Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

PC Reoovery

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

PC Reoovery

Unread postby Curley » March 17th, 2010, 8:12 pm

I am working on recovering my mother's pc. I have updated all security and have run different AVs. We have found and cleaned 57 spyware, a few viruses and 1 trojan. Can you please now check this hijack this log?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:18 PM, on 3/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Wireless Desktop\LgWDskTp.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [TVTunerLib] C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [LgWDskTp] C:\Program Files\Wireless Desktop\LgWDskTp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8692211156
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 9726 bytes


Here also is the malwarebytes log of the scan I ran today.

Malwarebytes' Anti-Malware 1.44
Database version: 3878
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/17/2010 7:43:55 PM
mbam-log-2010-03-17 (19-43-55).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 95455
Time elapsed: 51 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{3D862AF3-F420-4071-81C6-462DB9E61F2D}\RP24\A0001370.dll (Trojan.Hijacker) -> Quarantined and deleted successfully.
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am
Advertisement
Register to Remove

Re: PC Reoovery

Unread postby MWR 3 day Mod » March 21st, 2010, 1:16 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: PC Reoovery

Unread postby andyspeake » March 23rd, 2010, 12:29 pm

Hello, and Welcome :)
I will be assisting you with your malware issues.
Please be patient as I need some time to review your Hijackthis log and i will post back recommendations for repairs.
As I am still on training, everything that I post to you, must be checked by a MRU teacher or senior malware remover. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • Continue to respond to this thread until I give you the All Clean! Remember, abscence of symptons doesn't mean you are malware free.
  • If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • If you are receiving help or have received help on this problem elsewhere, please let us know
  • Please bookmark or favourite this page. In case you need it as reference or etc.

All users of this forum must read this topic before proceeding
No Reply Within 3 Days Will Result In Your Topic Being Closed! If you need more time, please inform me.
User avatar
andyspeake
Regular Member
 
Posts: 1914
Joined: June 8th, 2007, 9:29 pm
Location: Glasgow, Scotland

Re: PC Reoovery

Unread postby Curley » March 23rd, 2010, 1:31 pm

Since the time I posted the hijackthis log unil now, I ran another system restore. Do you want me to run another hijackthis log or can you still use the one I posted here last week?
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am

Re: PC Reoovery

Unread postby Curley » March 23rd, 2010, 2:49 pm

Again, I apologize. Here is a log I ran today. It may or may not be different as I restored it to the time I ran the original log. We have caught a lot of malware, but system is still having problems. I suspect there is still hidden malware. She uses MicroTrend as her live AV. I have also run ESET online scanner and Malwarebytes free AV to catch as much malware as possible. Thanks. We will try to stay off system as much as possible until we hear from you again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:42:11 PM, on 3/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Wireless Desktop\LgWDskTp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [TVTunerLib] C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [LgWDskTp] C:\Program Files\Wireless Desktop\LgWDskTp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8692211156
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 9372 bytes
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am

Re: PC Reoovery

Unread postby andyspeake » March 24th, 2010, 11:10 am

Hi,

Are having any specific problems, e.g. popups, browser redirection, slowness etc...?

DeFogger

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Gmer
Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

So please post back:
Answer to Question I asked
Gmer.txt
RSIT logs, log.txt and info.txt

Thanks.
User avatar
andyspeake
Regular Member
 
Posts: 1914
Joined: June 8th, 2007, 9:29 pm
Location: Glasgow, Scotland

Re: PC Reoovery

Unread postby Curley » March 24th, 2010, 6:14 pm

Thank you so much for your help.

Problems:

Very slow. I removed from Startlite what was unecessary. We are still dealing with CTFMON and another that I am not familar with. Waiting untiil you are done dealing with malware issues.

Putting that aside, I was forced restart this computer because RSIT was stuck.

Problems:

Before I ran this,we have been having problems with extremely slow start. It would not allow Windows Live to work at all. Everytime I attempt to internet it would ask to diagnose the problem. Sometimes it would clear, sometimes it would not.

We have made paInstacking prgress but there has been some internet and start up process. We can now use the intenet. We hace used MICROTREND and MALWAREBYTES. It is better. I have removed Microsoft Office which was a temporary source not actual paid source *(temporary unpaid) . She does not use Microsoft and we are going to install Open Office.
Will await your instructions.


Okay, here are the logs:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-24 17:03:57
Windows 5.1.2600 Service Pack 3
Running: GMER Rootkit Scanner.exe; Driver: C:\DOCUME~1\JENNYC~1\LOCALS~1\Temp\fxtdypob.sys


---- System - GMER 1.0.15 ----

SSDT 827B4C60 ZwCreateKey
SSDT 827B4160 ZwCreateProcess
SSDT 827B4420 ZwCreateProcessEx
SSDT 827B5AC0 ZwCreateThread
SSDT 827B51E0 ZwDeleteKey
SSDT 827B54A0 ZwDeleteValueKey
SSDT 827B5C60 ZwLoadDriver
SSDT 827B46E0 ZwOpenProcess
SSDT 827B4F20 ZwSetValueKey
SSDT 827B49A0 ZwTerminateProcess
SSDT 827B5920 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- EOF - GMER 1.0.15 ----

