Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

atapi.sys?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

atapi.sys?

Unread postby maax134 » December 11th, 2009, 12:35 pm

Hi, a few days ago i got infected with a few trojan viruses, e.g. one in c:/windows/system32/drivers called 'atapi.sys'

i quickly shut it down and restarted in safe mode and did scans with malwarebytes' anti-malware which detected and deleted a couple. i also used AVG which would not let me remove the atapi.sys as it is apparently white-listed as a critical system file and should not be removed. I then tried switching it on normally and i recieved an auto shut down message, but after a few more scans and 'purges' that has disappeared. i no longer get warning messages from AVG but i just want to know if there is still a trojan lurking around the system files somewhere, that isn't being picked up

here is my hijack-this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:28, on 11/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.com/en
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Program Files\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TransBar] C:\Documents and Settings\FraserAdmin\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\sony\image converter 2\menu.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Program Files\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\image converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14096 bytes

any help or advice will be greatly appreciated, thank you for your time.
maax134
Active Member
 
Posts: 14
Joined: December 11th, 2009, 12:27 pm
Advertisement
Register to Remove

Re: atapi.sys?

Unread postby MWR 3 day Mod » December 15th, 2009, 1:30 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: atapi.sys?

Unread postby xixo_12 » December 18th, 2009, 12:41 am

Hello and Welcome to Malware Removal Forums.
  • My name is xixo_12 and I will guide you to encounter the problem that you have now.
  • We will work together and I need your attention to read all those instruction carefully.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • You may wish to print them off or copy the instruction into Notepad.
  • If you have any question please don't hesitate to ask.
  • The instructions that I will give to you are specific to your current problem and shouldn't be used on other systems.
  • If you are receiving help or have received help on this problem elsewhere, please let us know.
  • Please post your replies to this thread only and keep interact with me until your computer is clean.

Everything I post to you will be review by MRU Teacher. This process will impact my response time to you. Be patient. ;)
Please! If you need more time to do all the instructions, let me know before 72hours is done. Otherwise, your thread will be closed

Please make sure you have done your reading on this topic : How to get help at this forum

Next,
Uninstall List.
  • Run the HiJack This.
  • Click on Open the Misc Tools section button.
  • Click on Misc Tools tab.
  • Under the System tools, click on Open Uninstall Manager button.
  • Find the Save list… button and save to the Desktop
  • Copy the content and paste the uninstall list here.

Next,
Checklist.
Please post.
  • Content of uninstall list.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: atapi.sys?

Unread postby maax134 » December 18th, 2009, 1:23 pm

thank you!

uninstall list:

AC3Filter (remove only)
Ad-Aware SE Personal
Add/Remove 4Good
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Lightroom 3 Beta
Adobe Reader 6.0.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AVG Free 9.0
Battlefield 2(TM)
Battlefield 2: Special Forces
Battlefield 2142 Deluxe Edition
Bonjour
CardRecovery
CCleaner (remove only)
Cisco Systems VPN Client 5.0.00.0340
Compatibility Pack for the 2007 Office system
Connect
COWON Media Center - jetAudio Basic
dBpowerAMP Musepack Codec
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVgate Plus
EA Download Manager
EAX(tm) Unified (SHELL)
Google Earth
Google Updater
Handy Recovery 4.0
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HotKey Utility
HP Smart Web Printing
HP Software Update
HP Update
Image Converter 2
Image Stacker
iPod for Windows 2005-06-26
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 1
Java(TM) 6 Update 10
kuler
LAN-Express AS IEEE 802.11 Wireless LAN
Last.fm 1.5.4.24567
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Macromedia Flash Player
Magic DVD Ripper V5.1.1 beta
Malwarebytes' Anti-Malware
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
MoodLogic
Mozilla Firefox (3.5.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Norton Security Center
NVIDIA Drivers
OpenMG Limited Patch 4.1-05-13-31-01
OpenMG Secure Module 4.1.00
Panda Antivirus Pro 2010
PDF Settings CS4
Photomatix Pro version 2.5.4
Photoshop Camera Raw
Pocket RAR documentation
QuickTime
RadLight MPC DirectShow Filter (remove only)
Rainlendar2 (remove only)
Rainmeter (remove only)
RocketDock 1.3.5
Safari
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SoftV92 Data Fax Modem
SonicStage 3.0
SonicStage Mastering Studio 1.4
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony MP4 Shared Library
Sony Utilities DLL
Sony Video Shared Library
Suite Shared Configuration CS4
Symantec Technical Support Web Controls
SyncroSoft Emu (Remove only)
Syncrosoft's License Control
TomTom HOME 2.5.2.60
TweakNow RegCleaner Standard
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO Control Center
VAIO Edit Components
VAIO Entertainment Platform
VAIO Launcher
VAIO Media 4.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 4.1
VAIO Media Redistribution 4.0
VAIO Media Registration Tool 4.0
VAIO Online Registration (English)
VAIO Original Screen Saver
VAIO Product Survey
VAIO TV Tuner Library 1.4
VAIO Update 2
VAIO Zone
VAIO Zone Remote Commander
VC_MergeModuleToMSI
VideoLAN VLC media player 0.8.6h
VirbTunes
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
Wireless LAN Starter
XviD 1.1 final uninstall
maax134
Active Member
 
Posts: 14
Joined: December 11th, 2009, 12:27 pm

Re: atapi.sys?

Unread postby xixo_12 » December 19th, 2009, 7:38 am

Hi,

***Important :
  • You're advised to reply one log per post.
    Please have a look on the Checklist. area to know what is the logs that I'm looking for.
  • While I am helping you with your computer, please don't Install, Uninstall, remove or change anything unless I ask.


First,
Punkbuster.
  • Punkbuster can take control over various aspects of your computer, and some gaming tools not unlike Punkbuster also hinder their removals.
  • By the definition we handle here, Punkbuster is actual SPYWARE. Therefore, I now ask you to choose from the options below:
    1. Either we try to leave Punkbuster alone but there is NO guarantee a spyware component doesn't 'accidentally' get taken out; so Punkbuster might break.
      This will break your ability to play games using Punkbuster enabled servers.
    2. We can just remove Punkbuster. You can reinstall it afterwards if you wish, but please keep in mind that it is SPYWARE.
    3. Another option is to not clean this computer at all. This ensures Punkbuster will continue to function.

Please let me know what you would like to do after reading my advices.

Next,
CKScanner by askey 127.
Please download from HERE and save to the desktop.
Note: If you are using Vista, right click and choose Run as Administrator.
  • Double click on CKScanner.exe to run it and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Next,
MGADiag.
Please download from HERE and save to the desktop.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in. Save this file MGADiag.txt and post it in your next reply.

Next,
Checklist.
Please post.
  • Decision on PunkBuster program.
  • Content of CKFiles.txt
  • Content of MGADiag.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: atapi.sys?

Unread postby maax134 » December 19th, 2009, 8:38 am

I think i'll remove punkbuster then. it's not so much of an issue

CKFiles.txt:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\sony\vaio edit components\motiondrawing media\stage effect\cracker.anim
c:\program files\sony\vaio edit components\motiondrawing media\stage effect\cracker.ini
scanner sequence 3.LB.11
----- EOF -----



MGADiag.txt:

Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A
Windows Product Key: *****-*****-KX9HW-YM6W9-XHR2G
Windows Product Key Hash: 8a+5HJJ0ZwuZ7+2DOTFIcn8INBM=
Windows Product ID: 76477-OEM-2111907-00110
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {3EB0DA09-2734-475B-BB53-7E74854FDC57}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.59.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.18.5
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Standard Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-230-1_3E121E02-409-80004005_3E121E02-300-80004005_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{3EB0DA09-2734-475B-BB53-7E74854FDC57}</UGUID><Version>1.9.0011.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-XHR2G</PKey><PID>76477-OEM-2111907-00110</PID><PIDType>2</PIDType><SID>S-1-5-21-1744570660-2264734944-1409443950</SID><SYSTEM><Manufacturer>Sony Corporation</Manufacturer><Model>VGC-V3S</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>4001 </Version><SMBIOSVersion major="2" minor="3"/><Date>20050318000000.000000+000</Date><SLPBIOS>Sony Corporation,Sony Corporation</SLPBIOS></BIOS><HWID>69863607018400FC</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Sony Corporation</name><model>VAIO V series</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.18.5"/><File Name="WgaLogon.dll" Version="1.7.18.5"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Standard Edition 2003</Name><Ver>11</Ver><Val>2D28A19434F186E</Val><Hash>Wu6NDp364H9u7Sg2foigNJe661Y=</Hash><Pid>70141-055-8313265-56325</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1528C:GENUINE C&C INC|1DFC0:Sony Corporation|1DFC0:Sony Corporation ITCNC
Marker string from OEMBIOS.DAT: Sony Corporation,Sony Corporation

OEM Activation 2.0 Data-->
N/A



Thank you for this.
maax134
Active Member
 
Posts: 14
Joined: December 11th, 2009, 12:27 pm

Re: atapi.sys?

Unread postby xixo_12 » December 19th, 2009, 9:57 am

Hi,

First,
Multiple Anti-virus Programs
  • Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
  • Having two or more anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
  • Installed antivirus on your system:
    AVG Free 9.0
    Norton Security Center
    Panda Antivirus Pro 2010
  • Please remove the others and leave only one antivirus running now.

