbServer.exe
C:\WINDOWS\system32\MDM.EXE
C:\Documents and Settings\Robert Varnadore\Desktop\RSIT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Robert Varnadore\Desktop\Robert Varnadore.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: C:\WINDOWS\system32\srveota.dll - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS\system32\srveota.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139368192\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vogipavibo] Rundll32.exe "kulagira.dll",s
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKLM\..\Run: [mizoruveg] Rundll32.exe "c:\windows\system32\hibunevo.dll",a
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [Gxegerisuba] rundll32.exe "C:\WINDOWS\efedicuv.dll",Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\Robert Varnadore\Application Data\SystemProc\lsass.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://*.buy-internetsecurity10.com
O15 - Trusted Zone: http://*.buy-is2010.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.is-software-download25.com
O15 - Trusted Zone: http://*.is10-soft-download.com
O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM)
O15 - Trusted Zone: http://*.buy-is2010.com (HKLM)
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll,voginuhu.dll c:\windows\system32\hibunevo.dll c:\windows\system32\gunowini.dll
O21 - SSODL: hulololef - {cab7e239-3160-47a1-a725-507ece1040d1} - c:\windows\system32\zuragiwu.dll (file missing)
O21 - SSODL: yawoforiw - {cf4cad8e-5b15-4484-9f4e-c6f091950e06} - c:\windows\system32\sobamehu.dll (file missing)
O21 - SSODL: feputohig - {ea111da5-6b61-4fa3-be46-5d0acc0418b5} - c:\windows\system32\sobamehu.dll (file missing)
O21 - SSODL: golagukez - {e826b5cb-2e45-4636-9e61-503bc9f2e654} - c:\windows\system32\sobamehu.dll (file missing)
O21 - SSODL: vevugejoz - {b86e294b-9bbb-489c-8a77-247035dc576f} - c:\windows\system32\hibunevo.dll
O21 - SSODL: natibaker - {872c8655-65c6-4919-8fc5-46d8c4f54395} - c:\windows\system32\riguhoyu.dll (file missing)
O21 - SSODL: sohewolih - {f9be83aa-ca92-4c67-a8c6-b2b0416c1ec7} - c:\windows\system32\kehitulo.dll (file missing)
O21 - SSODL: forufibig - {b33b8422-a6a6-4713-9d77-392b41681c73} - c:\windows\system32\riguhoyu.dll (file missing)
O21 - SSODL: hojobuduz - {96a21697-a5b4-4665-a1f2-557093ca4064} - c:\windows\system32\hibunevo.dll
O21 - SSODL: pimihebag - {74cc9f53-0d09-49b2-8462-379b4b8f0876} - c:\windows\system32\hibunevo.dll
O21 - SSODL: tijubopib - {35c061d0-836a-4749-aa45-414aa3e5eaef} - c:\windows\system32\hibunevo.dll
O21 - SSODL: korinales - {277483f4-169e-4283-8d0a-44eeeff2cc31} - c:\windows\system32\hibunevo.dll
O21 - SSODL: tewepitim - {3c82df3f-11ef-41df-ac75-1cb4a62440ed} - c:\windows\system32\hibunevo.dll
O21 - SSODL: vuzozojut - {bf148403-d621-4c2b-a52e-318659fbc453} - c:\windows\system32\hibunevo.dll
O21 - SSODL: tizujuluw - {d1e54f74-f1dc-43b2-8cf5-3349fcdd600e} - c:\windows\system32\gunowini.dll
O21 - SSODL: luwavowul - {79683124-4c1c-468b-96c3-215479c67e25} - c:\windows\system32\gunowini.dll
O22 - SharedTaskScheduler: kupuhivus - {cab7e239-3160-47a1-a725-507ece1040d1} - c:\windows\system32\zuragiwu.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {cf4cad8e-5b15-4484-9f4e-c6f091950e06} - c:\windows\system32\sobamehu.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {ea111da5-6b61-4fa3-be46-5d0acc0418b5} - c:\windows\system32\sobamehu.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {e826b5cb-2e45-4636-9e61-503bc9f2e654} - c:\windows\system32\sobamehu.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {b86e294b-9bbb-489c-8a77-247035dc576f} - c:\windows\system32\hibunevo.dll
O22 - SharedTaskScheduler: tokatiluy - {872c8655-65c6-4919-8fc5-46d8c4f54395} - c:\windows\system32\riguhoyu.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {f9be83aa-ca92-4c67-a8c6-b2b0416c1ec7} - c:\windows\system32\kehitulo.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {b33b8422-a6a6-4713-9d77-392b41681c73} - c:\windows\system32\riguhoyu.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {96a21697-a5b4-4665-a1f2-557093ca4064} - c:\windows\system32\hibunevo.dll
O22 - SharedTaskScheduler: gahurihor - {74cc9f53-0d09-49b2-8462-379b4b8f0876} - c:\windows\system32\hibunevo.dll
O22 - SharedTaskScheduler: gahurihor - {35c061d0-836a-4749-aa45-414aa3e5eaef} - c:\windows\system32\hibunevo.dll
O22 - SharedTaskScheduler: jugezatag - {277483f4-169e-4283-8d0a-44eeeff2cc31} - c:\windows\system32\hibunevo.dll
O22 - SharedTaskScheduler: mujuzedij - {3c82df3f-11ef-41df-ac75-1cb4a62440ed} - c:\windows\system32\hibunevo.dll
O22 - SharedTaskScheduler: kupuhivus - {bf148403-d621-4c2b-a52e-318659fbc453} - c:\windows\system32\hibunevo.dll
O22 - SharedTaskScheduler: gahurihor - {d1e54f74-f1dc-43b2-8cf5-3349fcdd600e} - c:\windows\system32\gunowini.dll
O22 - SharedTaskScheduler: kupuhivus - {79683124-4c1c-468b-96c3-215479c67e25} - c:\windows\system32\gunowini.dll
O22 - SharedTaskScheduler: lkjah87hfijgnfasidofgysgiughnjfkgfgdfgf - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS\system32\srveota.dll (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FAH@C:+temp+fold1+FAH504-Console.exe - Stanford University - C:\temp\fold1\FAH504-Console.exe
O23 - Service: Google Update Service (gupdate1c9e48f2e706486) (gupdate1c9e48f2e706486) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 15042 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\xjyprcns.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4BF49A2-94F1-42BD-F034-3604811C807D}]
C:\WINDOWS\system32\srveota.dll - C:\WINDOWS\system32\srveota.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL Toolbar\aoltb.dll [2009-03-20 1279272]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HostManager"=C:\Program Files\Common Files\AOL\1139368192\ee\AOLSoftware.exe [2005-12-15 50792]
"VAIO Recovery"=C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [2003-04-19 28672]