rsaiut

RIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jenny Caamano at 2010-03-24 18:07:01
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 169 GB (91%) free of 186 GB
Total RAM: 511 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:03 PM, on 3/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Wireless Desktop\LgWDskTp.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jenny Caamano\Desktop\RSIT.exe
C:\Program Files\HijackThis\Jenny Caamano.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [TVTunerLib] C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [LgWDskTp] C:\Program Files\Wireless Desktop\LgWDskTp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8692211156
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 9490 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TVTunerLib"=C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe [2005-02-17 245760]
"HKSERV.EXE"=C:\Program Files\Sony\HotKey Utility\HKserv.exe [2004-10-17 122880]
"VAIO Update 2"=C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe [2005-01-14 151552]
"VAIOSurvey"=c:\program files\sony\vaio survey\surveysa.exe [2004-08-19 331776]
"VZRemoteCommander"=C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe [2005-01-31 192512]
"LgWDskTp"=C:\Program Files\Wireless Desktop\LgWDskTp.exe [2004-10-27 65536]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2004-10-18 19968]
"VAIO Recovery"=C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [2003-04-20 28672]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-07-13 4141056]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
VAIO Action Setup (Server).lnk - C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=8

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\lxczcoms.exe"="C:\WINDOWS\system32\lxczcoms.exe:*:Enabled:Lexmark Communications System"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-03-24 17:06:50 ----D---- C:\rsit
2010-03-24 14:16:29 ----D---- C:\Contents
2010-03-24 14:16:26 ----D---- C:\VAIO Entertainment
2010-03-23 14:41:11 ----A---- C:\Program Files\StartUpLite.exe
2010-03-17 20:03:39 ----D---- C:\Program Files\HijackThis
2010-03-17 18:01:58 ----D---- C:\Documents and Settings\Jenny Caamano\Application Data\Malwarebytes
2010-03-16 23:39:26 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-03-16 14:57:51 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2010-03-16 14:55:48 ----D---- C:\Program Files\Common Files\HP
2010-03-16 14:55:46 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2010-03-16 14:55:45 ----D---- C:\Program Files\Hewlett-Packard
2010-03-16 14:54:48 ----RA---- C:\WINDOWS\hpzshl01.exe
2010-03-16 14:54:47 ----RA---- C:\WINDOWS\hpzmsi01.exe
2010-03-16 14:54:46 ----D---- C:\WINDOWS\yellowtail
2010-03-16 14:47:51 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2010-03-16 14:47:28 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2010-03-16 14:47:28 ----A---- C:\WINDOWS\system32\hpz3l5mu.dll
2010-03-16 14:40:24 ----RA---- C:\WINDOWS\system32\hppldcoi.dll
2010-03-16 14:40:24 ----RA---- C:\WINDOWS\system32\difxapi.dll
2010-03-16 14:40:23 ----RA---- C:\WINDOWS\system32\hpovst11.dll
2010-03-16 14:40:22 ----RA---- C:\WINDOWS\system32\hpwtscl3.dll
2010-03-16 14:40:21 ----RA---- C:\WINDOWS\system32\hpwwiax4.dll
2010-03-15 20:59:17 ----D---- C:\Program Files\Microsoft Silverlight
2010-03-15 20:58:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2010-03-15 20:51:59 ----D---- C:\WINDOWS\system32\XPSViewer
2010-03-15 20:51:55 ----D---- C:\Program Files\MSBuild
2010-03-15 20:51:47 ----D---- C:\Program Files\Reference Assemblies
2010-03-15 20:51:10 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-03-15 20:51:10 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-03-15 20:51:10 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-03-15 20:51:10 ----D---- C:\ff8b6cc5abaf725e1cdee3404be5aee3
2010-03-15 20:20:08 ----D---- C:\WINDOWS\Prefetch
2010-03-15 20:16:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-03-15 20:16:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-03-15 20:16:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-03-15 20:16:20 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-03-15 20:16:06 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-03-15 20:15:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-03-15 20:15:44 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-15 20:15:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-03-15 20:15:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-03-15 20:15:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-03-15 20:15:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-03-15 20:14:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-03-15 20:14:47 