Next,
Uninstall Punkbuster
Please download this application.
  • Double click on pbsvc.exe > Click on Uninstall/Remove PunkBuster Service > Click on Next> > Click on I Agree > Click on Finish after the removal is done.
  • Once finished, click Start>Run and copy and paste this:
    Code: Select all
    cmd /c for %i in (A B K) do sc delete PnkBstr%i
  • Click OK. A black box will flash very briefly, this is normal.
  • Double click My Computer on your desktop and browse to c:\windows\system32\drivers
  • Delete this file if it's there: PnkBstrK.sys

Next,
Remove programs.
Please Click on Start > Control Panel > Add/Remove Programs
Remove the listed program(s) by clicking Remove
Ad-Aware SE Personal <<You can reinstall after the system is clean
TweakNow RegCleaner Standard

If some programs listed above are not in present, please do not panic and proceed to the next step.

Next,
Reboot.

Next,
RSIT by random/random.
Please download from HERE and save to the desktop.
  • Double-click on RSIT.exe to run the tool.
  • Click Continue at the disclaimer screen.
  • Once it finishes, two logs will open.
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post.
***You can find manually the log at C:\rsit

Next,
GMER.
Please download from HERE and save to the desktop.
  • Unzip/extract the file to its own folder.
  • Disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan,click NO.
  • Click on >>> symbol and choose on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

Next,
Checklist.
Please post.
  • Content of log.txt and info.txt (Find both in c:\rsit)
  • Content of GMER.txt
  • Can you describe how is your system behave?
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: atapi.sys?

Unread postby maax134 » December 19th, 2009, 3:07 pm

hi, i have the info.txt and log.txt but the computer crashed and rebooted after about 3 hours of scanning with the GMER tool



info.txt

info.txt logfile of random's system information tool 1.06 2009-12-19 14:17:16

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->Dummy
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD836E74-7923-4174-A055-F97CD0F3BB46}\Setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Add/Remove 4Good-->C:\MaxProg\ADDREM~1\UNWISE.EXE C:\MaxProg\ADDREM~1\INSTALL.LOG
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Photoshop Lightroom 3 Beta-->MsiExec.exe /I{FDB36203-5D80-4D03-9A84-673580CAF5A7}
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Battlefield 2: Special Forces-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x9 -removeonly
Battlefield 2142 Deluxe Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CardRecovery-->C:\PROGRA~1\CARDRE~1\UNWISE.EXE C:\PROGRA~1\CARDRE~1\INSTALL.LOG
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cisco Systems VPN Client 5.0.00.0340-->MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
COWON Media Center - jetAudio Basic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9 -removeonly
dBpowerAMP Musepack Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Musepack Codec.dat
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVgate Plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\Setup.exe" -l0x9
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
EAX(tm) Unified (SHELL)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX(tm) Unified (SHELL)\Uninst.isu"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Handy Recovery 4.0-->"C:\Program Files\SoftLogica\Handy Recovery\Uninstall.exe" "C:\Program Files\SoftLogica\Handy Recovery\install.log" -u
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HotKey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\Setup.exe" -l0x9
HP Smart Web Printing-->D:\Program Files\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Image Converter 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9155A84B-A94B-496E-9661-9978EB0CBC7C}\Setup.exe" /UNINSTALL
Image Stacker-->"C:\Program Files\ImgStack\unins000.exe"
iPod for Windows 2005-06-26-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{654F0312-CB3D-4FE2-962C-6BB9752E9146} /l1033
iPod for Windows 2006-01-10-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
J2SE Runtime Environment 5.0 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LAN-Express AS IEEE 802.11 Wireless LAN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}\Setup.exe" -l0x9
Last.fm 1.5.4.24567-->"C:\Program Files\Last.fm\unins000.exe"
Macromedia Flash Player-->MsiExec.exe /X{27579b3c-5470-4496-be6c-0c872674f19f}
Magic DVD Ripper V5.1.1 beta-->"D:\Program Files\MagicDVDRipper\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memory Stick Formatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\Setup.exe" -l0x9 /UNINSTALL
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)-->MsiExec.exe /X{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}
Microsoft SQL Server Desktop Engine (VAIO_VEDB)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
MoodLogic-->C:\WINDOWS\ml-uninstall-v10.exe
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenMG Limited Patch 4.1-05-13-31-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.1-05-13-31-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.1.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2F151B50-B434-4838-B51D-70442EBA093E} UNINSTALL
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photomatix Pro version 2.5.4-->"C:\Program Files\Photomatix\unins000.exe"
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pocket RAR documentation-->C:\Program Files\PocketRAR\uninstall.exe
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RadLight MPC DirectShow Filter (remove only)-->"C:\WINDOWS\system32\RadLightMPCUninstall.exe"
Rainlendar2 (remove only)-->"C:\Program Files\Rainlendar2\uninst.exe"
Rainmeter (remove only)-->"D:\Program Files\Rainmeter\uninst.exe"
RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"
Safari-->MsiExec.exe /I{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
SoftV92 Data Fax Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24D6&SUBSYS_816F104D\HXFSETUP.EXE -U -IVEN_8086&DEV_24D6&SUBSYS_816F104D
SonicStage 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SonicStage Mastering Studio 1.4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF3B304B-8A18-452D-A19F-6012CA8418D7}\Setup.exe" -l0x9
SonicStage Mastering Studio Audio Filter Custom Preset-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}\Setup.exe" -l0x9
SonicStage Mastering Studio Audio Filter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB467B85-4F52-48C2-AEED-0673D00417B0}\Setup.exe" -l0x9
SonicStage Mastering Studio Plugins-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}\Setup.exe" -l0x9
Sony MP4 Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe" -l0x9 -removeonly
Sony Utilities DLL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\Setup.exe" -l0x9
Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}\setup.exe" -l0x9 -removeonly
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Symantec Technical Support Web Controls-->MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
SyncroSoft Emu (Remove only)-->C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
Syncrosoft's License Control-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
TomTom HOME 2.5.2.60-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VAIO Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36B1F7D-3B51-4DBC-A4AE-F25B06DF2AD1}\Setup.exe" -l0x9
VAIO Edit Components-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01AE599F-7B72-4135-8C56-9191F4ACBA88}\setup.exe" -l0x9 -removeonly
VAIO Entertainment Platform-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}\setup.exe" -l0x9
VAIO Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A43F939E-A863-433D-AC78-0897E44CFEB2}\setup.exe" -l0x9
VAIO Media 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\Setup.exe" -l0x9 UNINSTALL
VAIO Media AC3 Decoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Redistribution 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Registration Tool 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x9 UNINSTALL
VAIO Online Registration (English)-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{668B1BD6-4593-4959-970E-249AFFE6F35C} /l1033
VAIO Original Screen Saver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}\Setup.exe" -l0x9
VAIO Product Survey-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9080C5D2-82FA-452A-87FA-CBB4B05D67A5} /l1033
VAIO TV Tuner Library 1.4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC6E3CD5-A93D-44EA-85AE-894C1603B7E2}\setup.exe"
VAIO Update 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\Setup.exe" -l0x9
VAIO Zone Remote Commander-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E09E82C3-6C4D-45B0-8790-BBBEE39F1A3C}\Setup.exe" -l0x9
VAIO Zone-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED8D39F2-7FFA-45EC-B148-EF2472955BB4}\Setup.exe" -l0x9
VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VirbTunes-->"C:\Program Files\iTunes\Plug-ins\VirbTunes\VirbTunes-Uninstall.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wireless LAN Starter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}\Setup.exe" -l0x9
XviD 1.1 final uninstall-->"C:\Program Files\XviD\unins000.exe"

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: MAX
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 93398
Source Name: Service Control Manager
Time Written: 20091211190953.000000+000
Event Type: error
User:

Computer Name: MAX
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 93395
Source Name: Service Control Manager
Time Written: 20091211190953.000000+000
Event Type: error
User:

Computer Name: MAX
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 93392
Source Name: Service Control Manager
Time Written: 20091211190953.000000+000
Event Type: error
User:

Computer Name: MAX
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 93389
Source Name: Service Control Manager
Time Written: 20091211190953.000000+000
Event Type: error
User:

Computer Name: MAX
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 93386
Source Name: Service Control Manager
Time Written: 20091211190953.000000+000
Event Type: error
User:

=====Application event log=====

Computer Name: MAX
Event Code: 202
Message: Failed to register data of file/folder.
Its format is not supported.
D:\My Documents\MUSIC\iTunes\iTunes Music Library.xml

Record Number: 165642
Source Name: VzFw
Time Written: 20091130203429.000000+000
Event Type: warning
User:

Computer Name: MAX
Event Code: 202
Message: Failed to register data of file/folder.
Its format is not supported.
D:\My Documents\MUSIC\iTunes\iTunes Music Library.xml

Record Number: 165641
Source Name: VzFw
Time Written: 20091130203429.000000+000
Event Type: warning
User:

Computer Name: MAX
Event Code: 202
Message: Failed to register data of file/folder.
Its format is not supported.
D:\My Documents\MUSIC\iTunes\iTunes Library.itl

Record Number: 165640
Source Name: VzFw
Time Written: 20091130203428.000000+000
Event Type: warning
User:

Computer Name: MAX
Event Code: 202
Message: Failed to register data of file/folder.
Its format is not supported.
D:\My Documents\MUSIC\iTunes\iTunes Music Library.xml

Record Number: 165639
Source Name: VzFw
Time Written: 20091130202730.000000+000
Event Type: warning
User:

Computer Name: MAX
Event Code: 202
Message: Failed to register data of file/folder.
Its format is not supported.
D:\My Documents\MUSIC\iTunes\iTunes Library.itl

Record Number: 165638
Source Name: VzFw
Time Written: 20091130202728.000000+000
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN;C:\PROGRAM FILES\SAMSUNG\SAMSUNG PC STUDIO 3;C:\PROGRAM FILES\QUICKTIME\QTSYSTEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"BitRock"=1
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

log.txt in next reply
Last edited by maax134 on December 19th, 2009, 3:12 pm, edited 2 times in total.
maax134
Active Member
 
Posts: 14
Joined: December 11th, 2009, 12:27 pm

Re: atapi.sys?