"DigidesignMMERefresh"=C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2005-10-26 61440]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2005-09-27 81920]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-18 198160]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
"vogipavibo"=kulagira.dll,s []
"net"=C:\WINDOWS\system32\net.net [2010-01-12 57344]
"mizoruveg"=c:\windows\system32\hibunevo.dll [2009-09-18 91648]
"smss32.exe"=C:\WINDOWS\system32\smss32.exe [2010-02-12 37888]
"Gxegerisuba"=C:\WINDOWS\efedicuv.dll [2008-04-13 151040]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"RTHDBPL"=C:\Documents and Settings\Robert Varnadore\Application Data\SystemProc\lsass.exe [2010-01-13 60928]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"smss32.exe"=C:\WINDOWS\system32\smss32.exe [2010-02-12 37888]
"Internet Security 2010"=C:\Program Files\InternetSecurity2010\IS2010.exe [2010-01-21 1118720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="voginuhu.dll c:\windows\system32\hibunevo.dll c:\windows\system32\gunowini.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\WINDOWS\system32\VESWinlogon.dll [2005-05-20 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
hulololef - {cab7e239-3160-47a1-a725-507ece1040d1} - c:\windows\system32\zuragiwu.dll []
yawoforiw - {cf4cad8e-5b15-4484-9f4e-c6f091950e06} - c:\windows\system32\sobamehu.dll []
feputohig - {ea111da5-6b61-4fa3-be46-5d0acc0418b5} - c:\windows\system32\sobamehu.dll []
golagukez - {e826b5cb-2e45-4636-9e61-503bc9f2e654} - c:\windows\system32\sobamehu.dll []
vevugejoz - {b86e294b-9bbb-489c-8a77-247035dc576f} - c:\windows\system32\hibunevo.dll [2009-09-18 91648]
natibaker - {872c8655-65c6-4919-8fc5-46d8c4f54395} - c:\windows\system32\riguhoyu.dll []
sohewolih - {f9be83aa-ca92-4c67-a8c6-b2b0416c1ec7} - c:\windows\system32\kehitulo.dll []
forufibig - {b33b8422-a6a6-4713-9d77-392b41681c73} - c:\windows\system32\riguhoyu.dll []
hojobuduz - {96a21697-a5b4-4665-a1f2-557093ca4064} - c:\windows\system32\hibunevo.dll [2009-09-18 91648]
pimihebag - {74cc9f53-0d09-49b2-8462-379b4b8f0876} - c:\windows\system32\hibunevo.dll [2009-09-18 91648]
tijubopib - {35c061d0-836a-4749-aa45-414aa3e5eaef} - c:\windows\system32\hibunevo.dll [2009-09-18 91648]
korinales - {277483f4-169e-4283-8d0a-44eeeff2cc31} - c:\windows\system32\hibunevo.dll [2009-09-18 91648]
tewepitim - {3c82df3f-11ef-41df-ac75-1cb4a62440ed} - c:\windows\system32\hibunevo.dll [2009-09-18 91648]
vuzozojut - {bf148403-d621-4c2b-a52e-318659fbc453} - c:\windows\system32\hibunevo.dll [2009-09-18 91648]
tizujuluw - {d1e54f74-f1dc-43b2-8cf5-3349fcdd600e} - c:\windows\system32\gunowini.dll [65535-65535-31889 92160]
luwavowul - {79683124-4c1c-468b-96c3-215479c67e25} - c:\windows\system32\hibunevo.dll [2009-09-18 91648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
kupuhivus - {cab7e239-3160-47a1-a725-507ece1040d1} - c:\windows\system32\zuragiwu.dll []
tokatiluy - {cf4cad8e-5b15-4484-9f4e-c6f091950e06} - c:\windows\system32\sobamehu.dll []
mujuzedij - {ea111da5-6b61-4fa3-be46-5d0acc0418b5} - c:\windows\system32\sobamehu.dll []
jugezatag - {e826b5cb-2e45-4636-9e61-503bc9f2e654} - c:\windows\system32\sobamehu.dll []
mujuzedij - {b86e294b-9bbb-489c-8a77-247035dc576f} - c:\windows\system32\hibunevo.dll [2009-09-18 91648]
tokatiluy - {872c8655-65c6-4919-8fc5-46d8c4f54395} - c:\windows\system32\riguhoyu.dll []
jugezatag - {f9be83aa-ca92-4c67-a8c6-b2b0416c1ec7} - c:\windows\system32\kehitulo.dll []
jugezatag - {b33b8422-a6a6-4713-9d77-392b41681c73} - c:\windows\system32\riguhoyu.dll []
jugezatag - {96a21697-a5b4-4665-a1f2-557093ca4064} - c:\windows\system32\hibunevo.dll [2009-09-18 91648]
gahurihor - {74cc9f53-0d09-49b2-8462-379b4b8f0876} - c:\windows\system32\hibunevo.dll [2009-09-18 91648]
gahurihor - {35c061d0-836a-4749-aa45-414aa3e5eaef} - c:\windows\system32\hibunevo.dll [2009-09-18 91648]
jugezatag - {277483f4-169e-4283-8d0a-44eeeff2cc31} - c:\windows\system32\hibunevo.dll [2009-09-18 91648]
mujuzedij - {3c82df3f-11ef-41df-ac75-1cb4a62440ed} - c:\windows\system32\hibunevo.dll [2009-09-18 91648]
kupuhivus - {bf148403-d621-4c2b-a52e-318659fbc453} - c:\windows\system32\hibunevo.dll [2009-09-18 91648]
gahurihor - {d1e54f74-f1dc-43b2-8cf5-3349fcdd600e} - c:\windows\system32\gunowini.dll [65535-65535-31889 92160]
kupuhivus - {79683124-4c1c-468b-96c3-215479c67e25} - c:\windows\system32\hibunevo.dll [2009-09-18 91648]
lkjah87hfijgnfasidofgysgiughnjfkgfgdfgf - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS\system32\srveota.dll []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
kulagira.dll
rvdlgnl.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"EnableLUA"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe"="C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Sony\VAIO Media 5.0\Vc.exe"="C:\Program Files\Sony\VAIO Media 5.0\Vc.exe:*:Disabled:[VAIO Media] VAIO Media"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Sony\VAIO Event Service\VESMgr.exe"="C:\Program Files\Sony\VAIO Event Service\VESMgr.exe:*:Enabled:VESMgr"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ae41474-984e-11da-83a4-806d6172696f}]
shell\AutoRun\command - M:\sony\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{628bd9b1-5cd7-11de-941b-0016761d9bf1}]
shell\AutoRun\command - K:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\zajeribo.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\yamapaso.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\yahiviti.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\wiyirive.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\wehokepu.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\vaseyure.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\topupabe.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\tayanage.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\silulawo.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\poviwumi.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\pafuvole.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\neletato.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\morugawe.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\manojemi.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\ligamosa.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\levisaku.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\jerewodi.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\jegulufo.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\hilijizi.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\gunowini.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\fulefoze.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\fifugiku.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\dowikabu.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\dibuniya.dll
2010-02-12 15:26:49 ----A---- C:\WINDOWS\system32\28145.exe
2010-02-12 15:23:17 ----D---- C:\rsit
2010-02-12 15:20:27 ----D---- C:\Documents and Settings\Robert Varnadore\Application Data\Malwarebytes
2010-02-12 15:20:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-12 15:20:16 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-12 15:06:49 ----A---- C:\WINDOWS\system32\5705.exe
2010-02-12 14:46:49 ----A---- C:\WINDOWS\system32\24464.exe
2010-02-12 11:46:20 ----A---- C:\WINDOWS\system32\winlogon32.exe
2010-02-12 11:46:20 ----A---- C:\WINDOWS\system32\smss32.exe
2010-02-12 11:40:05 ----A---- C:\WINDOWS\system32\flags.ini
2010-01-21 14:51:15 ----A---- C:\Program Files\adgamma.exe
2010-01-21 14:51:15 ----A---- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
2010-01-21 14:51:07 ----A---- C:\ewqrsgn.exe
2010-01-21 14:51:05 ----A---- C:\yfoku.exe
2010-01-21 14:51:05 ----A---- C:\sckw.exe
2010-01-21 14:51:04 ----A---- C:\WINDOWS\system32\info.tmp
2010-01-21 14:51:02 ----A---- C:\ytlmlfc.exe
2010-01-21 14:36:05 ----A---- C:\WINDOWS\system32\26962.exe
2010-01-21 14:16:05 ----A---- C:\WINDOWS\system32\29358.exe
2010-01-21 13:56:04 ----A---- C:\WINDOWS\system32\11478.exe
2010-01-21 13:36:01 ----A---- C:\WINDOWS\system32\15724.exe
2010-01-21 13:16:01 ----A---- C:\WINDOWS\system32\19169.exe
2010-01-21 12:56:01 ----A---- C:\WINDOWS\system32\26500.exe
2010-01-21 12:36:00 ----A---- C:\WINDOWS\system32\6334.exe
2010-01-21 12:16:00 ----A---- C:\WINDOWS\system32\18467.exe
2010-01-21 12:05:49 ----D---- C:\Program Files\InternetSecurity2010
2010-01-21 11:56:00 ----A---- C:\WINDOWS\system32\41.exe
2010-01-21 11:55:54 ----A---- C:\WINDOWS\system32\helper32.dll
2010-01-20 09:42:13 ----D---- C:\Program Files\AOL Toolbar
2010-01-20 09:42:11 ----HD---- C:\WINDOWS\msdownld.tmp
2010-01-20 09:41:22 ----HDC---- C:\WINDOWS\ie8
======List of files/folders modified in the last 1 months======
2010-02-12 16:09:27 ----D---- C:\WINDOWS\Prefetch
2010-02-12 16:08:42 ----D---- C:\WINDOWS\Temp
2010-02-12 16:08:37 ----D---- C:\WINDOWS\system32
2010-02-12 16:02:27 ----D---- C:\WINDOWS\Registration
2010-02-12 16:02:16 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-12 16:02:03 ----D---- C:\WINDOWS
2010-02-12 16:01:48 ----D---- C:\WINDOWS\Minidump
2010-02-12 16:01:34 ----D---- C:\WINDOWS\system32\drivers
2010-02-12 16:01:34 ----D---- C:\WINDOWS\system32\config
2010-02-12 15:44:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-12 15:44:11 ----A---- C:\WINDOWS\ModemLog_HDAUDIO SoftV92 Data Fax Modem with SmartCP.txt
2010-02-12 15:20:16 ----RD---- C:\Program Files
2010-02-12 13:23:05 ----SD---- C:\WINDOWS\Tasks
2010-01-27 14:16:15 ----D---- C:\WINDOWS\pchealth
2010-01-27 11:47:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-27 11:47:41 ----HD---- C:\WINDOWS\inf
2010-01-22 18:24:48 ----SHD---- C:\WINDOWS\CSC
2010-01-21 14:54:02 ----SHD---- C:\System Volume Information
2010-01-21 14:54:02 ----D---- C:\WINDOWS\system32\Restore
2010-01-21 11:22:59 ----SHD---- C:\WINDOWS\Installer
2010-01-21 11:22:59 ----SHD---- C:\Config.Msi
2010-01-21 10:50:47 ----D---- C:\Documents and Settings\Robert Varnadore\Application Data\Apple Computer
2010-01-21 10:26:53 ----D---- C:\WINDOWS\system32\en-US
2010-01-21 10:26:53 ----D---- C:\WINDOWS\Media
2010-01-21 10:26:53 ----D---- C:\Program Files\Internet Explorer
2010-01-21 10:26:52 ----D---- C:\WINDOWS\Help
2010-01-20 10:22:01 ----AC---- C:\WINDOWS\mdm.ini
2010-01-20 09:42:14 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2010-01-20 09:35:38 ----D---- C:\WINDOWS\ie8updates
2010-01-13 10:22:11 ----SHD---- C:\Documents and Settings\Robert Varnadore\Application Data\SystemProc
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-22 1034752]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-03-31 180736]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-05-23 1034752]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-05-23 178048]
R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys [2004-10-18 54008]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2004-10-18 73576]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 SlFilter;Silver 1394 Filter (1394 BUS Filter Driver); C:\WINDOWS\system32\DRIVERS\SlFilter.sys [2004-12-08 13715]
R3 SlUSBFlt;Silver USB Filter (USB BUS Filter Driver); C:\WINDOWS\system32\DRIVERS\SlUSBFlt.sys [2005-04-14 15360]
R3 smrt;Sony MPEG RealTime encoder board; C:\WINDOWS\system32\DRIVERS\smrt.sys [2004-08-05 788736]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-09-09 1032472]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-23 716288]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 asc3550p;asc3550p; C:\WINDOWS\system32\drivers\asc3550p.sys [2008-04-13 97344]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dalwdmservice;dal service; C:\WINDOWS\system32\drivers\dalwdm.sys [2005-10-25 105472]
S3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 iLokDrvr;iLok; C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys [2005-09-27 27328]
S3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]
S3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [2004-10-18 15126]
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2004-10-18 26104]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2004-10-18 37814]
S3 MBX2DFU;MBX2DFU; C:\WINDOWS\SYSTEM32\DRIVERS\MBX2DFU.sys [2005-10-26 15488]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver; C:\WINDOWS\system32\drivers\mbx2midk.sys [2005-10-26 15232]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 ndisdrv;ndisdrv; \??\C:\WINDOWS\system32\ndisdrv.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Network Security; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DigiRefresh;Digidesign MME Refresh Service; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2005-10-26 61440]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 FAH@C:+temp+fold1+FAH504-Console.exe;FAH@C:+temp+fold1+FAH504-Console.exe; C:\temp\fold1\FAH504-Console.exe [2007-02-23 253952]
R2 IAANTMon;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-10-12 86140]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 7520337]
R2 SonicStageMonitoring;SonicStageMonitoring; C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe [2005-03-11 135168]
R2 Sony TVTA Manager;Sony TVTA Manager; C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe [2005-08-25 106496]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2005-05-20 153600]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2005-09-01 167936]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2005-09-01 135168]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
R3 Sony TV Tuner Manager;Sony TV Tuner Manager; C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe [2003-08-13 94208]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2005-09-01 270336]
S2 gupdate1c9e48f2e706486;Google Update Service (gupdate1c9e48f2e706486); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-03 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 digiSPTIService;digiSPTIService; C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe [2005-10-25 122880]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 32768]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-08-30 53337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-08-30 53337]
S3 Sony TV Tuner Controller;Sony TV Tuner Controller; C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe [2003-08-13 176128]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-08-30 69718]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 311872]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2005-09-27 69632]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2005-10-06 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2005-10-14 1982464]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2005-10-11 57344]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2005-10-11 770048]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2005-10-11 188416]
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-11 28160]
-----------------EOF-----------------
RSIT info.txt
############################
info.txt logfile of random's system information tool 1.06 2010-02-12 15:23:24
======Uninstall list======
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->Dummy
-->MsiExec.exe /I{3B55590C-8A9B-4BD6-B489-744B63026A2A}
-->MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{107254A0-0ADF-11D4-9397-00D0B7020B38}\setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Photoshop Elements 4.0-->msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}
Adobe Premiere Standard-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{7998F67D-655B-42E3-B651-18D96DD17268}\setup.exe"
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Advertisement Service-->C:\WINDOWS\system32\net.net Uninstall
AOL Toolbar -->"C:\Program Files\AOL Toolbar\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Click to DVD 2.0.03 Menu Data-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E407618-D9CD-4F39-9490-9ED45294073D}\setup.exe" -l0x9 -removeonly
Click to DVD 2.5.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E809063C-51A3-4269-8984-D1EB742F2151}\setup.exe" -l0x9 -removeonly
CONNECT-->"C:\Program Files\Sony\CONNECT\unwise.exe" /A "C:\Program Files\Sony\CONNECT\install.log" Uninstall CONNECT
Digidesign Mbox 2 Factory-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{787DAC3C-A935-4843-B7CA-565C08E9BC96}\Setup.exe" -l0x9 FromUninstall
Digidesign Pro Tools LE 7.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8BE47CAE-466C-4A12-AA62-3E3A1762DE87}\setup.exe" -l0x9 -removeonly
Digidesign Shared Plug-Ins 7.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92B43A6F-E328-495A-ACFA-FC47C1B7215D}\Setup.exe" -l0x9 FromUninstall -removeonly
DISCover-->"C:\Program Files\DISC\uninstall.exe"
DSD Direct-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C27BF761-C499-488D-A964-A3718BC6EC3E}\Setup.exe" -l0x9
DSD Playback Plug-in 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}\Setup.exe" -l0x9
DVgate Plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\Setup.exe" -l0x9
Free Bomb Factory Plug-Ins 7.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E17AF7A0-B0A8-4B55-A4B4-1D8D4E171BA2}\Setup.exe" -l0x9 FromUninstall -removeonly
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.38\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003\HXFSETUP.EXE -U -ISnyHDANk.inf
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Documents and Settings\Robert Varnadore\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Image Converter 2 Plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63B8FB69-A1B6-425D-B67D-5257B7A1F663}\setup.exe" -l0x9 /CONPANE
ImageStation-->MsiExec.exe /I{A87EBA79-93DB-4A87-B9BA-62F8FB12D993}
Intel Matrix Storage Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\Setup.exe" -l0409 -INTELUNINST
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
InterLok Driver Kit-->MsiExec.exe /X{1A24F9E8-009D-40FC-ABED-2AAFFAB0F4F0}
InterVideo WinDVD for VAIO-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JEOPARDY! (remove only)-->"C:\Program Files\Sony Pictures Games\JEOPARDY!\Uninstall JEOPARDY!.exe"
LaCie Device Updater-->C:\PROGRA~1\LACIET~1\DEVICE~1\Bin\SilverUninst.exe UnDeviceUpd
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memory Stick Formatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft SQL Server Desktop Engine (VAIO_VEDB)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
NoteWorthy Composer-->C:\PROGRA~1\NOTEWO~1\UNINSTAL.EXE C:\PROGRA~1\NOTEWO~1\INSTALL.LOG
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
OpenMG Limited Patch 4.3-05-10-05-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.3-05-10-05-01\HotFixSetup\setup.exe /u
OpenMG Metadata Extractor for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B953606-000E-491C-B74D-78ECFDD520A0}\setup.exe" -l0x9
OpenMG Secure Module 4.3.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA} UNINSTALL
PC Magazine StartupCop Pro-->"C:\Program Files\PC Magazine Utilities\StartupCop Pro\unins000.exe"
PowerDesk 5.0-->C:\Program Files\Ontrack\PowerDesk\uninstal.exe C:\Program Files\Ontrack\PowerDesk
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Reason Adapted for Digidesign 3.0.1-->"C:\Program Files\Propellerhead\Reason Adapted 3 for Digidesign\Uninstall Reason Adapted for Digidesign\unins000.exe"
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio DigitalMedia Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio DigitalMedia Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio DigitalMedia Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
Search Enhancement by AOL Search-->C:\Program Files\AOL\AOL Search Enhancement\uninst.exe
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sibelius Scorch (ActiveX Only)-->MsiExec.exe /I{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
SonicStage 3.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SonicStage Mastering Studio 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF3B304B-8A18-452D-A19F-6012CA8418D7}\Setup.exe" -l0x9
SonicStage Mastering Studio Audio Filter Custom Preset-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}\Setup.exe" -l0x9
SonicStage Mastering Studio Audio Filter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB467B85-4F52-48C2-AEED-0673D00417B0}\Setup.exe" -l0x9
SonicStage Mastering Studio Plugins-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}\Setup.exe" -l0x9
Sony Certificate PCH-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony Download Taxi 1.5.0.0-->"C:\Program Files\Sony\Download Taxi\unins000.exe"
Sony MP4 Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe" -l0x9 -removeonly
Sony TV Tuner Library 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40D1BC4F-56CB-458E-BE8C-35A025CC52FB}\setup.exe" -l0x9 UNINSTALL
Sony Utilities DLL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9
Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SureThing CD Labeler Deluxe 4-->C:\WINDOWS\mvuninst\App1\mvuninst.exe "SureThing CD Labeler Deluxe 4"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
USB2 Storage Adapter V3 (LaCie)-->C:\WINDOWS\Drivers\LaCie\SilverUninst.exe UnDriver
VAIO Breeze Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}\setup.exe" -l0x9
VAIO Central-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E993095-28F2-4060-9101-99C1FD1195C0}\setup.exe" -l0x9 -removeonly
VAIO Edit Components-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01AE599F-7B72-4135-8C56-9191F4ACBA88}\setup.exe" -l0x9 -removeonly
VAIO Entertainment Platform-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}\setup.exe" -l0x9 -removeonly
VAIO Event Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}\setup.exe" -l0x9
VAIO Light Flo Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}\setup.exe" -l0x9
VAIO Media 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media AC3 Decoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{785EB1D4-ECEC-4195-99B4-73C47E187721}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Redistribution 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Registration Tool 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Original Screen Saver VAIO Cozy Screen HD Normal Contents-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D424F6BA-1FFD-4199-8B18-76869054185E}\Setup.exe" -l0x9
VAIO Original Screen Saver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}\Setup.exe" -l0x9
VAIO Registration-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO Security Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}\setup.exe" -l0x9 -removeonly
VAIO Support Central-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82081533-F045-469E-BD53-F16839E445C3}\setup.exe" -l0x9 -removeonly
VAIO Update 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\setup.exe" -l0x9
VAIOSurveySA-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}
Wheel of Fortune (remove only)-->"C:\Program Files\Sony Pictures Games\Wheel of Fortune\Uninstall Wheel of Fortune.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Connect-->msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect-->MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 Hotfix [See KB886612 for more information]-->C:\WINDOWS\$NtUninstallKB886612$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB908250-->"C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wireless Desktop-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA7FC832-8133-46B4-B2CF-5A955326D309}\setup.exe" -l0x9
Xerox Phaser 8200-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Xerox\Phaser 8200\Uninst.isu" -c"C:\Program Files\Xerox\Phaser 8200\xrxuninst.dll"
======Security center information======
FW: Norton Internet Worm Protection (disabled)
======System event log======
Computer Name: ROBERTOFFICE
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0016761D9BF1. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Record Number: 51550
Source Name: Dhcp
Time Written: 20091115094626.000000-300
Event Type: warning
User:
Computer Name: ROBERTOFFICE
Event Code: 9
Message: The device, , did not respond within the timeout period.
Record Number: 51499
Source Name: sbp2port
Time Written: 20091113094903.000000-300
Event Type: error
User:
Computer Name: ROBERTOFFICE
Event Code: 9
Message: The device, , did not respond within the timeout period.
Record Number: 51461
Source Name: sbp2port
Time Written: 20091112093446.000000-300
Event Type: error
User:
Computer Name: ROBERTOFFICE
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\ERIK on the network \Device\NetBT_Tcpip_{CC98319E-1BF3-4684-B3BE-41A62AF6EB30}.
The data is the error code.
Record Number: 51454
Source Name: BROWSER
Time Written: 20091111112208.000000-300
Event Type: warning
User:
Computer Name: ROBERTOFFICE
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\ERIK on the network \Device\NetBT_Tcpip_{CC98319E-1BF3-4684-B3BE-41A62AF6EB30}.
The data is the error code.
Record Number: 51419
Source Name: BROWSER
Time Written: 20091110094758.000000-300
Event Type: warning
User:
=====Application event log=====
Computer Name: ROBERTOFFICE
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.
Record Number: 15413
Source Name: Adobe Active File Monitor 4.0
Time Written: 20090925205159.000000-240
Event Type:
User:
Computer Name: ROBERTOFFICE
Event Code: 19011
Message:
Record Number: 15405
Source Name: MSSQL$VAIO_VEDB
Time Written: 20090925174429.000000-240
Event Type: warning
User:
Computer Name: ROBERTOFFICE
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.
Record Number: 15400
Source Name: Adobe Active File Monitor 4.0
Time Written: 20090925174420.000000-240
Event Type:
User:
Computer Name: ROBERTOFFICE
Event Code: 19011
Message:
Record Number: 15393
Source Name: MSSQL$VAIO_VEDB
Time Written: 20090925092911.000000-240
Event Type: warning
User:
Computer Name: ROBERTOFFICE
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.
Record Number: 15387
Source Name: Adobe Active File Monitor 4.0
Time Written: 20090925092903.000000-240
Event Type:
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
-----------------EOF-----------------
Computer Performance
#########################
Still very bad. Same symptoms as before.
Hi jezzzzy.
It seems you have no security programs installed on this PC, we will need to address that soon.
Ok lets try this.
Download and Run ComboFix
Please download ComboFix from from one of the following links.
Link 1. (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2. (http://www.forospyware.com/sUBs/ComboFix.exe)
Note: You must rename it before saving it... Rename it: Cypher.exe. See images below.
**IMPORTANT !!! Save ComboFix.exe to your Desktop**
http://i526.photobucket.com/albums/cc345/MPKwings/CFOpen.gif
http://i526.photobucket.com/albums/cc345/MPKwings/CFRen.gif
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Consolehttp://img.photobucket.com/albums/v666/sUBs/Query_RC.gif
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Logs/Information to Post in your Next Reply
ComboFix.txt log.
Please give me an update on your computers performance.
ComboFix ran and deleted many files. However, now my computer boots up to the point where I can log in, but then hard reboots. In a loop. Do you want me to load WinPE CD so that I can try and get to the ComboFix log file?
Hi jezzzzy.
Can you boot up in safe mode?
Please try this and see if you can post the ComboFix log.
It can be found at C:\ComboFix.txt .
Boot into Safe Mode
Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.
Safemode fails on MUP.sys. Reboot loop. With WinPE I don't see a log file in C:\. I do see a Qoobox folder with many files.
Ok good.
if there is a "DeQuarantine" Log present in the Qoobox folder, copy/paste the contents of that document back here in your next post.
There is no DeQuarantine log to be found. Couldn't find anything relevant in the C:\Cypher folder either.
Ok i need to try and figure this out i will get back to you as soon as possible.
Hi jezzzzy.
Ok a couple of questions.
1. Did you install the Recovery Console before you ran ComboFix?
2. Do you have an have a XP CD-ROM?
Hi jezzzzy .
Good lets try this.
1. Restart your computer
2. Before Windows loads, you will be prompted to choose which Operating System to start
3. Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press enter.
5. At the C:\Windows prompt, type the following bolded text, and press Enter:
cd erdnt\subs
6. At the next prompt, type the following bolded text, and press Enter:
batch erdnt.con
7. The erunt backups will begin copying.
8. At the next prompt, type the following bolded text, and press Enter:
exit
Windows should now begin loading.
Please post pack and let me know how your PC is performing now.
First try ended in blue screen
stop: 0x0000007B(0xF7CAE524,0xC0000034,0x00000000,0x00000000)
Second try the same.
Hi jezzzzy.
I am going to have to consult someone about this, I've not seen this happen before.
I will get back to you as soon as possible.
Hi jezzzzy.
Question did you install any Windows updates after the ComboFix run?
Hi Cypher,
No. No updates were installed.
Found the following logs that may be helpful:
c:\qoobox\LogA
#######################
\Registry\Machine\System\CurrentControlSet\Services\vkquwexg
*******************
Script file located at: \??\C:\Cypher\ComboDel.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\QooBox
*******************
Beginning to process script file:
File move operation C:\WINDOWS\system32\drivers\jeddyf.sys|C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\jeddyf.sys.vir completed successfully.
Program C:\Cypher\CF29860.cfxxe" /c "C:\Cypher\Combobatch.bat successfully set up to run once on reboot.
Completed script processing.
*******************
Finished! Terminate.
c:\qoobox\quarantine\catchme.log
########################
-------- 2010-02-15 - 09:27:59 -------------
file zipped: C:\WINDOWS\system32\drivers\jeddyf.sys -> _jeddyf_.sys.zip -> jeddyf.sys ( 791552 bytes )
file "C:\WINDOWS\system32\drivers\jeddyf.sys" replaced successfully
c:\cypher\temp00
################
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-15 10:12:23
Windows 5.1.2600 Service Pack 3
scanning processes ...
System [4]
C:\WINDOWS\system32\smss.exe [684] 0x826F1978
C:\WINDOWS\system32\csrss.exe [732] 0x82728020
C:\WINDOWS\system32\winlogon.exe [760] 0x82C10460
C:\WINDOWS\system32\services.exe [816] 0x82718DA0
C:\WINDOWS\system32\lsass.exe [836] 0x82715DA0
C:\WINDOWS\system32\svchost.exe [1064] 0x826D9648
C:\WINDOWS\system32\svchost.exe [1256] 0x82A75340
C:\WINDOWS\system32\svchost.exe [1376] 0x822F0020
C:\WINDOWS\system32\svchost.exe [1524] 0x826FF628
C:\WINDOWS\system32\svchost.exe [1680] 0x82A4EA10
C:\WINDOWS\system32\spoolsv.exe [1788] 0x82762490
C:\WINDOWS\system32\svchost.exe [1952] 0x826EDDA0
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [568] 0x8209C908
C:\Program Files\Bonjour\mDNSResponder.exe [592] 0x826FE178
C:\Program Files\Digidesign\Drivers\MMERefresh.exe [668] 0x820A2348
C:\WINDOWS\ehome\ehrecvr.exe [1040] 0x82091A88
C:\WINDOWS\ehome\ehSched.exe [1124] 0x81F7A590
C:\temp\fold1\FAH504-Console.exe [1220] 0x81F668B8
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2144] 0x82037020
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2248] 0x820372A8
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe [2616] 0x81FC74E8
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe [2668] 0x81FD8020
C:\WINDOWS\system32\svchost.exe [2776] 0x81FA8020
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2816] 0x81FA7B28
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2932] 0x81F99020
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [3032] 0xFF9CADA0
C:\WINDOWS\ehome\mcrdsvc.exe [3092] 0xFF9DD3C8
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [3332] 0xFF9AC020
C:\WINDOWS\system32\dllhost.exe [3572] 0xFF8EA020
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe [3628] 0xFF8FF900
C:\WINDOWS\system32\alg.exe [3964] 0xFF44D020
C:\Program Files\Common Files\AOL\1139368192\ee\aolsoftware.exe [4092] 0x829FCDA0
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2376] 0x81F2C738
C:\Program Files\iTunes\iTunesHelper.exe [2188] 0x81F2BC38
C:\WINDOWS\system32\ctfmon.exe [2332] 0x820CA308
C:\Program Files\iPod\bin\iPodService.exe [2200] 0x81F58C68
C:\WINDOWS\system32\MDM.EXE [5676] 0x82710020
C:\Cypher\CF29860.cfxxe [5256] 0xFE267DA0
C:\WINDOWS\system32\svchost.exe [3260] 0xFA366B50
C:\Cypher\catchme.cfxxe [1452] 0xF8B3F4A8
Hi
We'll try the Recovery Console again with a different command.
Restart your computer
Before Windows loads, you will be prompted to choose which Operating System to start
Use the up and down arrow key to select Microsoft Windows Recovery Console
You must enter which Windows installation to log onto. Type 1 and press enter
At the C:\Windows prompt, type the following bolded text, and press Enter:
cd erdnt\hiv-backup
At the next prompt, type the following bolded text, and press Enter:
batch erdnt.con
The erunt backups will begin copying
At the next prompt, type the following bolded text, and press Enter:
exit
Windows should now begin loading.
Let me know if that worked.
I'm sorry. I must have miscommunicated. My computer blue screens when loading recovery console.
I don't get the option to choose my installation. I get the progress bar that says "Starting Recovery Console..." then it says "Please wait..." then blue screen.
Not sure if it matters, but this is XP Media Center edition
Hi jezzzzy.
Sorry for the delay but as i said previously i am consulting with an expert about this problem.
Ok we need to see if we can access the Recovery Console from your XP discs.
1. Insert the Windows XP cd in your computer.
2. Restart your computer so you are booting off of the CD.
3. When the Welcome to Setup screen appears, press the R button on your keyboard to start the Recovery Console.
4. The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press enter.
5. It will then prompt you for the Administrator's password. If there is no password, simply press enter. Otherwise type in the password and then press enter. If you do not know your password then see this.
6. If you entered the correct password you will now be presented with a C:\Windows> prompt and you can start using the Recovery Console.
Next We'll try the Recovery Console again with a different command.
Restart your computer
Before Windows loads, you will be prompted to choose which Operating System to start
Use the up and down arrow key to select Microsoft Windows Recovery Console
You must enter which Windows installation to log onto. Type 1 and press enter
At the C:\Windows prompt, type the following bolded text, and press Enter:
cd erdnt\hiv-backup
At the next prompt, type the following bolded text, and press Enter:
batch erdnt.con
The erunt backups will begin copying
At the next prompt, type the following bolded text, and press Enter:
exit
Windows should now begin loading.
Post back and let me know if your PC now boots.
Recovery console booted to the C prompt without asking for any login information. It seems it can't find my windows installation. A "cd" command in C:\> returns "There is no floppy disk or CD in the drive.
Looking for SCSI or SATA drivers for win setup now.
Ok. I got recovery console working (needed RAID drivers for windows installation to be found). I sucussfully ran the commands as you instructed. Still cannot boot. Computer reboots just prior to letting me login. If I try safe mode, it reboots while loading files.
Should I try the "cd erdnt\subs"?
Hi jezzzzy.
are you saying you got as far as trying these commands?
cd erdnt\hiv-backup
batch erdnt.con
Yes. Files were restored from "erdnt\hiv-backup", but still stuck in the reboot loop.
Hi jezzzzy.
This is not looking good.
we have one last thing to try then the only other option is to reformat to a clean install.
Use the Windows cd to boot the computer.
Once booted:
Click Start, click Run, and enter into the command line that opens:
REN c:\windows\system32\gdi32.dll gdi.dll.org
Again, Click Start, click Run, and enter into the command line that opens:
copy c:\windows\servicepackfiles\i386\gdi32.dll c:\window\system32\
IMPORTANT: If XP is installed to some other drive letter than C, replace the above to match your configuration.
* Reboot and try Normal mode.
Please try that and let me know if it works.
I cannot boot my computer. It is in a reboot loop. Can I run these from recovery console?
Hi jezzzzy.
My best advice would be to recover any personal documents you can and reformat your computer.
We have tried everything we can at this point.
Here is a link with more information Windows XP Clean Installation (http://windowsxp.mvps.org/XPClean.htm)
Your system was seriously infected due to a lack of protection.
If you wish i can give you more information on how to keep your system secure after you reformat.
Sorry the news is not better but that is my best advice.
Ok. Thank you for your help. If I can get it to boot, I will open another thread and reference this one.
One last question. Would a repair installation help?
Also, I found this when researching my blue screen stop error.
"You may receive a "Stop 0x0000007B" error message in the following scenarios:
* A device driver that the computer boot controller needs is not configured to start during the startup process.
* A device driver that the computer boot controller needs is corrupted.
* Information in the Windows XP registry (information related to how the device drivers load during startup) is corrupted."
Is it possible that combofix removed my HDD controller driver?
Can we restore it? I think it's called iastor.sys.
Hi jezzzzy.
That error can be caused by a lot of things from what i know.
One last question. Would a repair installation help?You can try that if you wish but if you reformat your system will be clean so no need to come back and start another thread.
Personally i think thats your best course of action but the decision is yours.
There is much data on this computer that I do not want to lose.
Another ms technote says this:
"If the System hive in the Windows XP registry is corrupted, Windows XP may not be able to load the miniport device driver that the boot controller requires. To resolve this issue, restore a registry backup."
The only reason I think that the controller is missing is because I had to load a specific RAID controller to get recovery console to recognize my drive.
Is it possible that ComboFix changed the registry so that the required miniport driver is not loaded? How would I restore the registry to the day before combofix?
Is it possible that ComboFix changed the registry so that the required miniport driver is not loaded? How would I restore the registry to the day before combofix?Thats what we were trying do do restore the registry to before CF was run.
But everything we tried failed. Did you try doing a repair install?
I looked into the system volume information to find out the date of the registry backup. The date on the files was 2/15/2010 at 2:33pm. This is after combofix was run. There doesn't seem to be a restore point prior to combofix. Does combofix store registry backup files anywhere else?
Hi jezzzzy.
There is much data on this computer that I do not want to lose.
From my first post to you.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
This is exactly why you are advised to back everything up before we start.
This is the last option for invoking the CF backups if you want to try.
Restart your computer
Before Windows loads, you will be prompted to choose which Operating System to start
Use the up and down arrow key to select Microsoft Windows Recovery Console
You must enter which Windows installation to log onto. Type 1 and press enter
At the C:\Windows prompt, type the following bolded text, and press Enter:
DISABLE CAERF
At the next prompt, type the following bolded text, and press Enter:
DISABLE RESTORE
At the next prompt, type the following bolded text, and press Enter:
CD C:\WINDOWS\CONFIG
At the next prompt, type the following bolded text, and press Enter:
REN LSASS.EXE LSASS.EXE.VIR
At the next prompt, type the following bolded text, and press Enter:
CD C:\WINDOWS\SYSTEM32\DRIVERS
At the next prompt, type the following bolded text, and press Enter:
REN RESTORE.SYS RESTORE.SYS.VIR
At the next prompt, type the following bolded text, and press Enter:
CD C:\WINDOWS\ERDNT
At the next prompt, type the following bolded text, and press Enter:
BATCH CFRECOVERY.BAT
At the next prompt, type the following bolded text, and press Enter:
BATCH CFUNDO.DAT (Ignore if there's any error messages)
At the next prompt, type the following bolded text, and press Enter:
CD C:\COMBOFIX
At the next prompt, type the following bolded text, and press Enter:
TYPE DREV.DAT
At the next prompt, type the following bolded text, and press Enter:
TYPE SVCTARGET.DAT
At the next prompt, type the following bolded text, and press Enter
TYPE NDIS_LOG.DAT
At the next prompt, type the following bolded text, and press Enter:
EXIT
Windows should now begin loading.
Hi jezzzzy.
Hows it going any progress?
Getting some errors on the commands you listed.
On the "Disable CAERF" command and the "Disable RESTORE" commands I get a message that says "The registry entry for the caerf (or restore) service cannot be located."
Neither LSASS.exe nor restore.sys files can be found. So I can't rename them.
When I run the BATCH CFRECOVERY.BAT command I get a response that the SET command is currently disabled.
Should I continue running the commands you listed?
Hi jezzzzy.
After consulting an expert it seems you have a curupt/damaged hdd controller infection.
Here is the link to the MS article How to recover from a corrupt registry (http://support.microsoft.com/default.aspx?scid=kb;en-us;307545&sd=tech).
This procedure does not guarantee full recovery of the system to a previous state; however, you should be able to recover data when you use this procedure.
Your only choice is to try that procedure to try and recover your data then reformat your computer.
Sorry the news is not better :sad:
Let me know how things go.
Dakeyras
2010-02-26, 13:09
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.