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-03-15 20:14:38 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-03-15 20:14:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-03-15 20:14:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-03-15 20:14:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-03-15 20:13:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-03-15 20:13:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-03-15 20:13:40 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-03-15 20:13:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-03-15 20:13:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-03-15 20:13:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-03-15 20:13:03 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-03-15 20:12:54 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-03-15 20:12:45 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-03-15 20:12:35 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-03-15 20:12:23 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-03-15 20:12:11 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-03-15 20:12:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-03-15 20:11:53 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-03-15 20:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-03-15 20:11:35 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-03-15 20:11:25 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-03-15 20:11:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-03-15 20:11:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-03-15 20:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-03-15 20:10:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-03-15 20:10:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-03-15 20:10:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-03-15 20:10:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-03-15 20:10:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-03-15 20:09:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-03-15 20:09:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-03-15 20:09:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-03-15 20:09:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-03-15 20:09:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-03-15 20:09:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-03-15 20:08:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-03-15 20:08:46 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-03-15 20:08:36 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-03-15 20:08:26 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-03-15 20:05:07 ----D---- C:\WINDOWS\system32\en
2010-03-15 20:05:06 ----D---- C:\WINDOWS\system32\bits
2010-03-15 19:52:28 ----D---- C:\WINDOWS\EHome
2010-03-15 18:56:25 ----D---- C:\WINDOWS\ie8updates
2010-03-15 18:55:34 ----D---- C:\WINDOWS\WBEM
2010-03-15 18:54:05 ----HDC---- C:\WINDOWS\ie8
2010-03-15 18:47:59 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-15 18:36:24 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-03-15 18:24:31 ----D---- C:\Program Files\Defraggler
2010-03-15 18:21:43 ----D---- C:\Registry Backup
2010-03-15 18:19:30 ----D---- C:\Program Files\CCleaner
2010-03-15 17:49:42 ----N---- C:\WINDOWS\system32\SET187.tmp
2010-03-15 17:49:41 ----N---- C:\WINDOWS\system32\SET188.tmp
2010-03-15 17:49:40 ----N---- C:\WINDOWS\system32\SET18A.tmp
2010-03-15 17:49:40 ----N---- C:\WINDOWS\system32\SET189.tmp
2010-03-15 17:49:39 ----N---- C:\WINDOWS\system32\SET18C.tmp
2010-03-15 17:49:35 ----N---- C:\WINDOWS\system32\SET190.tmp
2010-03-15 17:49:34 ----N---- C:\WINDOWS\system32\SET192.tmp
2010-03-15 17:49:34 ----N---- C:\WINDOWS\system32\SET191.tmp
2010-03-15 17:49:31 ----N---- C:\WINDOWS\system32\SET196.tmp
2010-03-15 17:49:30 ----N---- C:\WINDOWS\system32\SET199.tmp
2010-03-15 17:49:27 ----N---- C:\WINDOWS\system32\SET19A.tmp
2010-03-15 17:49:25 ----N---- C:\WINDOWS\system32\SET19C.tmp
2010-03-15 17:49:24 ----N---- C:\WINDOWS\system32\SET19D.tmp
2010-03-15 17:49:22 ----N---- C:\WINDOWS\system32\SET1A2.tmp
2010-03-15 17:49:21 ----N---- C:\WINDOWS\system32\SET1A6.tmp
2010-03-15 17:47:51 ----D---- C:\WINDOWS\ie7updates
2010-03-15 17:44:25 ----DC---- C:\WINDOWS\ie7
2010-03-15 17:44:11 ----DC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2010-03-15 17:43:41 ----DC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2010-03-15 17:31:51 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-15 17:31:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-10 04:22:10 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-03-10 04:20:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975561_0$