Unread postby maax134 » December 19th, 2009, 3:09 pm

log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by FraserAdmin at 2009-12-19 14:17:01
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (30%) free of 29 GB
Total RAM: 1535 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:17:14, on 19/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\DOCUME~1\FRASER~1\LOCALS~1\Temp\ISSCAN\PskSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\FraserAdmin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\FraserAdmin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.com/en
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Program Files\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [TransBar] C:\Documents and Settings\FraserAdmin\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe /s
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\sony\image converter 2\menu.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Program Files\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\image converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PskSvcRetailInst - Panda Security, S.L. - C:\DOCUME~1\FRASER~1\LOCALS~1\Temp\ISSCAN\PskSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 12804 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\CCleaner.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1744570660-2264734944-1409443950-1008Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1744570660-2264734944-1409443950-1008UA.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - D:\Program Files\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-13 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-12 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-12 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-12 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - D:\Program Files\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-07-07 4136960]
"HKSERV.EXE"=C:\Program Files\Sony\HotKey Utility\HKserv.exe [2004-10-17 122880]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-12 144792]
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-22 385024]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-12-13 2033432]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-12-09 234856]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-09-03 3342336]
"TransBar"=C:\Documents and Settings\FraserAdmin\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe [2005-06-01 65536]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\SYSTEM32\avgrsstx.dll [2009-11-22 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll [2006-03-19 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\SYSTEM32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Last.fm\LastFM.exe"="C:\Program Files\Last.fm\LastFM.exe:*:Enabled:Last.fm"
"D:\Program Files\Rainmeter\Rainmeter.exe"="D:\Program Files\Rainmeter\Rainmeter.exe:*:Enabled:Rainmeter"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:vlc.exe"
"C:\Program Files\AC3Filter\ac3config.exe"="C:\Program Files\AC3Filter\ac3config.exe:*:Enabled:AC3Filter Config"
"D:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="D:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe"="D:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:*:Enabled:Battlefield 2142"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-12-19 14:17:01 ----D---- C:\rsit
2009-12-19 14:05:34 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-12-19 12:32:34 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-12-13 19:02:00 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-11 18:20:03 ----D---- C:\WINDOWS\Prefetch
2009-12-11 17:37:53 ----D---- C:\WINDOWS\system32\scripting
2009-12-11 17:37:53 ----D---- C:\WINDOWS\l2schemas
2009-12-11 17:37:52 ----D---- C:\WINDOWS\system32\en
2009-12-11 17:37:52 ----D---- C:\WINDOWS\system32\bits
2009-12-11 17:26:59 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-12-11 17:25:24 ----D---- C:\WINDOWS\EHome
2009-12-10 20:58:07 ----D---- C:\Program Files\Trend Micro
2009-12-10 20:58:03 ----SHD---- C:\RECYCLER
2009-12-10 20:52:42 ----A---- C:\ComboFix.txt
2009-12-10 20:34:58 ----A---- C:\Boot.bak
2009-12-10 20:34:44 ----RASHD---- C:\cmdcons
2009-12-10 20:33:18 ----A---- C:\WINDOWS\zip.exe
2009-12-10 20:33:18 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-12-10 20:33:18 ----A---- C:\WINDOWS\SWSC.exe
2009-12-10 20:33:18 ----A---- C:\WINDOWS\SWREG.exe
2009-12-10 20:33:18 ----A---- C:\WINDOWS\sed.exe
2009-12-10 20:33:18 ----A---- C:\WINDOWS\PEV.exe
2009-12-10 20:33:18 ----A---- C:\WINDOWS\NIRCMD.exe
2009-12-10 20:33:18 ----A---- C:\WINDOWS\MBR.exe
2009-12-10 20:33:18 ----A---- C:\WINDOWS\grep.exe
2009-12-10 20:32:39 ----D---- C:\WINDOWS\ERDNT
2009-12-10 20:29:29 ----D---- C:\Qoobox
2009-12-09 22:02:04 ----A---- C:\WINDOWS\system32\MRT.INI
2009-12-08 21:16:17 ----D---- C:\Documents and Settings\FraserAdmin\Application Data\Malwarebytes
2009-12-08 21:16:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-08 21:16:11 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-08 20:57:08 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-12-08 20:54:41 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2009-12-08 20:34:10 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2009-12-03 20:31:51 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2009-12-03 20:31:48 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$
2009-12-03 20:28:37 ----N---- C:\WINDOWS\system32\imapi2fs.dll
2009-12-03 20:28:37 ----N---- C:\WINDOWS\system32\imapi2.dll
2009-11-25 17:45:23 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-25 17:38:52 ----D---- C:\Program Files\QuickTime
2009-11-25 17:28:23 ----D---- C:\Program Files\Safari
2009-11-22 16:19:19 ----D---- C:\$AVG
2009-11-22 16:19:03 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-11-22 16:18:40 ----D---- C:\Program Files\AVG
2009-11-22 16:18:38 ----D---- C:\Documents and Settings\All Users\Application Data\avg9

======List of files/folders modified in the last 1 months======

2009-12-19 14:15:34 ----D---- C:\WINDOWS\Temp
2009-12-19 14:15:02 ----D---- C:\Program Files\Mozilla Firefox
2009-12-19 14:14:04 ----SD---- C:\WINDOWS\Tasks
2009-12-19 14:12:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-19 14:11:40 ----D---- C:\WINDOWS
2009-12-19 14:11:39 ----RD---- C:\Program Files
2009-12-19 14:11:39 ----D---- C:\Config.Msi
2009-12-19 14:11:30 ----SHD---- C:\WINDOWS\Installer
2009-12-19 14:10:14 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-12-19 14:05:35 ----D---- C:\WINDOWS\system32\drivers
2009-12-19 14:05:35 ----D---- C:\WINDOWS\system32
2009-12-19 12:32:36 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-19 08:59:15 ----D---- C:\Documents and Settings\FraserAdmin\Application Data\uTorrent
2009-12-18 17:35:32 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-17 16:36:11 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-12-14 21:38:33 ----D---- C:\WINDOWS\system32\wbem
2009-12-14 21:38:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-13 20:30:04 ----A---- C:\WINDOWS\win.ini
2009-12-13 20:26:27 ----D---- C:\Program Files\Common Files
2009-12-13 19:15:40 ----HD---- C:\WINDOWS\inf
2009-12-13 19:09:44 ----D---- C:\WINDOWS\Minidump
2009-12-12 09:39:58 ----D---- C:\WINDOWS\system32\LogFiles
2009-12-11 20:07:41 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-11 19:27:13 ----D---- C:\WINDOWS\Debug
2009-12-11 19:24:06 ----RSD---- C:\WINDOWS\assembly
2009-12-11 19:18:05 ----D---- C:\Program Files\Windows Media Player
2009-12-11 18:56:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-11 18:56:10 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-11 18:37:32 ----D---- C:\Program Files\Messenger
2009-12-11 18:33:26 ----D---- C:\Program Files\Outlook Express
2009-12-11 18:33:00 ----D---- C:\WINDOWS\system32\en-US
2009-12-11 18:33:00 ----D---- C:\Program Files\Internet Explorer
2009-12-11 18:19:38 ----D---- C:\WINDOWS\AppPatch
2009-12-11 18:19:37 ----D---- C:\WINDOWS\system32\Setup
2009-12-11 18:19:35 ----RSD---- C:\WINDOWS\Fonts
2009-12-11 18:03:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-11 17:48:53 ----D---- C:\WINDOWS\security
2009-12-11 17:38:17 ----D---- C:\WINDOWS\WinSxS
2009-12-11 17:38:07 ----D---- C:\WINDOWS\network diagnostic
2009-12-11 17:38:07 ----D---- C:\WINDOWS\ime
2009-12-11 17:38:07 ----D---- C:\WINDOWS\Help
2009-12-11 17:37:54 ----D---- C:\WINDOWS\system32\usmt
2009-12-11 17:37:52 ----D---- C:\WINDOWS\PeerNet
2009-12-11 17:37:52 ----D---- C:\Program Files\Movie Maker
2009-12-11 17:35:17 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-11 17:35:11 ----D---- C:\WINDOWS\system32\Restore
2009-12-11 17:35:10 ----D---- C:\WINDOWS\system32\npp
2009-12-11 17:35:08 ----D---- C:\WINDOWS\msagent
2009-12-11 17:35:07 ----D---- C:\WINDOWS\srchasst
2009-12-11 17:35:03 ----D---- C:\Program Files\NetMeeting
2009-12-11 17:35:02 ----D---- C:\WINDOWS\system32\Com
2009-12-11 17:34:59 ----D---- C:\Program Files\Windows NT
2009-12-11 17:34:56 ----D---- C:\Program Files\Common Files\System
2009-12-11 17:34:36 ----D---- C:\WINDOWS\system32\oobe
2009-12-11 17:34:34 ----D---- C:\WINDOWS\system
2009-12-11 17:30:44 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-10 20:46:20 ----A---- C:\WINDOWS\system.ini
2009-12-10 20:43:15 ----D---- C:\WINDOWS\system32\config
2009-12-10 20:34:58 ----RASH---- C:\boot.ini
2009-12-09 21:58:34 ----D---- C:\Documents and Settings\FraserAdmin\Application Data\HPAppData
2009-12-09 16:49:31 ----D---- C:\WINDOWS\mui
2009-12-01 20:06:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-25 19:23:39 ----D---- C:\Documents and Settings\FraserAdmin\Application Data\Apple Computer
2009-11-25 17:47:29 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-25 17:47:26 ----D---- C:\Program Files\iTunes
2009-11-25 17:46:03 ----D---- C:\Program Files\iPod
2009-11-25 17:46:01 ----D---- C:\Program Files\Common Files\Apple
2009-11-22 16:24:43 ----D---- C:\Documents and Settings\FraserAdmin\Application Data\Samsung
2009-11-22 16:18:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-11-22 15:52:31 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-11-22 15:45:34 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-11-22 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-11-22 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-11-22 360584]
R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-06 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-04-08 54272]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-21 16512]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-10-14 1043072]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2003-10-14 197120]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-07-07 2484352]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-06-13 45568]
R3 smrt;Sony MPEG RealTime encoder board; C:\WINDOWS\system32\DRIVERS\smrt.sys [2005-01-31 786816]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\system32\DRIVERS\SonyNC.sys [2000-11-09 48896]
R3 tifmsony;tifmsony; C:\WINDOWS\system32\drivers\tifmsony.sys [2005-01-06 52736]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-10-14 679808]
S2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys []
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2003-09-23 7296]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 kbeepm;kbeepm; \??\C:\DOCUME~1\Max\LOCALS~1\Temp\kbeepm.sys []
S3 LEX_AS_NIC_SERVICE_YNOS;LAN-Express AS IEEE 802.11g Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ExpasAG.sys [2004-08-05 392544]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RkPavproc1;RkPavproc1; \??\C:\WINDOWS\system32\drivers\RkPavproc1.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-11-22 285392]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-12 147456]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 7520337]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-07-07 114754]
R2 PskSvcRetailInst;PskSvcRetailInst; C:\DOCUME~1\FRASER~1\LOCALS~1\Temp\ISSCAN\PskSvc.exe [2009-08-25 28928]
R2 VAIO Entertainment Task Scheduler;VAIO Entertainment Task Scheduler; C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe [2005-02-10 397312]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2005-02-09 167936]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2005-02-09 135168]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
R3 VAIO Entertainment Aggregation and Control Service;VAIO Entertainment Aggregation and Control Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe [2005-02-09 143360]
R3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2005-02-09 73728]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2005-02-09 270336]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 VCI;VAIO Cooporated Initialisation; C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe [2005-01-04 398336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-23 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\image converter 2\IcVzMon.exe [2005-02-24 32768]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-01-26 53337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-01-26 53337]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-01-26 69718]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 311872]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2005-01-24 69632]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2005-01-14 1839104]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2005-01-14 57344]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2005-01-14 745472]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2005-01-14 188416]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
maax134
Active Member
 
Posts: 14
Joined: December 11th, 2009, 12:27 pm

Re: atapi.sys?

Unread postby xixo_12 » December 20th, 2009, 8:16 am

Hi,

First,
Discussion.
I saw there is a sign of usage the ComboFix. Why it has been used?
Please let me know about it.

Next,
Content of the log.
  • Copy the code as below by right click > copy:
    Code: Select all
    C:\ComboFix.txt
  • Click on start > Run....
  • Paste the code into the box and click OK.
  • The file will be open. Copy and paste the content in your next reply.

Next,
Checklist.
Please post.
  • Response to the Discussion
  • Content of ComboFix.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: atapi.sys?

Unread postby maax134 » December 20th, 2009, 8:58 am

Probably a stupid idea, but i ran it to get the log from it, in some hope someone could check the log and attempt to get my computer stable again.

here is the log file:

ComboFix 09-12-09.04 - FraserAdmin 10/12/2009 20:38:32.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1535.1037 [GMT 0:00]
Running from: c:\documents and settings\FraserAdmin\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\FraserAdmin\Local Settings\Application Data\{DB1436ED-02C2-4B9B-91DE-518CDF49160A}
c:\documents and settings\FraserAdmin\Local Settings\Application Data\{DB1436ED-02C2-4B9B-91DE-518CDF49160A}\chrome.manifest
c:\documents and settings\FraserAdmin\Local Settings\Application Data\{DB1436ED-02C2-4B9B-91DE-518CDF49160A}\chrome\content\_cfg.js
c:\documents and settings\FraserAdmin\Local Settings\Application Data\{DB1436ED-02C2-4B9B-91DE-518CDF49160A}\chrome\content\overlay.xul
c:\documents and settings\FraserAdmin\Local Settings\Application Data\{DB1436ED-02C2-4B9B-91DE-518CDF49160A}\install.rdf
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NNSERV
-------\Service_NNServ


((((((((((((((((((((((((( Files Created from 2009-11-10 to 2009-12-10 )))))))))))))))))))))))))))))))
.

2009-12-10 20:37 . 2009-12-10 20:37 -------- d-----w- c:\windows\LastGood.Tmp
2009-12-10 19:12 . 2009-09-21 15:59 3101560 ----a-w- c:\documents and settings\FraserAdmin\Application Data\Simply Super Software\Trojan Remover\shnBD.exe
2009-12-09 21:58 . 2009-12-09 21:58 -------- d-----w- c:\documents and settings\FraserAdmin\Local Settings\Application Data\Threat Expert
2009-12-08 21:16 . 2009-12-08 21:16 -------- d-----w- c:\documents and settings\FraserAdmin\Application Data\Malwarebytes
2009-12-08 21:16 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-08 21:16 . 2009-12-08 21:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-08 21:16 . 2009-12-08 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-08 21:16 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-08 20:57 . 2009-12-10 20:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-08 20:54 . 2006-06-19 13:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-12-08 20:54 . 2006-05-25 15:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-12-08 20:54 . 2005-08-26 01:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-12-08 20:54 . 2003-02-02 20:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-12-08 20:54 . 2002-03-06 01:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-12-08 20:54 . 2009-12-08 20:54 -------- d-----w- c:\program files\Trojan Remover
2009-12-08 20:54 . 2009-12-08 20:54 -------- d-----w- c:\documents and settings\FraserAdmin\Application Data\Simply Super Software
2009-12-08 20:54 . 2009-12-08 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-12-08 20:34 . 2009-12-08 20:34 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-08 19:27 . 2009-12-08 19:27 -------- d-----w- c:\documents and settings\Administrator.YEVGENYOBLASTRI.000\Local Settings\Application Data\Mozilla
2009-12-08 18:47 . 2009-12-08 20:48 120 ----a-w- c:\windows\Cwerigihagonaman.dat
2009-12-08 18:47 . 2009-12-08 18:47 0 ----a-w- c:\windows\Qsugirikijir.bin
2009-12-03 20:31 . 2008-11-07 18:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-12-03 20:30 . 2009-12-03 20:31 -------- d-----w- c:\program files\Zune
2009-12-03 20:28 . 2008-05-02 13:30 464384 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2009-12-03 20:28 . 2008-05-02 13:30 464384 ------w- c:\windows\system32\imapi2fs.dll
2009-12-03 20:28 . 2008-05-02 13:30 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2009-12-03 20:28 . 2008-05-02 13:30 317952 ------w- c:\windows\system32\imapi2.dll
2009-12-02 21:35 . 2009-11-19 11:48 872960 ----a-w- c:\documents and settings\FraserAdmin\Application Data\Mozilla\Firefox\Profiles\vaad1ktc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-02 21:35 . 2009-11-19 11:48 43008 ----a-w- c:\documents and settings\FraserAdmin\Application Data\Mozilla\Firefox\Profiles\vaad1ktc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-02 21:35 . 2009-11-19 11:48 340480 ----a-w- c:\documents and settings\FraserAdmin\Application Data\Mozilla\Firefox\Profiles\vaad1ktc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-02 21:35 . 2009-11-19 11:48 346624 ----a-w- c:\documents and settings\FraserAdmin\Application Data\Mozilla\Firefox\Profiles\vaad1ktc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-25 17:45 . 2009-11-25 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-25 17:38 . 2009-11-25 17:40 -------- d-----w- c:\program files\QuickTime
2009-11-25 17:30 . 2009-11-25 17:30 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-25 17:28 . 2009-12-08 19:22 -------- d-----w- c:\program files\Safari
2009-11-25 17:26 . 2009-11-25 17:26 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-23 16:28 . 2009-11-22 16:18 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-23 16:28 . 2009-11-22 16:18 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-23 16:26 . 2009-11-24 16:26 79488 ----a-w- c:\documents and settings\FraserAdmin\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-23 16:25 . 2009-11-22 16:18 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-11-23 16:25 . 2009-11-22 16:18 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-22 16:19 . 2009-11-25 17:01 -------- d-----w- C:\$AVG
2009-11-22 16:19 . 2009-11-22 16:19 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-22 16:19 . 2009-11-22 16:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-22 16:18 . 2009-11-22 16:18 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-22 16:18 . 2009-11-22 16:18 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-22 16:18 . 2009-12-09 17:12 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-22 16:18 . 2009-11-22 16:18 -------- d-----w- c:\program files\AVG
2009-11-22 16:18 . 2009-12-09 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-22 15:52 . 2009-11-22 15:52 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 18:07 . 2004-08-03 22:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-09 21:58 . 2008-07-30 12:28 -------- d-----w- c:\documents and settings\FraserAdmin\Application Data\HPAppData
2009-12-09 21:54 . 2008-12-09 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-09 18:35 . 2009-12-09 17:33 -------- d-----w- c:\program files\Spyware Doctor
2009-12-09 18:35 . 2009-12-09 17:33 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-09 18:35 . 2009-12-09 18:35 -------- d-----w- c:\documents and settings\FraserAdmin\Application Data\PC Tools
2009-12-09 18:35 . 2009-12-09 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-12-08 20:31 . 2009-12-08 20:31 20 ----a-w- c:\documents and settings\LocalService\Application Data\fvgqad.dat
2009-12-08 18:43 . 2009-12-08 18:43 20 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat
2009-12-08 18:43 . 2009-12-08 18:43 8 ----a-w- c:\documents and settings\FraserAdmin\Application Data\avdrn.dat
2009-12-06 20:30 . 2005-09-06 13:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\Sony Corporation
2009-12-04 16:47 . 2008-09-27 14:57 -------- d-----w- c:\documents and settings\FraserAdmin\Application Data\uTorrent
2009-12-03 20:32 . 2009-12-03 20:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf
2009-12-03 20:31 . 2009-12-03 20:31 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-11-25 19:23 . 2006-06-14 14:26 -------- d-----w- c:\documents and settings\FraserAdmin\Application Data\Apple Computer
2009-11-25 18:46 . 2006-08-21 22:01 66952 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-25 17:47 . 2006-08-17 23:20 -------- d-----w- c:\program files\iTunes
2009-11-25 17:46 . 2005-09-06 14:38 -------- d-----w- c:\program files\iPod
2009-11-25 17:46 . 2007-09-07 17:27 -------- d-----w- c:\program files\Common Files\Apple
2009-11-23 19:04 . 2005-03-01 20:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-22 16:24 . 2007-05-05 22:13 -------- d-----w- c:\documents and settings\FraserAdmin\Application Data\Samsung
2009-11-22 15:54 . 2005-03-02 09:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-22 15:52 . 2005-03-02 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-22 15:52 . 2005-03-02 09:19 -------- d-----w- c:\program files\Symantec
2009-11-22 15:45 . 2007-03-02 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-11-12 20:18 . 2007-04-03 20:30 138736 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-12 20:17 . 2007-04-03 19:45 188968 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-10 10:28 . 2009-12-09 17:37 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-10 10:28 . 2009-12-09 17:37 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-10 10:28 . 2009-12-09 17:37 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-11-10 10:26 . 2009-12-09 17:37 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-09 17:54 . 2005-03-21 08:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-09 11:20 . 2009-12-09 17:33 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-01 16:28 . 2009-11-01 16:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-30 16:35 . 2009-10-30 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-10-30 16:35 . 2008-07-05 19:47 -------- d-----w- c:\program files\Electronic Arts
2009-10-30 11:11 . 2009-12-09 17:33 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-28 18:42 . 2009-10-28 18:42 -------- d-----w- c:\program files\Audacity
2009-10-28 01:36 . 2009-12-09 17:37 1152444 ----a-w- c:\windows\UDB.zip
2009-10-06 16:31 . 2009-12-09 17:33 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe -silent" [X]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"TransBar"="c:\documents and settings\FraserAdmin\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe" [2005-06-01 65536]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe -launchedbylogin" [X]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe -atboottime" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-07 4136960]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2004-10-17 122880]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-12 144792]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-22 2020120]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-17 1070984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-21 778240]

c:\documents and settings\Administrator.YEVGENYOBLASTRI.000\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-21 778240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-10-1 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-22 16:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2006-03-19 11:37 110592 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"d:\\Program Files\\Rainmeter\\Rainmeter.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\AC3Filter\\ac3config.exe"=
"d:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [09/12/2009 17:33 207792]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/02/2007 21:37 639224]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22/11/2009 16:18 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22/11/2009 16:19 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22/11/2009 16:18 285392]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [09/12/2009 17:37 112592]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [05/09/2007 17:54 33792]
S3 kbeepm;kbeepm;\??\c:\docume~1\Max\LOCALS~1\Temp\kbeepm.sys --> c:\docume~1\Max\LOCALS~1\Temp\kbeepm.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [09/12/2009 17:33 359624]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/cust ... _side.html
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.com/en
uInternet Settings,ProxyOverride = 127.0.0.1;*.local;<local>
uInternet Settings,ProxyServer = 127.0.0.1:8118
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 - c:\program files\sony\image converter 2\menu.htm
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\FraserAdmin\Application Data\Mozilla\Firefox\Profiles\vaad1ktc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.afreesearch.com/search/?ie=U ... &gfns=1&q=
FF - component: c:\documents and settings\FraserAdmin\Application Data\Mozilla\Firefox\Profiles\vaad1ktc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\FraserAdmin\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL - hxxp://www.afreesearch.com/search/?ie=U ... &gfns=1&q=
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Google Update - c:\documents and settings\FraserAdmin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-10 20:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x8989D1D8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bfc3
\Driver\ACPI -> ACPI.sys @ 0xf74bfcb8
\Driver\atapi -> prosync1.sys @ 0xf798f661
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059e1a2
ParseProcedure -> ntoskrnl.exe @ 0x8057c745
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059e1a2
ParseProcedure -> ntoskrnl.exe @ 0x8057c745
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xbae5cbc3
PacketIndicateHandler -> NDIS.sys @ 0xbae68b21
SendHandler -> NDIS.sys @ 0xbae5cd33
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1744570660-2264734944-1409443950-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5EF32064-B535-E37F-0D69-B32619DA4DEB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oalcieohkednceopgflipahmhkldle"=hex:64,61,6d,6d,68,62,6d,65,00,50
"oapplbeefapmhjnoogpomebdjopeko"=hex:6a,61,6c,6d,6c,62,62,66,6f,61,6b,61,63,6f,
64,68,70,6e,68,61,00,fd
"nafanahpckklkimkhambphlnlale"=hex:69,61,62,6c,6f,61,67,62,6b,6d,68,66,6f,6a,
6d,64,70,66,00,00

[HKEY_USERS\S-1-5-21-1744570660-2264734944-1409443950-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:68,ed,4c,fc,40,9e,ad,19,51,72,f0,8e,60,22,9c,fa,86,6d,89,52,fe,bd,e8,
4f,e5,2d,bf,1a,1a,33,df,42,3f,2d,93,f7,2c,96,f8,b2,1b,6a,19,30,00,8b,73,aa,\
"??"=hex:3f,eb,b2,a8,d5,51,4b,c2,1b,01,ec,08,0f,18,11,95

[HKEY_USERS\S-1-5-21-1744570660-2264734944-1409443950-1008\Software\SecuROM\License information*]
"datasecu"=hex:b0,0b,47,35,f5,12,fc,2c,1e,73,17,23,28,f3,c9,8c,a1,cd,0c,f7,87,
ba,6e,b5,98,67,7c,16,6f,4d,83,52,43,75,15,b7,2a,29,9c,fd,f7,41,37,6a,19,b1,\
"rkeysecu"=hex:17,0c,8b,a8,75,cb,05,56,56,b0,06,85,72,9c,ba,40

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'explorer.exe'(1248)
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Sony\vaio entertainment\VzTaskScheduler.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\program files\Sony\HotKey Utility\HKWnd.exe
c:\program files\Electronic Arts\EADM\Core.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
.
**************************************************************************
.
Completion time: 2009-12-10 20:52:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-10 20:52

Pre-Run: 3,335,733,248 bytes free
Post-Run: 3,945,619,456 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 457660A2CE35EA14F84ECA9A90D172EE
maax134
Active Member
 
Posts: 14
Joined: December 11th, 2009, 12:27 pm

Re: atapi.sys?

Unread postby xixo_12 » December 21st, 2009, 7:26 am

Hi,

***Important :
  • If you still have the old copy of ComboFix, please delete it now.


First,
ERUNT by Lars Hederer
Download ERUNT and save to the desktop.
  • Double click on erunt-setup.exe to install the program.
  • Follow the prompts > uncheck Create NTREGOPT desktop icon at the Additional Tasks screen.
  • Click No when you are prompted about creating an ERUNT entry in the startup folder.
  • Next screen, uncheck Show documentation and check Launch ERUNT.
  • If ERUNT doesnt start by itself, launch it from the desktop shortcut.
  • At the configuration screen, make sure all 3 checkboxes are checked
  • Click Ok to run the backup process

Note:
The backups can be restored from here:
C:\windows\ERDNT\<todays date>\ERDNT.exe

Next,
ComboFix
Download ComboFix from the link provided. (DO NOT download ComboFix from anywhere else, only via the provided link)
Save as ComboFix.exe
Link 1

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus/AntiSpyware/Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on Combo-Fix.exe & follow the prompts
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Next,
Checklist.
  • Content of ComboFix.txt
  • Your personal description about how the system behave now.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: atapi.sys?

Unread postby maax134 » December 21st, 2009, 9:42 am

Combo Fix log:

ComboFix 09-12-20.04 - FraserAdmin 21/12/2009 13:25:06.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1535.1080 [GMT 0:00]
Running from: c:\documents and settings\FraserAdmin\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\FraserAdmin\Application Data\avdrn.dat
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_RDPWD
-------\Service_TDTCP


((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 )))))))))))))))))))))))))))))))
.

2009-12-21 13:15 . 2009-12-21 13:15 -------- d-----w- c:\program files\ERUNT
2009-12-19 14:17 . 2009-12-19 14:17 -------- d-----w- C:\rsit
2009-12-19 14:05 . 2009-12-19 14:05 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-12-19 12:32 . 2009-12-19 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-12-11 18:03 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-11 18:02 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-11 18:02 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-11 18:02 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-11 18:02 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-11 18:02 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-11 18:02 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-11 18:02 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-12-11 18:02 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-11 18:02 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-11 18:01 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-11 18:00 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-11 18:00 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-11 18:00 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-11 17:59 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-11 17:59 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-11 17:59 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-11 17:59 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-11 17:59 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-11 17:37 . 2009-12-11 17:37 -------- d-----w- c:\windows\system32\scripting
2009-12-11 17:37 . 2009-12-11 17:37 -------- d-----w- c:\windows\l2schemas
2009-12-11 17:37 . 2009-12-11 17:37 -------- d-----w- c:\windows\system32\en
2009-12-11 17:37 . 2009-12-11 17:37 -------- d-----w- c:\windows\system32\bits
2009-12-11 17:25 . 2009-12-11 17:25 -------- d-----w- c:\windows\EHome
2009-12-10 20:58 . 2009-12-10 20:58 -------- d-----w- c:\program files\Trend Micro
2009-12-09 21:58 . 2009-12-09 21:58 -------- d-----w- c:\documents and settings\FraserAdmin\Local Settings\Application Data\Threat Expert
2009-12-08 21:16 . 2009-12-08 21:16 -------- d-----w- c:\documents and settings\FraserAdmin\Application Data\Malwarebytes
2009-12-08 21:16 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-08 21:16 . 2009-12-08 21:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-08 21:16 . 2009-12-08 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-08 21:16 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-08 20:57 . 2009-12-11 19:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-08 20:54 . 2009-12-08 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-12-08 20:34 . 2009-12-08 20:34 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-08 19:27 . 2009-12-08 19:27 -------- d-----w- c:\documents and settings\Administrator.YEVGENYOBLASTRI.000\Local Settings\Application Data\Mozilla
2009-12-08 18:47 . 2009-12-08 20:48 120 ----a-w- c:\windows\Cwerigihagonaman.dat
2009-12-08 18:47 . 2009-12-08 18:47 0 ----a-w- c:\windows\Qsugirikijir.bin
2009-12-03 20:31 . 2008-11-07 18:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-12-03 20:28 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2009-12-03 20:28 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2009-12-03 20:28 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2009-12-03 20:28 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2009-12-03 20:28 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2009-11-25 17:45 . 2009-11-25 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-25 17:38 . 2009-11-25 17:40 -------- d-----w- c:\program files\QuickTime
2009-11-25 17:28 . 2009-12-08 19:22 -------- d-----w- c:\program files\Safari
2009-11-22 16:19 . 2009-11-25 17:01 -------- d-----w- C:\$AVG
2009-11-22 16:19 . 2009-11-22 16:19 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-22 16:19 . 2009-11-22 16:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-22 16:18 . 2009-11-22 16:18 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-22 16:18 . 2009-11-22 16:18 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-22 16:18 . 2009-12-21 09:41 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-22 16:18 . 2009-11-22 16:18 -------- d-----w- c:\program files\AVG
2009-11-22 16:18 . 2009-12-17 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 19:39 . 2008-12-09 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-19 14:10 . 2005-03-02 09:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-19 08:59 . 2008-09-27 14:57 -------- d-----w- c:\documents and settings\FraserAdmin\Application Data\uTorrent
2009-12-18 19:25 . 2005-09-06 13:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\Sony Corporation
2009-12-18 17:35 . 2005-03-01 20:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-18 16:38 . 2009-11-23 16:26 79488 ----a-w- c:\documents and settings\FraserAdmin\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-13 17:00 . 2009-12-13 17:01 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2009-12-11 17:43 . 2005-12-06 16:30 84136 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-12-11 17:40 . 2005-03-01 19:24 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-11 16:21 . 2009-11-23 16:25 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-12-11 16:21 . 2009-12-11 16:21 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2009-12-11 16:21 . 2009-11-23 16:25 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-12-09 21:58 . 2008-07-30 12:28 -------- d-----w- c:\documents and settings\FraserAdmin\Application Data\HPAppData
2009-12-08 20:31 . 2009-12-08 20:31 20 ----a-w- c:\documents and settings\LocalService\Application Data\fvgqad.dat
2009-12-08 18:43 . 2009-12-08 18:43 20 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat
2009-12-03 20:32 . 2009-12-03 20:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf
2009-12-03 20:31 . 2009-12-03 20:31 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-11-25 19:23 . 2006-06-14 14:26 -------- d-----w- c:\documents and settings\FraserAdmin\Application Data\Apple Computer
2009-11-25 18:46 . 2006-08-21 22:01 66952 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-25 17:47 . 2006-08-17 23:20 -------- d-----w- c:\program files\iTunes
2009-11-25 17:46 . 2005-09-06 14:38 -------- d-----w- c:\program files\iPod
2009-11-25 17:46 . 2007-09-07 17:27 -------- d-----w- c:\program files\Common Files\Apple
2009-11-25 17:30 . 2009-11-25 17:30 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-25 17:26 . 2009-11-25 17:26 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-23 16:25 . 2009-11-23 16:28 3963160 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-22 16:24 . 2007-05-05 22:13 -------- d-----w- c:\documents and settings\FraserAdmin\Application Data\Samsung
2009-11-22 15:52 . 2005-03-02 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-22 15:45 . 2007-03-02 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-11-19 11:48 . 2009-12-02 21:35 872960 ----a-w- c:\documents and settings\FraserAdmin\Application Data\Mozilla\Firefox\Profiles\vaad1ktc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 11:48 . 2009-12-02 21:35 43008 ----a-w- c:\documents and settings\FraserAdmin\Application Data\Mozilla\Firefox\Profiles\vaad1ktc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 11:48 . 2009-12-02 21:35 340480 ----a-w- c:\documents and settings\FraserAdmin\Application Data\Mozilla\Firefox\Profiles\vaad1ktc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 11:48 . 2009-12-02 21:35 346624 ----a-w- c:\documents and settings\FraserAdmin\Application Data\Mozilla\Firefox\Profiles\vaad1ktc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-09 17:54 . 2005-03-21 08:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-30 16:35 . 2009-10-30 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-10-30 16:35 . 2008-07-05 19:47 -------- d-----w- c:\program files\Electronic Arts
2009-10-29 07:46 . 2005-03-01 11:08 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2005-03-01 11:08 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2005-03-01 11:08 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-28 18:42 . 2009-10-28 18:42 -------- d-----w- c:\program files\Audacity
2009-10-21 05:38 . 2005-03-01 11:08 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2005-03-01 11:08 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2005-03-01 11:08 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2005-03-01 11:08 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2005-03-01 11:08 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"TransBar"="c:\documents and settings\FraserAdmin\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe" [2005-06-01 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-07 4136960]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2004-10-17 122880]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-12 144792]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-13 2033432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator.YEVGENYOBLASTRI.000\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-21 778240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-10-1 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-22 16:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2006-03-19 11:37 110592 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"d:\\Program Files\\Rainmeter\\Rainmeter.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\AC3Filter\\ac3config.exe"=
"d:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/02/2007 21:37 639224]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22/11/2009 16:18 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22/11/2009 16:19 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22/11/2009 16:18 285392]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [05/09/2007 17:54 33792]
S2 PskSvcRetailInst;PskSvcRetailInst;c:\docume~1\FRASER~1\LOCALS~1\Temp\ISSCAN\PskSvc.exe --> c:\docume~1\FRASER~1\LOCALS~1\Temp\ISSCAN\PskSvc.exe [?]
S3 kbeepm;kbeepm;\??\c:\docume~1\Max\LOCALS~1\Temp\kbeepm.sys --> c:\docume~1\Max\LOCALS~1\Temp\kbeepm.sys [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/cust ... _side.html
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.com/en
uInternet Settings,ProxyOverride = 127.0.0.1;*.local;<local>
uInternet Settings,ProxyServer = 127.0.0.1:8118
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 - c:\program files\sony\image converter 2\menu.htm
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\FraserAdmin\Application Data\Mozilla\Firefox\Profiles\vaad1ktc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.afreesearch.com/search/?ie=U ... &gfns=1&q=
FF - component: c:\documents and settings\FraserAdmin\Application Data\Mozilla\Firefox\Profiles\vaad1ktc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\FraserAdmin\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL - hxxp://www.afreesearch.com/search/?ie=U ... &gfns=1&q=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 13:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys sptd.sys >>UNKNOWN [0x8A5357AC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf74bfcb8
\Driver\atapi -> prosync1.sys @ 0xf798f661
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xbaf45bd4
PacketIndicateHandler -> NDIS.sys @ 0xbaf51a21
SendHandler -> NDIS.sys @ 0xbaf45d44
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1744570660-2264734944-1409443950-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5EF32064-B535-E37F-0D69-B32619DA4DEB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oalcieohkednceopgflipahmhkldle"=hex:64,61,6d,6d,68,62,6d,65,00,50
"oapplbeefapmhjnoogpomebdjopeko"=hex:6a,61,6c,6d,6c,62,62,66,6f,61,6b,61,63,6f,
64,68,70,6e,68,61,00,fd
"nafanahpckklkimkhambphlnlale"=hex:69,61,62,6c,6f,61,67,62,6b,6d,68,66,6f,6a,
6d,64,70,66,00,00

[HKEY_USERS\S-1-5-21-1744570660-2264734944-1409443950-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:68,ed,4c,fc,40,9e,ad,19,51,72,f0,8e,60,22,9c,fa,86,6d,89,52,fe,bd,e8,
4f,e5,2d,bf,1a,1a,33,df,42,3f,2d,93,f7,2c,96,f8,b2,1b,6a,19,30,00,8b,73,aa,\
"??"=hex:3f,eb,b2,a8,d5,51,4b,c2,1b,01,ec,08,0f,18,11,95

[HKEY_USERS\S-1-5-21-1744570660-2264734944-1409443950-1008\Software\SecuROM\License information*]
"datasecu"=hex:b0,0b,47,35,f5,12,fc,2c,1e,73,17,23,28,f3,c9,8c,a1,cd,0c,f7,87,
ba,6e,b5,98,67,7c,16,6f,4d,83,52,43,75,15,b7,2a,29,9c,fd,f7,41,37,6a,19,b1,\
"rkeysecu"=hex:17,0c,8b,a8,75,cb,05,56,56,b0,06,85,72,9c,ba,40

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'explorer.exe'(3944)
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Sony\vaio entertainment\VzTaskScheduler.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\HotKey Utility\HKWnd.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
.
**************************************************************************
.
Completion time: 2009-12-21 13:39:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-21 13:38
ComboFix2.txt 2009-12-10 20:52

Pre-Run: 9,390,116,864 bytes free
Post-Run: 9,486,323,712 bytes free

- - End Of File - - AB1C6C59CE1D99F18FA1272C75F32DEF

System Behavior

Everything seems to be OK, it no longer crashes and everything runs smoothly.
maax134
Active Member
 
Posts: 14
Joined: December 11th, 2009, 12:27 pm

Re: atapi.sys?

Unread postby xixo_12 » December 21st, 2009, 6:59 pm

Hi,

First,
Analyze file(s).
Please visit Jotti.
Click on browse > copy below link (one by one) and paste on the File name box > Click Open:
c:\windows\system32\GDIPFONTCACHEV1.DAT

  • Press Submit file - this will submit the file for testing.
  • Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image

Next,
CFScript

***Important :
  • Disable your AntiVirus/AntiSpyware/Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Enable your AntiVirus/AntiSpyware/Firewall applications, after you are done with all instruction.

Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code: Select all
Driver::
PskSvcRetailInst
kbeepm
RkPavproc1
File::
c:\windows\system32\drivers\RkPavproc1.sys
c:\windows\system32\fjhdyfhsn.bat
c:\windows\Cwerigihagonaman.dat
c:\windows\Qsugirikijir.bin
c:\documents and settings\LocalService\Application Data\fvgqad.dat
c:\documents and settings\NetworkService\Application Data\fvgqad.dat
Folder::
c:\documents and settings\FraserAdmin\Application Data\uTorrent
d:\Program Files\uTorrent
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\uTorrent\\uTorrent.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
"5353:TCP"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Image

Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Next,
ATF by Atribune
Please download HERE and save to the desktop. Double-click ATF Cleaner.exe to open it.
Under Main choose:
    choose: Select All
    Click the Empty Selected button.
if you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program

Next,
Checklist.
Please post.
  • Web address (Upload file)
  • Content of ComboFix.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: atapi.sys?

Unread postby maax134 » December 22nd, 2009, 9:30 am

Web address:

http://virusscan.jotti.org/en/scanresul ... 0a6f935efe

Combo Fix log:

ComboFix 09-12-20.04 - FraserAdmin 22/12/2009 11:56:39.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1535.1084 [GMT 0:00]
Running from: c:\documents and settings\FraserAdmin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\FraserAdmin\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\LocalService\Application Data\fvgqad.dat"
"c:\documents and settings\NetworkService\Application Data\fvgqad.dat"
"c:\windows\Cwerigihagonaman.dat"
"c:\windows\Qsugirikijir.bin"
"c:\windows\system32\drivers\RkPavproc1.sys"
"c:\windows\system32\fjhdyfhsn.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\FraserAdmin\Application Data\uTorrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\28 days later & 28 weeks later.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\90s emo (3).1.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\90s emo (3).torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Adobe Photoshop CS4 Extended.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\All Shall Perish - The Price of Existence (2006).torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\August Burns Red - Constellations (2009).torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Battlestar Galactica - Season 4 Complete.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Battlestar Galactica OST Discography.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Biffy Clyro - Mountains.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Bleeding Through Declar.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Blink-182 - Greatest Hits.1.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Blink-182 - Greatest Hits.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Boris- Amplifier Worship.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Brand New - Daisy - 2009.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Brand New - The Devil and God Are Raging Inside Me.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Brand New.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Cashback[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\City of God[2002]DVDrip.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Dead.Space.Multi-5.Repack.Skullptura.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Deadlock - Manifesto [2008].torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Declaration (2008).torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\dht.dat
c:\documents and settings\FraserAdmin\Application Data\uTorrent\dht.dat.old
c:\documents and settings\FraserAdmin\Application Data\uTorrent\ETID-NJA.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Every Time I Die - Complete Discography.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Every Time I Die - The Big Dirty - 2007.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Firefly - Season 1.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\FIX YOUR FACE.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\For A Minor Reflection - Reistu þig við, sólin er komin á loft.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Funeral for a Friend Discography.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Generation Kill - HBO.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Gladiator Complete OST (63 Tracks) 3 Discs.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\God is an Astronaut.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Grace [Legacy Edition].torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Halo 3 - ODST - OST (Kingdom Music).torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Halo 3 OST.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Iron and Wine.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Jamie T - Sticks 'n' Stones - New EP [320kbs].torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\John Frusciante.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Johnny Truant - No Tears For The Creatures (2008).torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Johnny Truant.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Layer.Cake.DvDrip[Eng]-aXXo.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Little Wings - Light Green Leaves (cassette).torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Metalcore.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Microphones - Mt. Eerie.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Noise Ninja.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\picturecode.noise.ninja.v2.1.3.for.adobe.photoshop.incl.keygen-ssg.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\resume.dat
c:\documents and settings\FraserAdmin\Application Data\uTorrent\resume.dat.old
c:\documents and settings\FraserAdmin\Application Data\uTorrent\rss.dat
c:\documents and settings\FraserAdmin\Application Data\uTorrent\rss.dat.old
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Serenity[2005][Aka.Firefly]DvDrip[Eng]-aXXo.avi.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\settings.dat
c:\documents and settings\FraserAdmin\Application Data\uTorrent\settings.dat.old
c:\documents and settings\FraserAdmin\Application Data\uTorrent\SQT to Massive Attack.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\String Quartet - Underoath.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Sunny day real Estate.1.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Sunny day real Estate.2.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Sunny Day Real Estate.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Sunshine (Music from the Motion Picture).torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Taking Back Sunday.1.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Taking Back Sunday.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\The Killing Fields.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\The.Beach[Eng]Dvdrip.Camassacre.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\The.Fountain[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\This World They'll Drown.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\True Romance OST.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\True.Romance.Unrated.DirectorsCut - AliaIactaEst.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Twilight.1.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Twilight.2.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\twilight.avi.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Twilight.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\ubuntu_810.zip.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Understanding Exposure.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\utorrent.lng
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Walls Of Jericho.torrent
c:\documents and settings\FraserAdmin\Application Data\uTorrent\Yndi Halda - Enjoy Eternal Bliss.torrent
c:\documents and settings\LocalService\Application Data\fvgqad.dat
c:\documents and settings\NetworkService\Application Data\fvgqad.dat
c:\windows\Cwerigihagonaman.dat
c:\windows\Qsugirikijir.bin
c:\windows\system32\fjhdyfhsn.bat
d:\program files\uTorrent
d:\program files\uTorrent\uTorrent.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KBEEPM
-------\Legacy_PSKSVCRETAILINST
-------\Legacy_RKPAVPROC1
-------\Service_kbeepm
-------\Service_PskSvcRetailInst
-------\Service_RkPavproc1


((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 )))))))))))))))))))))))))))))))
.

2009-12-21 13:15 . 2009-12-21 13:15 -------- d-----w- c:\program files\ERUNT
2009-12-19 14:17 . 2009-12-19 14:17 -------- d-----w- C:\rsit
2009-12-19 14:05 . 2009-12-19 14:05 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-12-19 12:32 . 2009-12-19 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-12-11 18:03 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-11 18:02 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-11 18:02 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-11 18:02 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-11 18:02 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-11 18:02 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-11 18:02 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-11 18:02 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-12-11 18:02 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-11 18:02 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-11 18:01 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-11 18:00 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-11 18:00 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-11 18:00 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-11 17:59 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-11 17:59 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-11 17:59 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-11 17:59 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-11 17:59 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-11 17:37 . 2009-12-11 17:37 -------- d-----w- c:\windows\system32\scripting
2009-12-11 17:37 . 2009-12-11 17:37 -------- d-----w- c:\windows\l2schemas
2009-12-11 17:37 . 2009-12-11 17:37 -------- d-----w- c:\windows\system32\en
2009-12-11 17:37 . 2009-12-11 17:37 -------- d-----w- c:\windows\system32\bits
2009-12-11 17:25 . 2009-12-11 17:25 -------- d-----w- c:\windows\EHome
2009-12-10 20:58 . 2009-12-10 20:58 -------- d-----w- c:\program files\Trend Micro
2009-12-09 21:58 . 2009-12-09 21:58 -------- d-----w- c:\documents and settings\FraserAdmin\Local Settings\Application Data\Threat Expert
2009-12-08 21:16 . 2009-12-08 21:16 -------- d-----w- c:\documents and settings\FraserAdmin\Application Data\Malwarebytes
2009-12-08 21:16 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-08 21:16 . 2009-12-08 21:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-08 21:16 . 2009-12-08 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-08 21:16 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-08 20:57 . 2009-12-11 19:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-08 20:54 . 2009-12-08 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-12-08 19:27 . 2009-12-08 19:27 -------- d-----w- c:\documents and settings\Administrator.YEVGENYOBLASTRI.000\Local Settings\Application Data\Mozilla
2009-12-03 20:31 . 2008-11-07 18:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-12-03 20:28 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2009-12-03 20:28 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2009-12-03 20:28 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2009-12-03 20:28 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2009-12-03 20:28 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2009-11-25 17:45 . 2009-11-25 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-25 17:38 . 2009-11-25 17:40 -------- d-----w- c:\program files\QuickTime
2009-11-25 17:28 . 2009-12-08 19:22 -------- d-----w- c:\program files\Safari
2009-11-22 16:19 . 2009-11-25 17:01 -------- d-----w- C:\$AVG
2009-11-22 16:19 . 2009-11-22 16:19 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-22 16:19 . 2009-11-22 16:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-22 16:18 . 2009-11-22 16:18 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-22 16:18 . 2009-11-22 16:18 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-22 16:18 . 2009-12-22 09:12 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-22 16:18 . 2009-11-22 16:18 -------- d-----w- c:\program files\AVG
2009-11-22 16:18 . 2009-12-17 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 19:39 . 2008-12-09 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-19 14:10 . 2005-03-02 09:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-18 19:25 . 2005-09-06 13:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\Sony Corporation
2009-12-18 17:35 . 2005-03-01 20:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-18 16:38 . 2009-11-23 16:26 79488 ----a-w- c:\documents and settings\FraserAdmin\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-13 17:00 . 2009-12-13 17:01 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2009-12-11 17:43 . 2005-12-06 16:30 84136 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-12-11 17:40 . 2005-03-01 19:24 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-11 16:21 . 2009-11-23 16:25 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-12-11 16:21 . 2009-12-11 16:21 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2009-12-11 16:21 . 2009-11-23 16:25 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-12-09 21:58 . 2008-07-30 12:28 -------- d-----w- c:\documents and settings\FraserAdmin\Application Data\HPAppData
2009-12-03 20:32 . 2009-12-03 20:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf
2009-12-03 20:31 . 2009-12-03 20:31 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-11-25 19:23 . 2006-06-14 14:26 -------- d-----w- c:\documents and settings\FraserAdmin\Application Data\Apple Computer
2009-11-25 18:46 . 2006-08-21 22:01 66952 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-25 17:47 . 2006-08-17 23:20 -------- d-----w- c:\program files\iTunes
2009-11-25 17:46 . 2005-09-06 14:38 -------- d-----w- c:\program files\iPod
2009-11-25 17:46 . 2007-09-07 17:27 -------- d-----w- c:\program files\Common Files\Apple
2009-11-25 17:30 . 2009-11-25 17:30 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-25 17:26 . 2009-11-25 17:26 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-23 16:25 . 2009-11-23 16:28 3963160 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-22 16:24 . 2007-05-05 22:13 -------- d-----w- c:\documents and settings\FraserAdmin\Application Data\Samsung
2009-11-22 15:52 . 2005-03-02 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-22 15:45 . 2007-03-02 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-11-19 11:48 . 2009-12-02 21:35 872960 ----a-w- c:\documents and settings\FraserAdmin\Application Data\Mozilla\Firefox\Profiles\vaad1ktc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 11:48 . 2009-12-02 21:35 43008 ----a-w- c:\documents and settings\FraserAdmin\Application Data\Mozilla\Firefox\Profiles\vaad1ktc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 11:48 . 2009-12-02 21:35 340480 ----a-w- c:\documents and settings\FraserAdmin\Application Data\Mozilla\Firefox\Profiles\vaad1ktc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 11:48 . 2009-12-02 21:35 346624 ----a-w- c:\documents and settings\FraserAdmin\Application Data\Mozilla\Firefox\Profiles\vaad1ktc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-09 17:54 . 2005-03-21 08:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-30 16:35 . 2009-10-30 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-10-30 16:35 . 2008-07-05 19:47 -------- d-----w- c:\program files\Electronic Arts
2009-10-29 07:46 . 2005-03-01 11:08 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2005-03-01 11:08 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2005-03-01 11:08 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-28 18:42 . 2009-10-28 18:42 -------- d-----w- c:\program files\Audacity
2009-10-21 05:38 . 2005-03-01 11:08 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2005-03-01 11:08 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2005-03-01 11:08 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2005-03-01 11:08 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2005-03-01 11:08 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"TransBar"="c:\documents and settings\FraserAdmin\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe" [2005-06-01 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-07 4136960]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2004-10-17 122880]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-12 144792]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-13 2033432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator.YEVGENYOBLASTRI.000\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-21 778240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-10-1 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-22 16:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2006-03-19 11:37 110592 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"d:\\Program Files\\Rainmeter\\Rainmeter.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\AC3Filter\\ac3config.exe"=
"d:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/02/2007 21:37 639224]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22/11/2009 16:18 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22/11/2009 16:19 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22/11/2009 16:18 285392]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [05/09/2007 17:54 33792]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/cust ... _side.html
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.com/en
uInternet Settings,ProxyOverride = 127.0.0.1;*.local;<local>
uInternet Settings,ProxyServer = 127.0.0.1:8118
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 - c:\program files\sony\image converter 2\menu.htm
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\FraserAdmin\Application Data\Mozilla\Firefox\Profiles\vaad1ktc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.afreesearch.com/search/?ie=U ... &gfns=1&q=
FF - component: c:\documents and settings\FraserAdmin\Application Data\Mozilla\Firefox\Profiles\vaad1ktc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\FraserAdmin\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL - hxxp://www.afreesearch.com/search/?ie=U ... &gfns=1&q=
.
- - - - ORPHANS REMOVED - - - -

AddRemove-uTorrent - d:\program files\uTorrent\uTorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-22 12:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys sptd.sys >>UNKNOWN [0x8A5357AC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf74bfcb8
\Driver\atapi -> prosync1.sys @ 0xf798f661
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xbaf45bd4
PacketIndicateHandler -> NDIS.sys @ 0xbaf33a0d
SendHandler -> NDIS.sys @ 0xbaf47b40
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1744570660-2264734944-1409443950-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5EF32064-B535-E37F-0D69-B32619DA4DEB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oalcieohkednceopgflipahmhkldle"=hex:64,61,6d,6d,68,62,6d,65,00,50
"oapplbeefapmhjnoogpomebdjopeko"=hex:6a,61,6c,6d,6c,62,62,66,6f,61,6b,61,63,6f,
64,68,70,6e,68,61,00,fd
"nafanahpckklkimkhambphlnlale"=hex:69,61,62,6c,6f,61,67,62,6b,6d,68,66,6f,6a,
6d,64,70,66,00,00

[HKEY_USERS\S-1-5-21-1744570660-2264734944-1409443950-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:68,ed,4c,fc,40,9e,ad,19,51,72,f0,8e,60,22,9c,fa,86,6d,89,52,fe,bd,e8,
4f,e5,2d,bf,1a,1a,33,df,42,3f,2d,93,f7,2c,96,f8,b2,1b,6a,19,30,00,8b,73,aa,\
"??"=hex:3f,eb,b2,a8,d5,51,4b,c2,1b,01,ec,08,0f,18,11,95

[HKEY_USERS\S-1-5-21-1744570660-2264734944-1409443950-1008\Software\SecuROM\License information*]
"datasecu"=hex:b0,0b,47,35,f5,12,fc,2c,1e,73,17,23,28,f3,c9,8c,a1,cd,0c,f7,87,
ba,6e,b5,98,67,7c,16,6f,4d,83,52,43,75,15,b7,2a,29,9c,fd,f7,41,37,6a,19,b1,\
"rkeysecu"=hex:17,0c,8b,a8,75,cb,05,56,56,b0,06,85,72,9c,ba,40

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'explorer.exe'(3512)
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Sony\vaio entertainment\VzTaskScheduler.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\HotKey Utility\HKWnd.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
.
**************************************************************************
.
Completion time: 2009-12-22 12:09:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-22 12:09
ComboFix2.txt 2009-12-21 13:39
ComboFix3.txt 2009-12-10 20:52

Pre-Run: 10,235,420,672 bytes free
Post-Run: 10,227,834,880 bytes free

- - End Of File - - 7EF9E6EEE108D5186B6217A0BE749B1D
maax134
Active Member
 
Posts: 14
Joined: December 11th, 2009, 12:27 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 498 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware