Jump to content

Malware.trace issue


Recommended Posts

Hello, I'm new to this forum but have been using MBAM for sometime now and i love it. It has been very helpful in the past up till now. Currently my only problem is that this threat called "malware.trace" has been reoccuring in my scans, and everytime i remove it (and scan promptley after) it shows up again. I dont know what its doing, but regardless, I want to know how to get rid of it. Im not sure what to do, so any help will be greatly appreciated. I read Im supposed to post my MBAM and HJT logs here, so here they are.

Malwarebytes' Anti-Malware 1.36

Database version: 2118

Windows 5.1.2600 Service Pack 2

5/12/2009 6:26:22 PM

mbam-log-2009-05-12 (18-26-22).txt

Scan type: Full Scan (C:\|)

Objects scanned: 151083

Time elapsed: 50 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:27:05 PM, on 5/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AIM6\aim6.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://myuhportal.hawaii.edu/cp/home/displaylogin

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

O1 - Hosts: ::1 localhost

O1 - Hosts: 91.212.65.122 browser-security.microsoft.com

O1 - Hosts: 91.212.65.122 antiwareprotect.com

O1 - Hosts: 91.212.65.122 www.antiwareprotect.com

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Common Files\SystemDoctor\DNSE.exe" -c

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1241583068796

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab

O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) -

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab

O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab

O20 - AppInit_DLLs: karna.dat

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (file missing)

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--

End of file - 12027 bytes

Thanks in advance.

Link to post
Share on other sites

Hello hobenenenen and welcome!

You have two antiviruses (or is it antivirii?) installed: Avira Antivir and AVG. You need to remove one of these immediately because running both can cause conflicts and system hangs. Personally, I find that Avira Antivir is excellent and compatible with most other security programs, so I recommend you keep that one.

Next, uninstall Viewpoint Manager and SystemDoctor.

Please download ATF Cleaner by Atribune

  • Close Internet Explorer and any other open browsers
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click

  • No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

________________________________________________________________________

Launch HijackThis (HJT)by clicking the desktop shortcut and choose the Scan Only option. Close all programs except HJT and all browser windows, then check the following items for removal and click on "Fix Checked":

O1 - Hosts: 91.212.65.122 browser-security.microsoft.com

O1 - Hosts: 91.212.65.122 antiwareprotect.com

O1 - Hosts: 91.212.65.122 www.antiwareprotect.com

O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Common Files\SystemDoctor\DNSE.exe" -c

O20 - AppInit_DLLs: karna.dat

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Close HJT.

Reboot.

Next, download this Antirootkit Program to a folder that you create such as C:\ARK, by choosing the "Download EXE" button on the webpage.

Disable the active protection component of your antivirus by following the directions that apply here:

http://www.bleepingcomputer.com/forums/topic114351.html

Next, please perform a rootkit scan:

  • Double-click the randomly name EXE located in the C:\ARK folder that you just downloaded to run the program.
  • When the program opens, it will automatically initiate a very fast scan of common rootkit hiding places.
  • When the scan is finished (a few seconds, click the Rootkit/Malware tab,and then select the Scan button.
  • Leave your system completely idle while this longer scan is in progress.
  • When the scan is done, save the scan log to the Windows clipboard
  • Open Notepad or a similar text editor
  • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
  • Exit the Program
  • Save the Scan log as ARK.txt and post it in your next reply. If the log is very long attach it please.

Please download Combofix from one of these locations:

HERE or HERE

I want you to rename Combofix.exe as you download it to a name of your choice such as hoben.exe

Notes:

  • It is very important that save the newly renamed EXE file to your desktop.
  • You must rename Combofixe.exe as you download it and not after it is on your computer.
    You may have to modify your browser settings if you use Firefox, so you can rename Combofix.exe as you download it. To do that:
    • Open Firefox
    • Click Tools -> Options -> Main
    • Under the downloads section check the button that says "Always ask me where to save files".
    • Click OK

    [*]For Internet Explorer:

    • Choose to save, not open the file
    • When prompted - save the file to your desktop, and rename it anything with an .exe extension on the end.

Here is a tutorial that describes how to download, install and run Combofix more thoroughly. Please review it and follow the prompts to install Recovery Console if you have not done that already:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Very Important! Temporarily disable your antivirus and antimalware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix and even remove onboard components so it is rendered ineffective:

http://www.bleepingcomputer.com/forums/topic114351.html

Also, disable your firewall!

You can enable the Window firewall in the interim, until the scan is complete.

Note: The above tutorial does not tell you to rename Combofix as I have instructed you to do in the above instructions, so make sure you complete the renaming step before launching Combofix.

Running Combofix

In the event you already have Combofix, please delete it as this is a new version.

  • Close any open browsers.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

1. Double click on the renamed combofix.exe & follow the prompts.

2. When finished, it will produce a logfile located at C:\ComboFix.txt

3. Post the contents of that log in your next reply with a new hijackthis log.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Rename "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" -> "C:\Program Files\Malwarebytes' Anti-Malware\newyork.exe"

  • Now, relaunch MBAM by double-clicking newyork.exe in the MBAM folder.
  • Select the Update tab -> Check for Updates
  • After MBAM updates, select the Scanner tab.
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK -> Show Results to view the scan results.
  • Check all items found, and then choose the 'Remove Selected' option to move the selected items to the quarantine.
  • When the scan is done, a log will open in Notepad with the scan results. Please post the results in your next reply.

NOTE: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please post C:\ComboFix.txt, your antirootkit log (ARK.txt), and a new MBAM log in your next reply.

Link to post
Share on other sites

Hello hobenenenen and welcome!

You have two antiviruses (or is it antivirii?) installed: Avira Antivir and AVG. You need to remove one of these immediately because running both can cause conflicts and system hangs. Personally, I find that Avira Antivir is excellent and compatible with most other security programs, so I recommend you keep that one.

Next, uninstall Viewpoint Manager and SystemDoctor.

Please download ATF Cleaner by Atribune

  • Close Internet Explorer and any other open browsers

  • Double-click ATF-Cleaner.exe to run the program.

  • Under Main choose: Select All

  • Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All

  • Click the Empty Selected button.

  • NOTE: If you would like to keep your saved passwords, please click

  • No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All

  • Click the Empty Selected button.

  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

________________________________________________________________________

Launch HijackThis (HJT)by clicking the desktop shortcut and choose the Scan Only option. Close all programs except HJT and all browser windows, then check the following items for removal and click on "Fix Checked":

O1 - Hosts: 91.212.65.122 browser-security.microsoft.com

O1 - Hosts: 91.212.65.122 antiwareprotect.com

O1 - Hosts: 91.212.65.122 www.antiwareprotect.com

O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Common Files\SystemDoctor\DNSE.exe" -c

O20 - AppInit_DLLs: karna.dat

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Close HJT.

Reboot.

Next, download this Antirootkit Program to a folder that you create such as C:\ARK, by choosing the "Download EXE" button on the webpage.

Disable the active protection component of your antivirus by following the directions that apply here:

http://www.bleepingcomputer.com/forums/topic114351.html

Next, please perform a rootkit scan:

  • Double-click the randomly name EXE located in the C:\ARK folder that you just downloaded to run the program.

  • When the program opens, it will automatically initiate a very fast scan of common rootkit hiding places.

  • When the scan is finished (a few seconds, click the Rootkit/Malware tab,and then select the Scan button.

  • Leave your system completely idle while this longer scan is in progress.

  • When the scan is done, save the scan log to the Windows clipboard

  • Open Notepad or a similar text editor

  • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V

  • Exit the Program

  • Save the Scan log as ARK.txt and post it in your next reply. If the log is very long attach it please.

Please download Combofix from one of these locations:

HERE or HERE

I want you to rename Combofix.exe as you download it to a name of your choice such as hoben.exe

Notes:

  • It is very important that save the newly renamed EXE file to your desktop.

  • You must rename Combofixe.exe as you download it and not after it is on your computer.

    You may have to modify your browser settings if you use Firefox, so you can rename Combofix.exe as you download it. To do that:

    • Open Firefox

    • Click Tools -> Options -> Main

    • Under the downloads section check the button that says "Always ask me where to save files".

    • Click OK

    [*]For Internet Explorer:

    • Choose to save, not open the file

    • When prompted - save the file to your desktop, and rename it anything with an .exe extension on the end.

Here is a tutorial that describes how to download, install and run Combofix more thoroughly. Please review it and follow the prompts to install Recovery Console if you have not done that already:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Very Important! Temporarily disable your antivirus and antimalware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix and even remove onboard components so it is rendered ineffective:

http://www.bleepingcomputer.com/forums/topic114351.html

Also, disable your firewall!

You can enable the Window firewall in the interim, until the scan is complete.

Note: The above tutorial does not tell you to rename Combofix as I have instructed you to do in the above instructions, so make sure you complete the renaming step before launching Combofix.

Running Combofix

In the event you already have Combofix, please delete it as this is a new version.

  • Close any open browsers.

  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

1. Double click on the renamed combofix.exe & follow the prompts.

2. When finished, it will produce a logfile located at C:\ComboFix.txt

3. Post the contents of that log in your next reply with a new hijackthis log.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Rename "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" -> "C:\Program Files\Malwarebytes' Anti-Malware\newyork.exe"

  • Now, relaunch MBAM by double-clicking newyork.exe in the MBAM folder.

  • Select the Update tab -> Check for Updates

  • After MBAM updates, select the Scanner tab.

  • Select Perform quick scan, then click Scan.

  • When the scan is complete, click OK -> Show Results to view the scan results.

  • Check all items found, and then choose the 'Remove Selected' option to move the selected items to the quarantine.

  • When the scan is done, a log will open in Notepad with the scan results. Please post the results in your next reply.

NOTE: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please post C:\ComboFix.txt, your antirootkit log (ARK.txt), and a new MBAM log in your next reply.

Hello negster22,

thanks for your help.

So far I have done up to the HJT "Fix Checked" step. As for your initial instructructions to remove AVG, I could not find it in my Control Panel Add/Remove Programs list. I found a ViewPoint Media Player (not Manager) and proceeded to remove that. I did not find SystemDoctor however.

I did the ATF cleaner step. In the HJT log step, I found all but the last one (VeiwPoint) and removed them all. I also found a few AVG ones but did not remove them because you did not instruct me to do so. So now I await your instructions. If there are no changes to the instructions, just let me know and I will look back on your first post.

Link to post
Share on other sites

Please check these AVG items in your HJT log for removal and then hit "Fix Checked"

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (file missing)

Reboot and continue with the rest of the directions including the ARK scan and Combofix run.

I am not surprised that you couldn't find SystemDoctor in Add/Remove Programs because it is classified as a rogue program.

http://www.threatexpert.com/files/DNSE.exe.html

Link to post
Share on other sites

Please check these AVG items in your HJT log for removal and then hit "Fix Checked"

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (file missing)

Reboot and continue with the rest of the directions including the ARK scan and Combofix run.

I am not surprised that you couldn't find SystemDoctor in Add/Remove Programs because it is classified as a rogue program.

http://www.threatexpert.com/files/DNSE.exe.html

I removed th 6 AVG items you pointed out, but there are still two:

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)

Should I delete those two too? I m currently performing the antirook scan now on my laptop (Im on another computer at the moment). Should I just ignore the SystemDoctor for now since you didn't instruct me to do anything else about it? Anyway Im will continue with the instructions and reply back when completed. Thanks.

Link to post
Share on other sites

You can check these for removal in HJT this too:

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)

Apparently, they are just dormant leftovers after removing AVG, and are not inactive. I am not that concerned about those because we will get all that and more with Combofix. My main concern is that you are not using two active AVs simultaneously.

Yes, continue with the ARK scan and Combofix.

We'll use Combofix to remove any and all bad stuff.

Don't forget to disable Antivir before running Combofix, and re-enable after the Combofix log is generated.

Directions:

Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: )

* right click it -> untick the option AntiVir Guard enable.

* You should now see a closed, white umbrella on a red background.

Reverse the above to re-enable the Antivir Guard after running Combofix

Link to post
Share on other sites

You can check these for removal in HJT this too:

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)

Apparently, they are just dormant leftovers after removing AVG, and are not inactive. I am not that concerned about those because we will get all that and more with Combofix. My main concern is that you are not using two active AVs simultaneously.

Yes, continue with the ARK scan and Combofix.

We'll use Combofix to remove any and all bad stuff.

Don't forget to disable Antivir before running Combofix, and re-enable after the Combofix log is generated.

Directions:

Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: )

* right click it -> untick the option AntiVir Guard enable.

* You should now see a closed, white umbrella on a red background.

Reverse the above to re-enable the Antivir Guard after running Combofix

Alright, I got to the part where i begin running Combofix, but as I start to run it, it alerts me to disable my AVG7.5 (I disabled Avira). But the thing is that a while back, years maybe, I deleted AVG by dragging it in my Trash, not knowing that would no delete it. Now there are only some components of AVG that cannot be deleted. Do I continue the scan? Ill wait till you reply.

Link to post
Share on other sites

Please post a fresh HJT log and the ARK.txt

I have to see if any AVG services are actively running.

Is their an entry in Add/Remove programs for AVG7.5 - I guess not or you would have used it.

You can try rebooting your computer in "SAFE MODE" and running Combofix from there, using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Link to post
Share on other sites

Please post a fresh HJT log and the ARK.txt

I have to see if any AVG services are actively running.

Is their an entry in Add/Remove programs for AVG7.5 - I guess not or you would have used it.

You can try rebooting your computer in "SAFE MODE" and running Combofix from there, using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Nope, there is no AVG7.5 in my Add/Remove programs. I will do the Safe Mode Combofix now. Here is my latest HJT log and ARK.txt:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:12:03 PM, on 5/17/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\AIM6\aim6.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://myuhportal.hawaii.edu/cp/home/displaylogin

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1241583068796

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab

O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) -

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab

O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (file missing)

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--

End of file - 11103 bytes

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-05-17 13:17:44

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.15 ----

SSDT F8BB1206

ZwCreateKey

SSDT F8BB11FC

ZwCreateThread

SSDT F8BB120B

ZwDeleteKey

SSDT F8BB1215

ZwDeleteValueKey

SSDT F8BB121A

ZwLoadKey

SSDT F8BB11E8

ZwOpenProcess

SSDT F8BB11ED

ZwOpenThread

SSDT F8BB1224

ZwReplaceKey

SSDT F8BB121F

ZwRestoreKey

SSDT F8BB1210

ZwSetValueKey

SSDT F8BB11F7

ZwTerminateProcess

Code \??\C:\DOCUME~1\Hoben\LOCALS~1\Temp\catchme.sys

pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2514

80501404 4 Bytes CALL 4F48CF1A

? System32\Drivers\avg7rsw.sys

The system cannot find the path specified. !

? C:\DOCUME~1\Hoben\LOCALS~1\Temp\catchme.sys

The system cannot find the file specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]

[6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\ADVAPI32.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL

Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\RPCRT4.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL

Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\Secur32.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL

Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\MSVCRT.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL

Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]

[6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\USER32.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL

Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\GDI32.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL

Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]

[6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]

[6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA]

[6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\ole32.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL

Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\SHLWAPI.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL

Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]

[6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]

[6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\NETAPI32.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL

Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW]

[6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\WININET.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL

Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\SHELL32.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL

Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]

[6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA]

[6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA]

[6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[2180] @ C:\WINDOWS\system32\USERENV.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL

Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]

[6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\ADVAPI32.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

(AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\RPCRT4.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

(AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\Secur32.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

(AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\MSVCRT.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

(AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]

[6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\USER32.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

(AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\GDI32.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common

Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]

[6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]

[6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA]

[6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\ole32.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common

Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\SHLWAPI.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

(AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]

[6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]

[6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA]

[0103E070] c:\program files\aim6\services\imApp\ver6_8_15_1\imAppService.dll (imAppService EE

Application Service/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW]

[6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\WININET.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

(AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\SHELL32.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

(AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]

[6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA]

[6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\iphlpapi.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

(AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\NETAPI32.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

(AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW]

[6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA]

[6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA]

[6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2988] @ C:\WINDOWS\system32\USERENV.dll

[KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

(AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip

avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

Device \Driver\Tcpip \Device\Tcp

avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

Device \Driver\Tcpip \Device\Udp

avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

Device \Driver\Tcpip \Device\RawIp

avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

Device \Driver\Tcpip \Device\IPMULTICAST

avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

---- EOF - GMER 1.0.15 ----

ARK.txt

ARK.txt

Link to post
Share on other sites

I ran Combofix in Safe Mode. Note that it did mention to disable AVG7.5 again, but I ran it anyway. I was supposed to right, since it was in Safe Mode? As i began to run it, it told me to install the Recovery Console, but I didnt have internet connection (due to Safe Mode i think), and then I let it run till the end.

Do I manually install the Recovery Console now? Im back in Normal Mode (not Safe) and have internet connection. I will now do the last step (renaming mbam.exe to newyork.exe.

Here is my log:

ComboFix 09-05-14.05 - Hoben 05/17/2009 13:34.1 - NTFSx86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.363 [GMT -10:00]

Running from: c:\documents and settings\Hoben\Desktop\hoben.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: AVG 7.5.524 *On-access scanning enabled* (Updated) {41564737-3200-1071-989B-0000E87B4FB1}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Hoben\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat

c:\documents and settings\Hoben\Local Settings\Temporary Internet Files\usawuvufy.inf

C:\smp.bat

c:\windows\IE4 Error Log.txt

c:\windows\setup.exe

c:\windows\system32\nfr.assembly

c:\windows\system32\nfr.gpref

.

((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))

.

2009-05-15 07:00 . 2009-05-15 07:04 -------- d-----w C:\ARK

2009-05-13 02:18 . 2009-05-13 02:18 -------- d-----w c:\program files\Trend Micro

2009-05-13 02:05 . 2009-03-25 02:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys

2009-05-13 02:05 . 2009-05-13 02:05 -------- d-----w c:\documents and settings\All Users\Application Data\Avira

2009-05-13 02:05 . 2009-05-13 02:05 -------- d-----w c:\program files\Avira

2009-05-13 00:39 . 2009-05-13 00:39 -------- d-----w c:\program files\Java

2009-05-07 05:54 . 2008-10-17 00:06 268648 ----a-w c:\windows\system32\mucltui.dll

2009-05-06 09:59 . 2009-05-06 09:59 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2

2009-05-06 05:04 . 2009-05-06 05:04 -------- d-----w c:\documents and settings\Joe\Application Data\Malwarebytes

2009-04-20 02:43 . 2009-04-20 02:43 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-04-20 02:42 . 2009-05-06 03:53 -------- d-----w c:\program files\SUPERAntiSpyware

2009-04-20 02:42 . 2009-05-06 03:54 -------- d-----w c:\documents and settings\Hoben\Application Data\SUPERAntiSpyware.com

2009-04-20 02:35 . 2009-04-20 02:35 -------- d-----w c:\documents and settings\Ann\Local Settings\Application Data\Google

2009-04-20 02:35 . 2009-04-20 02:35 -------- d-----w c:\documents and settings\Ann\Local Settings\Application Data\Apple Computer

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-15 06:51 . 2006-06-21 11:50 64336 ----a-w c:\documents and settings\Ann\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-15 06:11 . 2006-06-02 06:42 -------- d-----w c:\program files\Viewpoint

2009-05-13 00:40 . 2008-12-31 05:33 410984 ----a-w c:\windows\system32\deploytk.dll

2009-05-07 22:23 . 2006-06-02 05:20 64336 ----a-w c:\documents and settings\Hoben\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-06 04:07 . 2006-06-02 04:39 64336 ----a-w c:\documents and settings\Joe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-06 04:01 . 2006-03-02 09:02 -------- d-----w c:\program files\Sony

2009-05-06 03:50 . 2006-03-07 14:34 -------- d-----w c:\program files\Microsoft Works

2009-04-20 01:36 . 2009-02-22 00:04 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-15 07:12 . 2009-04-15 07:12 4744 ----a-w c:\windows\system32\PerfStringBackup.TMP

2009-04-07 01:32 . 2009-02-22 00:04 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-07 01:32 . 2009-02-22 00:04 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-03-06 14:44 . 2006-03-02 06:21 283648 ----a-w c:\windows\system32\pdh.dll

2009-03-03 00:18 . 2006-03-02 06:21 826368 ----a-w c:\windows\system32\wininet.dll

2009-02-20 18:09 . 2006-03-02 06:21 78336 ----a-w c:\windows\system32\ieencode.dll

2008-11-12 22:05 . 2008-11-12 22:05 18003 ----a-w c:\program files\Common Files\jynosevyhu.vbs

2008-11-12 22:05 . 2008-11-12 22:05 14875 ----a-w c:\program files\Common Files\aqus.bin

2006-06-30 06:09 . 2006-06-30 06:09 774144 ----a-w c:\program files\RngInterstitial.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-20 184320]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-26 185872]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-13 148888]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-06-29 14720000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2005-05-21 01:42 73728 ----a-w c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\ijji\\ENGLISH\\u_gbound.exe"=

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/12/2009 4:05 PM 108289]

S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MDMXSDK

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

orkzuztv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92609ac4-e888-11db-a326-0016ce118fdd}]

\Shell\AutoRun\command - F:\setupSNK.exe

.

Contents of the 'Scheduled Tasks' folder

2009-05-17 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 05:20]

.

- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{03A80B1D-5C6A-42c2-9DFB-81B6005D8023} - c:\program files\Trend Micro\Tmas\sshook.dll

.

------- Supplementary Scan -------

.

uStart Page = https://myuhportal.hawaii.edu/cp/home/displaylogin

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyServer = http=localhost:7171

uInternet Settings,ProxyOverride = *.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm

DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF}

DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} - hxxp://www.tricksteronline.com/control/tricksterActiveX.cab

DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - hxxp://www.tricksteronline.com/control/KALogoutComponent.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-17 13:36

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(216)

c:\windows\system32\VESWinlogon.dll

.

Completion time: 2009-05-17 13:40

ComboFix-quarantined-files.txt 2009-05-17 23:39

Pre-Run: 46,288,388,096 bytes free

Post-Run: 46,395,416,576 bytes free

140 --- E O F --- 2009-05-15 03:52

Link to post
Share on other sites

I did the last step in your initial instructions (rename mbam to newyork, then update, then perform quick scan). The scan did no detect any malware. Here is the log

Malwarebytes' Anti-Malware 1.36

Database version: 2146

Windows 5.1.2600 Service Pack 2

5/17/2009 1:59:02 PM

mbam-log-2009-05-17 (13-59-02).txt

Scan type: Quick Scan

Objects scanned: 89672

Time elapsed: 5 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I await any further instructions (whether or not to instal Recovery Console).

Link to post
Share on other sites

Give me some time to go over your logs and make a batch file for you to disable AVG7.5 which is still actively running and fully updated according to Combofix.

Actually, you can install Recovery Console now so it won't become a problem in your next Combofix run which is definitely needed.

Can you tell me if you know what this program is (?)

c:\ijji\ENGLISH\u_gbound.exe

It currently has access through your firewall, and I thought it might have something to do with gaming?

If not, see if you can view the contents of the folder:

c:\ijji\ENGLISH

Link to post
Share on other sites

Give me some time to go over your logs and make a batch file for you to disable AVG7.5 which is still actively running and fully updated according to Combofix.

Actually, you can install Recovery Console now so it won't become a problem in your next Combofix run which is definitely needed.

Can you tell me if you know what this program is (?)

c:\ijji\ENGLISH\u_gbound.exe

It currently has access through your firewall, and I thought it might have something to do with gaming?

If not, see if you can view the contents of the folder:

c:\ijji\ENGLISH

Alright, Ill install the Recovery Console now, thanks. I believe the c:\ijji\ENGLISH\u_gbound.exe is a component of a game. I can uninstall it if you wish, I dont use it anymore.

Link to post
Share on other sites

I dont believe I have the Windows CD, so I took the necessary route and downloaded the Windows XP version and the Windows Service Pack 2. I dragged the second item onto the Combofix icon as the tutorial instructed, and it prompted me that there was an updated version of Combofix and if Id like to update (which I did). Then it began to run Combofix, but again told me that AVG7.5 was enabled. So (since I wasn't in Safe Mode) I exited Combofix when it gave me the option to do so.

I will await further instructions. I also couldn't uninstall the ijji contents (they didnt appear in the Add/Remove list).

Link to post
Share on other sites

OK I have a CFScript for you, after you do this to remove AVG:

Open Notepad by Clicking start -> run -> type notepad

Hit Enter

Paste in the following bolded text into the Notepad window:

sc stop Avg7Alrt

sc config Avg7Alrt start= disabled

sc delete Avg7Alrt

sc stop AvgTdi

sc config AvgTdi start= disabled

sc delete AvgTdi

sc stop Avg7UpdSvc

sc config Avg7UpdSvc start= disabled

sc delete Avg7UpdSvc

sc stop AVGEMS

sc config AVGEMS start= disabled

sc delete AVGEMS

if exist "%userprofile%\documents\AVGStatus.txt" del "%userprofile%\documents\AVGStatus.txt"

sc query Avg7Alrt > "%userprofile%\documents\AVGStatus.txt"

sc query AvgTdi >> "%userprofile%\documents\AVGStatus.txt"

sc query Avg7UpdSvc >> "%userprofile%\documents\AVGStatus.txt"

sc query AVGEMS >> "%userprofile%\documents\AVGStatus.txt"

notepad "%userprofile%\documents\AVGStatus.txt"

Save the file to your desktop by setting the "Save as Type" to "all files", and save it as AVGRemove.bat

Double-click the AVGRemove.bat gear icon on your desktop (allow the script to run and disable any script blocking programs first).

A TXT file called AVGStatus.txt located in your documents folder will open. Please copy and paste the contents in a reply back here immediately, and then proceed with the next instructions - do not wait for me to reply (this is a before and after comparison).

Next, boot into safe mode (using the F8 key method), and repeat the same above directions. Again a file will open in Notepad. Close the file - reboot and then locate and post the contents of the NEW AVGStatus.txt located in your documents folder (check the time/date stamp).

I'll remove that game related folder in the CFScript. What firewall are you using because there are references to a Symantec firewall in your CF log.

Link to post
Share on other sites

OK I have a CFScript for you, after you do this to remove AVG:

Open Notepad by Clicking start -> run -> type notepad

Hit Enter

Paste in the following bolded text into the Notepad window:

sc stop Avg7Alrt

sc config Avg7Alrt start= disabled

sc delete Avg7Alrt

sc stop AvgTdi

sc config AvgTdi start= disabled

sc delete AvgTdi

sc stop Avg7UpdSvc

sc config Avg7UpdSvc start= disabled

sc delete Avg7UpdSvc

sc stop AVGEMS

sc config AVGEMS start= disabled

sc delete AVGEMS

if exist "%userprofile%\documents\AVGStatus.txt" del "%userprofile%\documents\AVGStatus.txt"

sc query Avg7Alrt > "%userprofile%\documents\AVGStatus.txt"

sc query AvgTdi >> "%userprofile%\documents\AVGStatus.txt"

sc query Avg7UpdSvc >> "%userprofile%\documents\AVGStatus.txt"

sc query AVGEMS >> "%userprofile%\documents\AVGStatus.txt"

notepad "%userprofile%\documents\AVGStatus.txt"

Save the file to your desktop by setting the "Save as Type" to "all files", and save it as AVGRemove.bat

Double-click the AVGRemove.bat gear icon on your desktop (allow the script to run and disable any script blocking programs first).

A TXT file called AVGStatus.txt located in your documents folder will open. Please copy and paste the contents in a reply back here immediately, and then proceed with the next instructions - do not wait for me to reply (this is a before and after comparison).

Next, boot into safe mode (using the F8 key method), and repeat the same above directions. Again a file will open in Notepad. Close the file - reboot and then locate and post the contents of the NEW AVGStatus.txt located in your documents folder (check the time/date stamp).

I'll remove that game related folder in the CFScript. What firewall are you using because there are references to a Symantec firewall in your CF log.

I copied and pasted what you just sent into Notepad, saved it to all files on the desktop as instructed, and then ran it. It ran for a a few seconds but then it opened up Notepad (which was empty) and a message popped up: "The system cannot find the path specified." I dont know if this is because I have a script blocking program up (to my knowledge I do not). I will do the Safe Mode method now and post it my results.

Link to post
Share on other sites

I tried it in Safe Mode too and the same thing happened. Should I do the CF Recovery Console in Safe Mode?

OK - disable Windows Defender and Avira Antivir Guard.

Now, delete the AVGStatus.bat file on your desktop.

Copy/Paste the following bolded text into a Notepad file (make sure wordwrap is unchecked under format):

sc stop WinDefend

sc stop Avg7Alrt

sc config Avg7Alrt start= disabled

sc delete Avg7Alrt

sc stop AvgTdi

sc config AvgTdi start= disabled

sc delete AvgTdi

sc stop Avg7UpdSvc

sc config Avg7UpdSvc start= disabled

sc delete Avg7UpdSvc

sc stop AVGEMS

sc config AVGEMS start= disabled

sc delete AVGEMS

if exist "%userprofile%\documents\AVGStatus.txt" del "%userprofile%\documents\AVGStatus.txt"

sc query Avg7Alrt > "%userprofile%\documents\AVGStatus.txt"

sc query AvgTdi >> "%userprofile%\documents\AVGStatus.txt"

sc query Avg7UpdSvc >> "%userprofile%\documents\AVGStatus.txt"

sc query AVGEMS >> "%userprofile%\documents\AVGStatus.txt"

notepad "%userprofile%\documents\AVGStatus.txt"

Pause

Save the file to your desktop by setting the "Save as Type" to "All Files", and save it as AVGRemove.bat.

Double-click the AVGRemove.bat gear icon on your desktop (allow the script to run and disable any script blocking programs first). A black CMD window should open and stay that way as the batch commands process.

A TXT file called AVGStatus.txt located in your documents folder will open. Ignore that for now.

The command console (CMD window) should still be open at the end of the batch processing.

Right-click the DOS window and choose: Select All from the context menu (color changes)

Right-click the DOS window again and this will copy the content to the clipboard. (color changes to black again)

Copy and paste the content of the CMD window in your next reply.

Now, copy and paste back the content of the Notepad file AVGStatus.txt.

Forget the safe mode part and the Recovery console for now. I want to see what happens first.

Turn ON Windows Defender and Avira Antivir Guard.

Link to post
Share on other sites

OK - disable Windows Defender and Avira Antivir Guard.

Now, delete the AVGStatus.bat file on your desktop.

Copy/Paste the following bolded text into a Notepad file (make sure wordwrap is unchecked under format):

sc stop WinDefend

sc stop Avg7Alrt

sc config Avg7Alrt start= disabled

sc delete Avg7Alrt

sc stop AvgTdi

sc config AvgTdi start= disabled

sc delete AvgTdi

sc stop Avg7UpdSvc

sc config Avg7UpdSvc start= disabled

sc delete Avg7UpdSvc

sc stop AVGEMS

sc config AVGEMS start= disabled

sc delete AVGEMS

if exist "%userprofile%\documents\AVGStatus.txt" del "%userprofile%\documents\AVGStatus.txt"

sc query Avg7Alrt > "%userprofile%\documents\AVGStatus.txt"

sc query AvgTdi >> "%userprofile%\documents\AVGStatus.txt"

sc query Avg7UpdSvc >> "%userprofile%\documents\AVGStatus.txt"

sc query AVGEMS >> "%userprofile%\documents\AVGStatus.txt"

notepad "%userprofile%\documents\AVGStatus.txt"

Pause

Save the file to your desktop by setting the "Save as Type" to "All Files", and save it as AVGRemove.bat.

Double-click the AVGRemove.bat gear icon on your desktop (allow the script to run and disable any script blocking programs first). A black CMD window should open and stay that way as the batch commands process.

A TXT file called AVGStatus.txt located in your documents folder will open. Ignore that for now.

The command console (CMD window) should still be open at the end of the batch processing.

Right-click the DOS window and choose: Select All from the context menu (color changes)

Right-click the DOS window again and this will copy the content to the clipboard. (color changes to black again)

Copy and paste the content of the CMD window in your next reply.

Now, copy and paste back the content of the Notepad file AVGStatus.txt.

Forget the safe mode part and the Recovery console for now. I want to see what happens first.

Turn ON Windows Defender and Avira Antivir Guard.

Alright, I did everything you described but the "The system could not find the path specified" message popped up again. No such file called "AVGStatus.txt" was created. I made sure to disable Windows Defender and Avira, and I made sure the Wordwrap was unchecked, however Im not sure if I had any script blocking programs running (to my knowledge I dont own any). Here is the DOS window contents:

C:\Documents and Settings\Hoben\Desktop>sc stop WinDefend

[sC] ControlService FAILED 1062:

The service has not been started.

C:\Documents and Settings\Hoben\Desktop>sc stop Avg7Alrt

[sC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

C:\Documents and Settings\Hoben\Desktop>sc config Avg7Alrt start= disabled

[sC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

C:\Documents and Settings\Hoben\Desktop>sc delete Avg7Alrt

[sC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

C:\Documents and Settings\Hoben\Desktop>sc stop AvgTdi

[sC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

C:\Documents and Settings\Hoben\Desktop>sc config AvgTdi start= disabled

[sC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

C:\Documents and Settings\Hoben\Desktop>sc delete AvgTdi

[sC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

C:\Documents and Settings\Hoben\Desktop>sc stop Avg7UpdSvc

[sC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

C:\Documents and Settings\Hoben\Desktop>sc config Avg7UpdSvc start= disabled

[sC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

C:\Documents and Settings\Hoben\Desktop>sc delete Avg7UpdSvc

[sC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

C:\Documents and Settings\Hoben\Desktop>sc stop AVGEMS

[sC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

C:\Documents and Settings\Hoben\Desktop>sc config AVGEMS start= disabled

[sC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

C:\Documents and Settings\Hoben\Desktop>sc delete AVGEMS

[sC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

C:\Documents and Settings\Hoben\Desktop>if exist "C:\Documents and Settings\Hobe

n\documents\AVGStatus.txt" del "C:\Documents and Settings\Hoben\documents\AVGSta

tus.txt"

C:\Documents and Settings\Hoben\Desktop>sc query Avg7Alrt 1>"C:\Documents and S

ettings\Hoben\documents\AVGStatus.txt"

The system cannot find the path specified.

C:\Documents and Settings\Hoben\Desktop>sc query AvgTdi 1>>"C:\Documents and Se

ttings\Hoben\documents\AVGStatus.txt"

The system cannot find the path specified.

C:\Documents and Settings\Hoben\Desktop>sc query Avg7UpdSvc 1>>"C:\Documents an

d Settings\Hoben\documents\AVGStatus.txt"

The system cannot find the path specified.

C:\Documents and Settings\Hoben\Desktop>sc query AVGEMS 1>>"C:\Documents and Se

ttings\Hoben\documents\AVGStatus.txt"

The system cannot find the path specified.

C:\Documents and Settings\Hoben\Desktop>notepad "C:\Documents and Settings\Hoben

\documents\AVGStatus.txt"

C:\Documents and Settings\Hoben\Desktop>Pause

Press any key to continue . . .

Link to post
Share on other sites

OK that's good! None of the AVG services exist any more so the error msg was generated because of the TXT file creation, not the service operations being performed.

Turn off Windows Defender and Avira Antivir Guard.

It is important that you follow the next set of instructions precisely.

Open Notepad by hitting Start -> run, typing notepad into the Open: box, and then clicking OK.

On the Notepad menu, choose "Format" and make sure that Word Wrap is unchecked (disabled).

Copy/paste the text in the code box below into Notepad.

Save this to your desktop as CFScript.txt by selecting File -> Save as.

KillAll::
Driver::avgtdi
File::C:\Windows\system32\drivers\avgtdi.sys
Registry::[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\ijji\\ENGLISH\\u_gbound.exe"=-
NetSvcs::orkzuztv
Folder::c:\program files\Grisoft\AVG Free\c:\program files\Viewpointc:\ijji\

CFScriptB-4.gif

Very Important: Disable ALL security program active protection components at this time including any and all antispyware and antivirus monitor/guards you have running!!

Also, disable any task(s)scheduled to run automatically upon reboot, such as chkdsk or any scanners. Then re-enable them after you get the new Combofix report.

Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will cause ComboFix to run again. Only if you have to, run the CFSript in safe mode.

Please post back the log that opens when it finishes.

Turn back on Windows Defender and Avira Antivir Guard.

Link to post
Share on other sites

OK that's good! None of the AVG services exist any more so the error msg was generated because of the TXT file creation, not the service operations being performed.

Turn off Windows Defender and Avira Antivir Guard.

It is important that you follow the next set of instructions precisely.

Open Notepad by hitting Start -> run, typing notepad into the Open: box, and then clicking OK.

On the Notepad menu, choose "Format" and make sure that Word Wrap is unchecked (disabled).

Copy/paste the text in the code box below into Notepad.

Save this to your desktop as CFScript.txt by selecting File -> Save as.

KillAll::

Driver::

avgtdi

File::

C:\Windows\system32\drivers\avgtdi.sys

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\ijji\\ENGLISH\\u_gbound.exe"=-

NetSvcs::

orkzuztv

Folder::

c:\program files\Grisoft\AVG Free\

c:\program files\Viewpoint

c:\ijji\

CFScriptB-4.gif

Very Important: Disable ALL security program active protection components at this time including any and all antispyware and antivirus monitor/guards you have running!!

Also, disable any task(s)scheduled to run automatically upon reboot, such as chkdsk or any scanners. Then re-enable them after you get the new Combofix report.

Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will cause ComboFix to run again. Only if you have to, run the CFSript in safe mode.

Please post back the log that opens when it finishes.

Turn back on Windows Defender and Avira Antivir Guard.

Alright, I disabled Windows Defender and Avira. Copied/Pasted the code into notepad and dragged the file onto CF as illustrated. I stopped here because the prompt that AVG7.5 was running showed up again. I wanted to know what to do now, proceed with the scan anyway, or scan in SafeMode.

Link to post
Share on other sites

Okay, I ran CF in normal mode. Everything went smoothly, however when it was almost done, my computer restarted (a command in your program code I believe) and I had to login to my User again. When I was logged in, CF was finishing where it left off, but Avira was enabled upon reboot (AIM started as well, but I canceled it before it could sign on) but I quickly disabled Avira. After CF was done it produced the log below. I checked Windows Defender and it was still Off. Please let me know if I did anything wrong.

ComboFix 09-05-17.03 - Hoben 05/17/2009 18:01.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.214 [GMT -10:00]

Running from: c:\documents and settings\Hoben\Desktop\hoben.exe

Command switches used :: c:\documents and settings\Hoben\Desktop\CFScript.txt.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: AVG 7.5.524 *On-access scanning enabled* (Updated) {41564737-3200-1071-989B-0000E87B4FB1}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::

c:\windows\system32\drivers\avgtdi.sys

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\ijji\

c:\ijji\\ENGLISH\ijjiUninstall.exe

c:\ijji\\ENGLISH\NeoBit.dll

c:\ijji\\ENGLISH\PiXel.dll

c:\ijji\\ENGLISH\u_gbound.exe

c:\ijji\\ENGLISH\XInNetwork.dll

c:\ijji\\ENGLISH\XPlatform.dll

c:\ijji\\ENGLISH\XStream.dll

c:\ijji\\ENGLISH\XSystem.dll

c:\ijji\\GunboundRV_setup.exe

c:\program files\Grisoft\AVG Free\

c:\program files\Grisoft\AVG Free\\avgse.dll

c:\program files\Grisoft\AVG Free\\avgupsvc.exe

c:\program files\Viewpoint

c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream_0302021C.dll

c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream_0302021C_.dll

c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll

c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305000D.dll

c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini

c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll

c:\program files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll

c:\program files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll

c:\program files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll

c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll

c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll

c:\program files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll

c:\program files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll

c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll

c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll

c:\program files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll

c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\VMgr_Win\Exec.exe

c:\program files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini

c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini

c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini

c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe

c:\program files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt

c:\windows\system32\drivers\avgtdi.sys

c:\windows\system32\mfc71.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_AVGTDI

((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))

.

2009-05-15 07:00 . 2009-05-15 07:04 -------- d-----w C:\ARK

2009-05-13 02:18 . 2009-05-13 02:18 -------- d-----w c:\program files\Trend Micro

2009-05-13 02:05 . 2009-03-25 02:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys

2009-05-13 02:05 . 2009-05-13 02:05 -------- d-----w c:\documents and settings\All Users\Application Data\Avira

2009-05-13 02:05 . 2009-05-13 02:05 -------- d-----w c:\program files\Avira

2009-05-13 00:39 . 2009-05-13 00:39 -------- d-----w c:\program files\Java

2009-05-07 05:54 . 2008-10-17 00:06 268648 ----a-w c:\windows\system32\mucltui.dll

2009-05-06 09:59 . 2009-05-06 09:59 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2

2009-05-06 05:04 . 2009-05-06 05:04 -------- d-----w c:\documents and settings\Joe\Application Data\Malwarebytes

2009-04-20 02:43 . 2009-04-20 02:43 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-04-20 02:42 . 2009-05-06 03:53 -------- d-----w c:\program files\SUPERAntiSpyware

2009-04-20 02:42 . 2009-05-06 03:54 -------- d-----w c:\documents and settings\Hoben\Application Data\SUPERAntiSpyware.com

2009-04-20 02:35 . 2009-04-20 02:35 -------- d-----w c:\documents and settings\Ann\Local Settings\Application Data\Google

2009-04-20 02:35 . 2009-04-20 02:35 -------- d-----w c:\documents and settings\Ann\Local Settings\Application Data\Apple Computer

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-17 23:51 . 2009-02-22 00:04 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-05-15 06:51 . 2006-06-21 11:50 64336 ----a-w c:\documents and settings\Ann\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-13 00:40 . 2008-12-31 05:33 410984 ----a-w c:\windows\system32\deploytk.dll

2009-05-07 22:23 . 2006-06-02 05:20 64336 ----a-w c:\documents and settings\Hoben\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-06 04:07 . 2006-06-02 04:39 64336 ----a-w c:\documents and settings\Joe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-06 04:01 . 2006-03-02 09:02 -------- d-----w c:\program files\Sony

2009-05-06 03:50 . 2006-03-07 14:34 -------- d-----w c:\program files\Microsoft Works

2009-04-15 07:12 . 2009-04-15 07:12 4744 ----a-w c:\windows\system32\PerfStringBackup.TMP

2009-04-07 01:32 . 2009-02-22 00:04 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-07 01:32 . 2009-02-22 00:04 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-03-06 14:44 . 2006-03-02 06:21 283648 ----a-w c:\windows\system32\pdh.dll

2009-03-03 00:18 . 2006-03-02 06:21 826368 ----a-w c:\windows\system32\wininet.dll

2009-02-20 18:09 . 2006-03-02 06:21 78336 ----a-w c:\windows\system32\ieencode.dll

2008-11-12 22:05 . 2008-11-12 22:05 18003 ----a-w c:\program files\Common Files\jynosevyhu.vbs

2008-11-12 22:05 . 2008-11-12 22:05 14875 ----a-w c:\program files\Common Files\aqus.bin

2006-06-30 06:09 . 2006-06-30 06:09 774144 ----a-w c:\program files\RngInterstitial.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-05-17_23.36.42 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-05-18 04:05 . 2009-05-18 04:05 16384 c:\windows\temp\Perflib_Perfdata_740.dat

+ 2009-05-18 04:05 . 2009-05-18 04:05 16384 c:\windows\temp\Perflib_Perfdata_728.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-20 184320]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-26 185872]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-13 148888]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-06-29 14720000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2005-05-21 01:42 73728 ----a-w c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/12/2009 4:05 PM 108289]

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

orkzuztv

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

uStart Page = https://myuhportal.hawaii.edu/cp/home/displaylogin

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyServer = http=localhost:7171

uInternet Settings,ProxyOverride = *.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm

DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF}

DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} - hxxp://www.tricksteronline.com/control/tricksterActiveX.cab

DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - hxxp://www.tricksteronline.com/control/KALogoutComponent.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-17 18:07

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)

c:\windows\system32\VESWinlogon.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Sony\VAIO Event Service\VESMgr.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Apoint\ApntEx.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2009-05-18 18:10 - machine was rebooted

ComboFix-quarantined-files.txt 2009-05-18 04:10

ComboFix2.txt 2009-05-17 23:40

Pre-Run: 45,900,242,944 bytes free

Post-Run: 45,685,637,120 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

201 --- E O F --- 2009-05-15 03:52

Link to post
Share on other sites

I have to review your log and see how we should proceed Monday because it's getting late now and that can lead to mistakes.

Most everything deleted in Combofix, but this is still remaining:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

orkzuztv

I see you were successful in installing the recovery console.

I have to also see if any AVG remnants are visible.

This BTW, is Avira NOT AVG7.5:

c:\windows\system32\drivers\avgntflt.sys

In the meantime, go into the services console:

Click start->run->type services.msc

Hit Enter

The services are listed alphabetically

See if there are any listed beginning with AVG but don't do anything - just report back

Exit services.msc

Please post a new HJT log.

Please upload the following files, one at a time to the Virus Total Scanner by browsing to each file's folder location. If Virus Total is busy, you can try the Jotti malware scan page

c:\program files\Common Files\jynosevyhu.vbs

c:\program files\Common Files\aqus.bin

Report back only if threats were detected by any of the scanners.

Link to post
Share on other sites

I have to review your log and see how we should proceed Monday because it's getting late now and that can lead to mistakes.

Most everything deleted in Combofix, but this is still remaining:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

orkzuztv

I see you were successful in installing the recovery console.

I have to also see if any AVG remnants are visible.

This BTW, is Avira NOT AVG7.5:

c:\windows\system32\drivers\avgntflt.sys

In the meantime, go into the services console:

Click start->run->type services.msc

Hit Enter

The services are listed alphabetically

See if there are any listed beginning with AVG but don't do anything - just report back

Exit services.msc

Please post a new HJT log.

Please upload the following files, one at a time to the Virus Total Scanner by browsing to each file's folder location. If Virus Total is busy, you can try the Jotti malware scan page

c:\program files\Common Files\jynosevyhu.vbs

c:\program files\Common Files\aqus.bin

Report back only if threats were detected by any of the scanners.

I completely understand. Thanks for your help. In the service list, there were no entries beginning with AVG.

Also, there were no threats detected from either of the two files, both said 0% (0/40).

Here is the latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:47:58 PM, on 5/17/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://myuhportal.hawaii.edu/cp/home/displaylogin

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1241583068796

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab

O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) -

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab

O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--

End of file - 10663 bytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.