2010-03-10 04:17:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-03-10 04:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-03-09 21:19:19 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-03-09 20:23:46 ----DC---- C:\WINDOWS\$NtUninstallKB978706$(2)
2010-03-09 20:23:34 ----DC---- C:\WINDOWS\$NtUninstallKB978251$(2)
2010-03-09 20:23:22 ----DC---- C:\WINDOWS\$NtUninstallKB978207$(2)
2010-03-09 20:23:12 ----DC---- C:\WINDOWS\$NtUninstallKB978037$(2)
2010-03-09 20:23:02 ----DC---- C:\WINDOWS\$NtUninstallKB977914$(2)
2010-03-09 20:22:49 ----DC---- C:\WINDOWS\$NtUninstallKB977165$(2)
2010-03-09 20:22:37 ----DC---- C:\WINDOWS\$NtUninstallKB975713$(2)
2010-03-09 20:22:28 ----DC---- C:\WINDOWS\$NtUninstallKB975560$(2)
2010-03-09 20:22:18 ----DC---- C:\WINDOWS\$NtUninstallKB975467$(2)
2010-03-09 20:22:09 ----DC---- C:\WINDOWS\$NtUninstallKB975025$(2)
2010-03-09 20:22:00 ----DC---- C:\WINDOWS\$NtUninstallKB974571$(2)
2010-03-09 20:21:50 ----DC---- C:\WINDOWS\$NtUninstallKB974392$(2)
2010-03-09 20:21:40 ----DC---- C:\WINDOWS\$NtUninstallKB974318$(2)
2010-03-09 20:21:31 ----DC---- C:\WINDOWS\$NtUninstallKB974112$(2)
2010-03-09 20:21:21 ----DC---- C:\WINDOWS\$NtUninstallKB973869$(2)
2010-03-09 20:21:11 ----DC---- C:\WINDOWS\$NtUninstallKB973815$(2)
2010-03-09 20:21:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$(2)
2010-03-09 20:20:51 ----DC---- C:\WINDOWS\$NtUninstallKB973507$(2)
2010-03-09 20:20:42 ----DC---- C:\WINDOWS\$NtUninstallKB973354$(2)
2010-03-09 20:20:32 ----DC---- C:\WINDOWS\$NtUninstallKB972270$(2)
2010-03-09 20:20:23 ----DC---- C:\WINDOWS\$NtUninstallKB971737$(2)
2010-03-09 20:20:14 ----DC---- C:\WINDOWS\$NtUninstallKB971657$(2)
2010-03-09 20:20:04 ----DC---- C:\WINDOWS\$NtUninstallKB971468$(2)
2010-03-09 20:19:55 ----DC---- C:\WINDOWS\$NtUninstallKB970430$(2)
2010-03-09 20:19:45 ----DC---- C:\WINDOWS\$NtUninstallKB970238$(2)
2010-03-09 20:19:36 ----DC---- C:\WINDOWS\$NtUninstallKB969947$(2)
2010-03-09 20:19:26 ----DC---- C:\WINDOWS\$NtUninstallKB969059$(2)
2010-03-09 20:19:14 ----DC---- C:\WINDOWS\$NtUninstallKB968389$(2)
2010-03-09 20:19:03 ----DC---- C:\WINDOWS\$NtUninstallKB967715$(2)
2010-03-09 20:18:53 ----DC---- C:\WINDOWS\$NtUninstallKB961501$(2)
2010-03-09 20:18:44 ----DC---- C:\WINDOWS\$NtUninstallKB960859$(2)
2010-03-09 20:18:35 ----DC---- C:\WINDOWS\$NtUninstallKB960803$(2)
2010-03-09 20:18:26 ----DC---- C:\WINDOWS\$NtUninstallKB960225$(2)
2010-03-09 20:18:15 ----DC---- C:\WINDOWS\$NtUninstallKB959426$(2)
2010-03-09 20:18:06 ----DC---- C:\WINDOWS\$NtUninstallKB958644$(2)
2010-03-09 20:17:57 ----DC---- C:\WINDOWS\$NtUninstallKB956844$(2)
2010-03-09 20:17:47 ----DC---- C:\WINDOWS\$NtUninstallKB956803$(2)
2010-03-09 20:17:38 ----DC---- C:\WINDOWS\$NtUninstallKB956802$(2)
2010-03-09 20:17:21 ----DC---- C:\WINDOWS\$NtUninstallKB956572$(2)
2010-03-09 20:17:08 ----DC---- C:\WINDOWS\$NtUninstallKB955759$(2)
2010-03-09 20:16:57 ----DC---- C:\WINDOWS\$NtUninstallKB973687$(3)
2010-03-09 20:16:48 ----DC---- C:\WINDOWS\$NtUninstallKB955069$(2)
2010-03-09 20:16:39 ----DC---- C:\WINDOWS\$NtUninstallKB952954$(2)
2010-03-09 20:16:29 ----DC---- C:\WINDOWS\$NtUninstallKB952287$(2)
2010-03-09 20:16:19 ----DC---- C:\WINDOWS\$NtUninstallKB952004$(2)
2010-03-09 20:16:08 ----DC---- C:\WINDOWS\$NtUninstallKB951748$(2)
2010-03-09 20:15:59 ----DC---- C:\WINDOWS\$NtUninstallKB951376-v2$(2)
2010-03-09 20:15:50 ----DC---- C:\WINDOWS\$NtUninstallKB951066$(2)
2010-03-09 20:15:41 ----DC---- C:\WINDOWS\$NtUninstallKB950974$(2)
2010-03-09 20:15:32 ----DC---- C:\WINDOWS\$NtUninstallKB950762$(2)
2010-03-09 20:15:22 ----DC---- C:\WINDOWS\$NtUninstallKB946648$(2)
2010-03-09 20:15:12 ----DC---- C:\WINDOWS\$NtUninstallKB923561$(2)
2010-03-09 20:10:14 ----D---- C:\WINDOWS\system32\en-us
2010-03-09 20:10:12 ----D---- C:\WINDOWS\system32\scripting
2010-03-09 20:10:09 ----D---- C:\WINDOWS\l2schemas
2010-03-09 20:10:08 ----D---- C:\Program Files\msn
2010-03-09 20:01:43 ----D---- C:\WINDOWS\network diagnostic
2010-03-09 19:56:05 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-03-09 19:38:41 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2010-03-09 16:59:59 ----D---- C:\Program Files\ESET
2010-02-27 18:23:10 ----A---- C:\WINDOWS\system32\fxsst(2).dll
2010-02-27 18:23:10 ----A---- C:\WINDOWS\system32\fxsmon(2).dll
2010-02-27 18:23:10 ----A---- C:\WINDOWS\system32\fxsevent(2).dll
2010-02-27 18:23:08 ----A---- C:\WINDOWS\system32\fxsapi(2).dll
2010-02-27 14:07:14 ----D---- C:\Documents and Settings\Jenny Caamano\Application Data\HP
2010-02-27 14:00:46 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2010-02-27 13:59:18 ----D---- C:\Program Files\Yahoo!
2010-02-27 13:55:25 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2010-02-27 13:52:41 ----D---- C:\Program Files\HP
2010-02-27 13:52:23 ----HD---- C:\Config.Msi

======List of files/folders modified in the last 1 months======

2010-03-24 17:40:45 ----D---- C:\WINDOWS\system32
2010-03-24 17:25:44 ----D---- C:\WINDOWS\Temp
2010-03-24 15:32:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-24 15:17:14 ----D---- C:\Program Files\Microsoft Office
2010-03-24 15:13:08 ----SHD---- C:\WINDOWS\Installer
2010-03-24 15:12:31 ----RSD---- C:\WINDOWS\assembly
2010-03-24 15:12:24 ----RD---- C:\Program Files
2010-03-24 15:12:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-24 15:12:22 ----D---- C:\Program Files\Common Files\System
2010-03-24 15:12:21 ----RSD---- C:\WINDOWS\Fonts
2010-03-24 15:12:08 ----D---- C:\WINDOWS
2010-03-24 15:12:08 ----D---- C:\Program Files\Common Files
2010-03-24 15:11:59 ----A---- C:\WINDOWS\win.ini
2010-03-24 14:25:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-24 14:24:59 ----D---- C:\Program Files\MoodLogic
2010-03-23 14:23:58 ----D---- C:\WINDOWS\system32\config
2010-03-23 14:23:36 ----D---- C:\WINDOWS\system32\wbem
2010-03-23 14:23:35 ----D---- C:\WINDOWS\Registration
2010-03-19 06:56:22 ----SD---- C:\Documents and Settings\Jenny Caamano\Application Data\Microsoft
2010-03-17 19:58:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-17 19:45:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2010-03-17 19:45:11 ----D---- C:\WINDOWS\system32\drivers
2010-03-17 06:42:38 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-16 23:43:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-16 23:42:29 ----D---- C:\WINDOWS\WinSxS
2010-03-16 23:40:13 ----HD---- C:\WINDOWS\inf
2010-03-16 23:40:09 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-16 23:39:48 ----DC---- C:\WINDOWS\system32\dllcache
2010-03-16 23:18:29 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-03-16 14:41:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-16 14:40:47 ----D---- C:\WINDOWS\twain_32
2010-03-15 20:51:31 ----D---- C:\WINDOWS\system32\spool
2010-03-15 20:49:49 ----D---- C:\Program Files\Internet Explorer
2010-03-15 20:47:21 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-15 20:29:05 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-15 20:23:47 ----D---- C:\WINDOWS\Debug
2010-03-15 20:19:37 ----D---- C:\WINDOWS\AppPatch
2010-03-15 20:19:37 ----D---- C:\Program Files\Messenger
2010-03-15 20:19:36 ----D---- C:\WINDOWS\system32\Setup
2010-03-15 20:18:33 ----D---- C:\WINDOWS\security
2010-03-15 20:15:46 ----D---- C:\Program Files\Movie Maker
2010-03-15 20:13:51 ----D---- C:\Program Files\Outlook Express
2010-03-15 20:05:37 ----D---- C:\WINDOWS\ime
2010-03-15 20:05:12 ----D---- C:\WINDOWS\system32\usmt
2010-03-15 20:05:06 ----D---- C:\WINDOWS\PeerNet
2010-03-15 20:01:01 ----D---- C:\WINDOWS\system32\Restore
2010-03-15 20:01:01 ----D---- C:\WINDOWS\system32\npp
2010-03-15 20:00:59 ----D---- C:\WINDOWS\msagent
2010-03-15 20:00:57 ----D---- C:\WINDOWS\srchasst
2010-03-15 20:00:55 ----D---- C:\Program Files\NetMeeting
2010-03-15 20:00:53 ----D---- C:\WINDOWS\system32\Com
2010-03-15 20:00:48 ----D---- C:\Program Files\Windows Media Player
2010-03-15 20:00:47 ----D---- C:\Program Files\Windows NT
2010-03-15 20:00:43 ----D---- C:\WINDOWS\Help
2010-03-15 20:00:26 ----D---- C:\WINDOWS\system32\oobe
2010-03-15 20:00:23 ----D---- C:\WINDOWS\system
2010-03-15 19:00:09 ----D---- C:\WINDOWS\Media
2010-03-15 18:52:31 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2010-03-15 18:40:09 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-03-15 18:11:45 ----D---- C:\Program Files\Bonjour
2010-03-15 18:10:03 ----D---- C:\Program Files\Apple Software Update
2010-03-15 18:10:01 ----D---- C:\Program Files\QuickTime
2010-03-15 18:10:01 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-03-15 18:09:32 ----D---- C:\Documents and Settings\Jenny Caamano\Application Data\Apple Computer
2010-03-15 18:08:14 ----D---- C:\WINDOWS\addins
2010-03-15 18:00:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-03-14 15:15:34 ----A---- C:\WINDOWS\ModemLog_AC97 SoftV92 Data Fax Modem.txt
2010-03-09 20:05:32 ----D---- C:\WINDOWS\ServicePackFiles
2010-03-09 19:37:01 ----D---- C:\WINDOWS\SoftwareDistribution
2010-03-01 10:05:15 ----SD---- C:\WINDOWS\Tasks
2010-02-27 13:28:24 ----D---- C:\temp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-02-16 65936]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2009-05-22 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2009-05-22 225296]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2009-05-22 1220120]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-01-17 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-01-17 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-01-17 21568]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-10-14 1043072]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2003-10-14 197120]
R3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [2004-10-18 15126]
R3 LEX_AS_NIC_SERVICE_YNOS;LAN-Express AS IEEE 802.11g Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ExpasAG.sys [2004-08-05 392544]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2004-10-18 26104]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2004-10-18 37814]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2004-10-18 73576]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-07-13 2488640]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 same;SAME Service; C:\WINDOWS\system32\DRIVERS\same.sys [2004-11-11 504832]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\Drivers\SonyNC.sys [2000-11-09 48896]
R3 tifmsony;tifmsony; C:\WINDOWS\system32\drivers\tifmsony.sys [2005-01-07 52736]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-10-14 679808]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-06-13 45568]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor;Adobe Active File Monitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 lxcz_device;lxcz_device; C:\WINDOWS\system32\lxczcoms.exe [2007-02-08 537520]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 7520337]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-07-13 114754]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2009-04-14 703008]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-02-16 333064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2005-02-09 167936]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2005-02-09 135168]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-26 648456]
R3 VAIO Entertainment Aggregation and Control Service;VAIO Entertainment Aggregation and Control Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe [2005-02-09 143360]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2005-02-09 270336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-02-14 32768]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-01-26 53337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-01-26 53337]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-01-26 69718]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 311872]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2005-01-24 69632]
S3 VAIO Entertainment Task Scheduler;VAIO Entertainment Task Scheduler; C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe [2005-02-10 397312]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2005-02-09 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2005-01-14 1839104]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2005-01-14 57344]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2005-01-14 745472]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2005-01-14 188416]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am

Re: PC Reoovery

Unread postby andyspeake » March 24th, 2010, 6:33 pm

Hi,

Could you please also post info.txt contents.

To retrieve the info.txt you can...
Click Start - Click "Run" - Type "c:rsit".
The folder containing the file will appear and Info.txt should be located there.
User avatar
andyspeake
Regular Member
 
Posts: 1914
Joined: June 8th, 2007, 9:29 pm
Location: Glasgow, Scotland

Re: PC Reoovery

Unread postby Curley » March 25th, 2010, 1:12 pm

Okay, info text
It appears we have caught most of the problems as the system seems run much better now.
Hopefully you will catch anything left hidden. Thanks.

info.txt logfile of random's system information tool 1.06 2010-03-24 17:09:32

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->Dummy
-->MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 3.0-->MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Click to DVD 2.0.03 Menu Data-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E407618-D9CD-4F39-9490-9ED45294073D}\setup.exe" -l0x9 -removeonly
Click to DVD 2.4.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E809063C-51A3-4269-8984-D1EB742F2151}\setup.exe" -l0x9 -removeonly
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
DVgate Plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\Setup.exe" -l0x9
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
HijackThis 2.0.2-->"C:\Program Files\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HotKey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\setup.exe" -l0x9
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Manager 1.0-->C:\Program Files\HP\Digital Imaging\DocumentManager\hpzscr01.exe -datfile hpqbud18.dat
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Officejet J4500 Series-->C:\Program Files\HP\Digital Imaging\{CD0773D5-C18E-495c-B39B-21A96415EDD5}\setup\hpzscr01.exe -datfile hpwscr19.dat -forcereboot
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Image Converter 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9155A84B-A94B-496E-9661-9978EB0CBC7C}\Setup.exe" /UNINSTALL
InterVideo WinDVD 5 for VAIO-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVDX-->"C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Lexmark 1200 Series-->C:\Program Files\Lexmark 1200 Series\Install\x86\Uninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memory Stick Formatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Desktop Engine (VAIO_VEDB)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MoodLogic-->C:\WINDOWS\ml-uninstall-v10.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Netscape Internet Service Setup-->"C:\Program Files\Online Services\Netscape Online Setup\unwise.exe" /A "C:\Program Files\Online Services\Netscape Online Setup\install.log" Uninstall Netscape Internet Service Setup
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OCR Software by I.R.I.S. 10.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OpenMG Limited Patch 4.1-05-13-31-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.1-05-13-31-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.1.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2F151B50-B434-4838-B51D-70442EBA093E} UNINSTALL
PictureGear Studio 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88DA0A52-3372-4803-971A-ADFB961707E8}\Setup.exe"
Quicken 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
SoftV92 Data Fax Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24D6&SUBSYS_816F104D\HXFSETUP.EXE -U -IVEN_8086&DEV_24D6&SUBSYS_816F104D
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SonicStage 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SonicStage Mastering Studio 1.4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF3B304B-8A18-452D-A19F-6012CA8418D7}\Setup.exe" -l0x9
SonicStage Mastering Studio Audio Filter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB467B85-4F52-48C2-AEED-0673D00417B0}\Setup.exe" -l0x9
SonicStage Mastering Studio Plugins-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}\Setup.exe" -l0x9
SonicStage MP3 Add-on program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA7ECDA9-C6DD-4E4A-8EB8-9899E08C6740}\Setup.exe" -l0x9
Sony Certificate PCH-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony MP4 Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe" -l0x9 -removeonly
Sony Utilities DLL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9
Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}\setup.exe" -l0x9 -removeonly
Trend Micro AntiVirus-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro AntiVirus-->MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
VAIO Action Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}\Setup.exe" -l0x9
VAIO Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E993095-28F2-4060-9101-99C1FD1195C0}\setup.exe" -l0x9
VAIO Entertainment Platform-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}\setup.exe" -l0x9
VAIO Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A43F939E-A863-433D-AC78-0897E44CFEB2}\setup.exe" -l0x9
VAIO Lithograph Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CABCF31E-3FC7-4087-B35E-1CF868BF1EE5}\setup.exe" -l0x9
VAIO Media 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\Setup.exe" -l0x9 UNINSTALL
VAIO Media AC3 Decoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Redistribution 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Registration Tool 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x9 UNINSTALL
VAIO Original Screen Saver VAIO Motion SD Wide Contents-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51735133-A296-4EB0-BF16-AD93B55BD000}\setup.exe" -l0x9
VAIO Original Screen Saver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}\setup.exe" -l0x9
VAIO Registration-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO Survey Standalone-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
VAIO TV Tuner Library 1.4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC6E3CD5-A93D-44EA-85AE-894C1603B7E2}\setup.exe"
VAIO Update 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\setup.exe" -l0x9
VAIO Wireless Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DF00135-D5A7-476A-BFB3-EDFF2840076A}\Setup.exe" -l0x9
VAIO Zone Remote Commander-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E09E82C3-6C4D-45B0-8790-BBBEE39F1A3C}\Setup.exe" -l0x9
VAIO Zone-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED8D39F2-7FFA-45EC-B148-EF2472955BB4}\Setup.exe" -l0x9
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wireless Desktop-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA7FC832-8133-46B4-B2CF-5A955326D309}\setup.exe" -l0x9

======Security center information======

AV: Trend Micro AntiVirus (disabled)

======System event log======

Computer Name: JENNY
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0011D8F62BC9. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 2139
Source Name: Dhcp
Time Written: 20100309064820.000000-300
Event Type: warning
User:

Computer Name: JENNY
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000E9BBA51B9. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 2138
Source Name: Dhcp
Time Written: 20100309064815.000000-300
Event Type: warning
User:

Computer Name: JENNY
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000E9BBA51B9. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 2125
Source Name: Dhcp
Time Written: 20100308192651.000000-300
Event Type: warning
User:

Computer Name: JENNY
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 2072
Source Name: Service Control Manager
Time Written: 20100308091003.000000-300
Event Type: error
User:

Computer Name: JENNY
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.

Record Number: 2064
Source Name: Windows Update Agent
Time Written: 20100308005943.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: JENNY
Event Code: 5
Message: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt> with error: This operation returned because the timeout period expired.


Record Number: 1089
Source Name: crypt32
Time Written: 20100317180044.000000-240
Event Type: error
User:

Computer Name: JENNY
Event Code: 1000
Message: Faulting application hpqtra08.exe, version 100.0.170.0, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x000101b3.

Record Number: 1087
Source Name: Application Error
Time Written: 20100317121533.000000-240
Event Type: error
User:

Computer Name: JENNY
Event Code: 19011
Message:
Record Number: 1081
Source Name: MSSQL$VAIO_VEDB
Time Written: 20100317053856.000000-240
Event Type: warning
User:

Computer Name: JENNY
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 1078
Source Name: Adobe Active File Monitor
Time Written: 20100317053850.000000-240
Event Type:
User:

Computer Name: JENNY
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 1068
Source Name: ASP.NET 2.0.50727.0
Time Written: 20100316234302.000000-240
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\HP\Digital Imaging\\bin
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am

Re: PC Reoovery

Unread postby andyspeake » March 25th, 2010, 9:07 pm

Hi,

Can you confirm to me that Trend Micro internet Security, your anti-virus, is actively running, there should be an icon in the system tray(The bottom Right of the Screen)?

Theres quite a bit to do in this post, so please take your time and read all instructions carefully!

-----------------------

Why you should not be using MSconfig to control startups!!

1. MSconfig was designed to be used only as a temporary debugging/troubleshooting tool. It was not meant to be used for long term solutions.
2. MSconfig does not show all startups anyway.
3. If you uninstall programs while they are being disabled with MSconfig, they will not be uninstall properly and you will have to resort to manual registry editing to properly get everything removed. MSconfig will leave orphan entries if/when installed software is uninstalled while under the control of MSconfig . When/if MSconfig is turned back to normal startup, it will give errors on boot due to those orphan entries.
4. MSconfig and Services:
  • If you uninstall programs while you have some of the programs services being controlled with MSconfig, the programs will not be uninstall properly and you will have to resort to manual registry editing to get everything properly removed.
  • When you uncheck a service in msconfig, you completely disable it. If you uncheck the wrong one, you may not be able to restart your computer.
  • It is safer to control services by using Control Panel, Administrative Tools, Services (this runs services.msc).
5. You can lock malware items into your registry that you may not see anymore until some point in time where you switch back to Normal Startup mode and now you can cause total reinfection of your PC with the malware. You need to remove the malware not mask it.
If you still don't understand why not to use MSconfig, see what Microsoft writes Here

The System Configuration utility helps you find problems with your Windows XP configuration. It does not manage the programs that run when Windows starts.


-----------------------

I'd like you to check (a file/some files) for Viruses.
C:\WINDOWS\system32\fxsst(2).dll
C:\WINDOWS\system32\fxsevent(2).dll

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Note details of any viruses found.
  • Repeat for all files on the list, and post me the details please


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :dir
    C:\WINDOWS\yellowtail
    

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

--------------------------

Back up the registry
  • Download ERUNT
  • Save it to your desktop. Run and install this program.
  • Choose No at the "Create an ERUNT entry in the startup folder" prompt.
  • In the box that opens make sure all backup options are checked(System Registry, Current user registry and other open user registries)
  • Then click OK.
  • Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.

Reset Host File w/ Batch file
Note: If you used any custom Hosts (eg. Spybot's Immunize, MVPS Hosts, etc...), you will have to reapply them!
  1. Open Notepad.
  2. Copy and paste the contents of the box below, into Notepad.
    @Echo off
    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    del %0
  3. Using the Command line, select File... then select Save As.
  4. Filename = RestHost.bat
  5. Save as Type = All Files <<=== important, won't work otherwise.
  6. Save the file to your Desktop.
    Image
    RestHost.bat <<------------- you should see this on your desktop.
  7. Double click on the RestHost.bat to execute. The batch file will be deleted when finished.

Download and Run OTM.exe

Download OTM.exe by Old Timer and save it to your Desktop.
  • Double-click OTM.exe.
  • Copy the lines in the codebox below.
Code: Select all
:Processes

:Files
C:\WINDOWS\system32\SET187.tmp
C:\WINDOWS\system32\SET188.tmp
C:\WINDOWS\system32\SET18A.tmp
C:\WINDOWS\system32\SET189.tmp
C:\WINDOWS\system32\SET18C.tmp
C:\WINDOWS\system32\SET190.tmp
C:\WINDOWS\system32\SET192.tmp
C:\WINDOWS\system32\SET191.tmp
C:\WINDOWS\system32\SET196.tmp
C:\WINDOWS\system32\SET199.tmp
C:\WINDOWS\system32\SET19A.tmp
C:\WINDOWS\system32\SET19C.tmp
C:\WINDOWS\system32\SET19D.tmp
C:\WINDOWS\system32\SET1A2.tmp
C:\WINDOWS\system32\SET1A6.tmp

:Reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

:Commands
[EmptyTemp]
[Start Explorer]
[Reboot]

  • Return to OTM.exe, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTM.exe

So please post back:
Question I Asked
File Upload Results
SystemLook.txt
Did The Batch File Delete Itself?
OTM Results

Thanks.
User avatar
andyspeake
Regular Member
 
Posts: 1914
Joined: June 8th, 2007, 9:29 pm
Location: Glasgow, Scotland

Re: PC Reoovery

Unread postby Curley » March 26th, 2010, 2:52 pm

Yes, MicroTrend is running. I did disable it because when I tried to run GMER, the AV blocked the disabling. I disabled Microtrend AV and Firewall and renabled after I was done with RSIT.

Will now work on other issues.
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am

Re: PC Reoovery

Unread postby Curley » March 26th, 2010, 3:47 pm

Jotti's malware scan
Filename: fxsst(2).dll
Status: Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Fri 26 Mar 2010 20:10:38 (CET)


Filename: fxsevent(2).dll
Status: Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Fri 26 Mar 2010 20:13:45 (CET)






SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 15:24 on 26/03/2010 by Jenny Caamano (Administrator - Elevation successful)
========== dir ==========
C:\WINDOWS\yellowtail - Parameters: "(none)"
---Files---
scrub2k.exe -ra--- 65536 bytes [18:54 16/03/2010] [11:07 09/05/2007]
scrub2k.ini -ra--- 340 bytes [18:54 16/03/2010] [13:12 08/06/2007]
---Folders---
None found.







BATCH FILE DELETED ITSELF.








-=End Of File=-




The following I got from notepad as OTM required a system restart and this notepad popped up upon restart. I did not get anything from green side. Hopefully this notepad is exactly what would have shown on the green side.



All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\WINDOWS\system32\SET187.tmp moved successfully.
C:\WINDOWS\system32\SET188.tmp moved successfully.
C:\WINDOWS\system32\SET18A.tmp moved successfully.
C:\WINDOWS\system32\SET189.tmp moved successfully.
C:\WINDOWS\system32\SET18C.tmp moved successfully.
C:\WINDOWS\system32\SET190.tmp moved successfully.
C:\WINDOWS\system32\SET192.tmp moved successfully.
C:\WINDOWS\system32\SET191.tmp moved successfully.
C:\WINDOWS\system32\SET196.tmp moved successfully.
C:\WINDOWS\system32\SET199.tmp moved successfully.
C:\WINDOWS\system32\SET19A.tmp moved successfully.
C:\WINDOWS\system32\SET19C.tmp moved successfully.
C:\WINDOWS\system32\SET19D.tmp moved successfully.
C:\WINDOWS\system32\SET1A2.tmp moved successfully.
C:\WINDOWS\system32\SET1A6.tmp moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Jenny Caamano
->Temp folder emptied: 953848 bytes
->Temporary Internet Files folder emptied: 83970521 bytes
->Flash cache emptied: 2647 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 153416 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39138 bytes
%systemroot%\System32 .tmp files removed: 2056077 bytes
%systemroot%\System32\dllcache .tmp files removed: 66560 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66165 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10951760 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 304784 bytes

Total Files Cleaned = 94.00 mb


OTM by OldTimer - Version 3.1.10.1 log created on 03262010_153238

Files moved on Reboot...
C:\Documents and Settings\Jenny Caamano\Local Settings\Temporary Internet Files\Content.IE5\XBB30JYB\BuddyList[1].htm moved successfully.
C:\Documents and Settings\Jenny Caamano\Local Settings\Temporary Internet Files\Content.IE5\XBB30JYB\default[1].htm moved successfully.
C:\Documents and Settings\Jenny Caamano\Local Settings\Temporary Internet Files\Content.IE5\XBB30JYB\EditMessageLight[1].htm moved successfully.
C:\Documents and Settings\Jenny Caamano\Local Settings\Temporary Internet Files\Content.IE5\XBB30JYB\im[1].htm moved successfully.
C:\Documents and Settings\Jenny Caamano\Local Settings\Temporary Internet Files\Content.IE5\XBB30JYB\ToastFull[1].htm moved successfully.
C:\Documents and Settings\Jenny Caamano\Local Settings\Temporary Internet Files\Content.IE5\XBB30JYB\ToastMini[1].htm moved successfully.
C:\Documents and Settings\Jenny Caamano\Local Settings\Temporary Internet Files\Content.IE5\V6PDIUD7\viewtopic[1].php moved successfully.
C:\Documents and Settings\Jenny Caamano\Local Settings\Temporary Internet Files\Content.IE5\FXW2Q9F4\AttachmentUploader[1].htm moved successfully.
C:\Documents and Settings\Jenny Caamano\Local Settings\Temporary Internet Files\Content.IE5\FXW2Q9F4\RteFrame_15.1.3039.0211[1].htm moved successfully.
C:\Documents and Settings\Jenny Caamano\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_728.dat not found!

Registry entries deleted on Reboot...






Thanks for your help!!!
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am

Re: PC Reoovery

Unread postby Curley » March 26th, 2010, 3:56 pm

Question - I ran Startup Lite again and CTFMON.exe and NvCplDaemon still is not disabled. I rebooted and it is still trying to start up on this system start up. I thought you had killed both of these. Should I select "remove" instead of "disable" from Startup Lite?
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am

Re: PC Reoovery

Unread postby Dakeyras » March 26th, 2010, 8:09 pm

Hi. :)

Your current helper is unavailable. So I will be assisting your good self from this time onwards. If this is acceptable please acknowledge this post and we will continue the malware removal process, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: PC Reoovery

Unread postby Curley » March 26th, 2010, 9:39 pm

Absolutely! Thanks. :geek:
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 494 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware