Avira detection

aliEnRIK

Not sure what you mean, but restore it regardless

caza01

right here we go combofix report

ComboFix 09-12-31.A1 - Caroline 02/01/2010 1:19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.476 [GMT 0:00]
Running from: c:\documents and settings\Caroline\Desktop\QWERTY.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-635193602-2416652941-2193123588-500
c:\windows\kb913800.exe
.
((((((((((((((((((((((((( Files Created from 2009-12-02 to 2010-01-02 )))))))))))))))))))))))))))))))
.
2010-01-01 22:44 . 2010-01-01 22:44

---

d

---

w- c:\program files\Trend Micro
2009-12-23 20:40 . 2009-12-23 20:40 43828 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-23 20:32 . 2009-12-23 20:32

---

d

---

w- c:\program files\iPod
2009-12-23 20:32 . 2009-12-23 20:33

---

d

---

w- c:\program files\iTunes
2009-12-23 20:32 . 2009-12-23 20:33

---

d

---

w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-23 20:30 . 2009-12-23 20:30

---

d

---

w- c:\program files\Bonjour
2009-12-23 20:26 . 2009-12-23 20:26

---

d

---

w- c:\program files\Apple Software Update
2009-12-14 17:01 . 2009-12-14 17:01

---

d-sh--w- c:\documents and settings\Darren\IECompatCache
2009-12-14 16:33 . 2009-12-14 16:33

---

d

---

w- c:\program files\Citrix
2009-12-14 16:33 . 2009-12-14 16:33

---

d

---

w- c:\documents and settings\Darren\Local Settings\Application Data\Citrix
2009-12-14 16:33 . 2009-12-14 16:33 103784 ----a-w- c:\documents and settings\Darren\GoToAssistDownloadHelper.exe
2009-12-14 15:35 . 2009-12-14 15:37

---

dc-h--w- c:\windows\ie8
2009-12-13 17:55 . 2009-12-13 17:55

---

d

---

w- c:\documents and settings\Caroline\Local Settings\Application Data\Motive
2009-12-04 23:22 . 2009-12-31 21:52 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 01:35 . 2008-11-09 19:45

---

d

---

w- c:\documents and settings\Caroline\Application Data\uTorrent
2010-01-02 00:18 . 2008-04-11 22:47

---

d

---

w- c:\program files\BT Auto Backup
2010-01-01 23:55 . 2009-06-26 22:07

---

d

---

w- c:\program files\Windows Media Connect 2
2010-01-01 23:23 . 2006-09-01 09:55

---

d

---

w- c:\program files\Common Files\Symantec Shared
2010-01-01 21:20 . 2007-08-23 21:00

---

d

---

w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-31 21:52 . 2009-10-26 22:06

---

d

---

w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 14:55 . 2009-10-26 22:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 14:54 . 2009-10-26 22:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-27 22:06 . 2006-09-01 09:53

---

d

---

w- c:\program files\Google
2009-12-23 20:40 . 2008-06-21 23:03

---

d

---

w- c:\documents and settings\Caroline\Application Data\Apple Computer
2009-12-23 20:32 . 2008-06-21 23:00

---

d

---

w- c:\program files\Common Files\Apple
2009-12-23 20:29 . 2008-06-21 23:01

---

d

---

w- c:\program files\QuickTime
2009-12-07 16:04 . 2009-11-16 00:38 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-24 23:11 . 2009-11-24 23:11 33558 ----a-w- c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe
2009-11-22 21:07 . 2006-09-01 09:47

---

d

---

w- c:\program files\Common Files\Adobe
2009-11-18 21:10 . 2006-09-01 09:53

---

d

---

w- c:\program files\Picasa2
2009-11-16 10:47 . 2009-11-16 10:47

---

d

---

w- c:\program files\CCleaner
2009-11-16 00:38 . 2009-11-16 00:38

---

d

---

w- c:\program files\Avira
2009-11-16 00:38 . 2009-11-16 00:38

---

d

---

w- c:\documents and settings\All Users\Application Data\Avira
2009-11-12 17:07 . 2009-11-12 17:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 07:45 . 2006-08-31 03:36 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2006-08-31 03:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-08-31 03:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2006-08-31 03:36 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2006-08-31 03:36 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2006-08-31 03:36 79872 ----a-w- c:\windows\system32\raschap.dll
.

---

Sigcheck

---

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40 . C0C58464D54EA06B0DDEDBF8DB8E7F3D . 96512 . . . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-10 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon1]
@="{B976888E-DC7B-456C-A62F-44EA07ED231F}"
[HKEY_CLASSES_ROOT\CLSID\{B976888E-DC7B-456C-A62F-44EA07ED231F}]
2009-03-06 21:31 282624 ----a-w- c:\program files\BT Auto Backup\VaultClientMenu.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon2]
@="{E30CEB29-7F47-4d0e-B2E1-56A7FC25E97D}"
[HKEY_CLASSES_ROOT\CLSID\{E30CEB29-7F47-4d0e-B2E1-56A7FC25E97D}]
2009-03-06 21:31 278528 ----a-w- c:\program files\BT Auto Backup\VaultClientIcon.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-22 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-27 7561216]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-27 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 483328]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-24 28672]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]
"TrayStartup"="c:\program files\BT Auto Backup\VaultClientTray.exe" [2009-03-06 224360]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-17 198160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Caroline\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-6-25 344064]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Photo Loader supervisory.lnk - c:\program files\CASIO\Photo Loader\Plauto.exe [2007-8-23 217088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-12-14 16:33 13672 ----a-w- c:\program files\Citrix\GoToAssist\599\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 15:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
R0 DRVMCDB;DRVMCDB;c:\windows\system32\drivers\DRVMCDB.SYS [25/06/2008 21:54 89264]
R1 avipbb;avipbb;c:\windows\system32\drivers\avipbb.sys [16/11/2009 00:38 96104]
R1 DLACDBHM;DLACDBHM;c:\windows\system32\drivers\DLACDBHM.SYS [25/06/2008 21:54 5660]
R1 DLARTL_N;DLARTL_N;c:\windows\system32\drivers\DLARTL_N.SYS [25/06/2008 21:54 22684]
R1 DMICall;Sony DMI Call service;c:\windows\system32\drivers\DMICall.sys [01/09/2006 09:42 3952]
R1 ssmdrv;ssmdrv;c:\windows\system32\drivers\ssmdrv.sys [16/11/2009 00:38 28520]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA;c:\windows\system32\drivers\tosrfcom.sys [31/08/2006 14:41 64896]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [16/11/2009 00:38 108289]
R2 Apple Mobile Device;Apple Mobile Device;c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [28/08/2009 19:42 144672]
R2 DLABOIOM;DLABOIOM;c:\windows\system32\DLA\DLABOIOM.SYS [25/06/2008 21:54 25724]
R2 DLADResN;DLADResN;c:\windows\system32\DLA\DLADResN.SYS [25/06/2008 21:54 2496]
R2 DLAIFS_M;DLAIFS_M;c:\windows\system32\DLA\DLAIFS_M.SYS [25/06/2008 21:54 86844]
R2 DLAOPIOM;DLAOPIOM;c:\windows\system32\DLA\DLAOPIOM.SYS [25/06/2008 21:54 14716]
R2 DLAPoolM;DLAPoolM;c:\windows\system32\DLA\DLAPoolM.SYS [25/06/2008 21:54 6364]
R2 DLAUDF_M;DLAUDF_M;c:\windows\system32\DLA\DLAUDF_M.SYS [25/06/2008 21:54 88476]
R2 DLAUDFAM;DLAUDFAM;c:\windows\system32\DLA\DLAUDFAM.SYS [25/06/2008 21:54 94460]
R2 DRVNDDM;DRVNDDM;c:\windows\system32\drivers\DRVNDDM.SYS [25/06/2008 21:54 40544]
R2 ehRecvr;Media Center Receiver Service;c:\windows\ehome\ehrecvr.exe [31/08/2006 11:49 237568]
R2 ehSched;Media Center Scheduler Service;c:\windows\ehome\ehSched.exe [31/08/2006 11:49 102912]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service;c:\program files\Intel\Wireless\Bin\RegSrvc.exe [02/07/2006 20:42 327680]
R2 s24trans;WLAN Transport;c:\windows\system32\drivers\s24trans.sys [02/07/2006 22:16 12544]
R2 VAIO Event Service;VAIO Event Service;c:\program files\Sony\VAIO Event Service\VESMgr.exe [01/09/2006 09:45 176128]
R2 VaultClientSRV;BT Auto Backup Service;c:\program files\BT Auto Backup\VaultClientSRV.exe [04/12/2007 22:19 982120]
R2 VaultClientUpgrade;BT Auto Backup Upgrade Service;c:\program files\BT Auto Backup\VaultClientUpgrade.exe [04/12/2007 22:19 56424]
R2 VzCdbSvc;VAIO Entertainment Database Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [01/09/2006 09:54 131072]
R2 VzFw;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [01/09/2006 09:54 118784]
R3 ApfiltrService;Alps Pointing-device Filter Driver;c:\windows\system32\drivers\Apfiltr.sys [31/08/2006 03:37 108767]
R3 HSF_DPV;HSF_DPV;c:\windows\system32\drivers\HSF_DPV.sys [31/08/2006 03:37 990592]
R3 HSFHWAZL;HSFHWAZL;c:\windows\system32\drivers\HSFHWAZL.sys [31/08/2006 03:37 208256]
R3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETw3x32.sys [31/08/2006 15:17 1706752]
R3 SNC;Sony Notebook Control Device;c:\windows\system32\drivers\SonyNC.sys [31/08/2006 03:37 48896]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [31/08/2006 03:37 226304]
R3 tosporte;Bluetooth Port Driver from Toshiba;c:\windows\system32\drivers\tosporte.sys [31/08/2006 14:41 47488]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [?]
S2 McciCMService;McciCMService;c:\program files\Common Files\Motive\McciCMService.exe [14/11/2008 22:29 319488]
S2 NVSvc;NVIDIA Display Driver Service;c:\windows\system32\nvsvc32.exe [31/08/2006 03:37 143428]
S2 VCI;VAIO Cooporated Initialisation;c:\program files\Sony\VAIO Cooperated Initialisation\VCI_svc.exe [01/09/2006 09:53 398336]
S3 GoToAssist;GoToAssist;c:\program files\Citrix\GoToAssist\599\g2aservice.exe [14/12/2009 16:34 13160]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\Sony\Image Converter 2\IcVzMon.exe [05/10/2006 08:27 32768]
S3 LEX_AS_NIC_SERVICE_YNOS;LAN-Express AS IEEE 802.11g Wireless Network Adapter Service;c:\windows\system32\drivers\ExpasAG.sys [31/08/2006 15:14 489696]
S3 MHN;MHN;c:\windows\System32\svchost.exe -k netsvcs [31/08/2006 03:36 14336]
S3 MHNDRV;MHN driver;c:\windows\system32\drivers\mhndrv.sys [31/08/2006 11:50 11008]
S3 MREMP50;MREMP50 NDIS Protocol Driver;c:\progra~1\COMMON~1\Motive\MREMP50.SYS [14/11/2008 22:29 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;\??\c:\progra~1\COMMON~1\Motive\MREMP50a64.SYS --> c:\progra~1\COMMON~1\Motive\MREMP50a64.SYS [?]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver;\??\c:\progra~1\COMMON~1\Motive\MREMPR5.SYS --> c:\progra~1\COMMON~1\Motive\MREMPR5.SYS [?]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver;\??\c:\progra~1\COMMON~1\Motive\MRENDIS5.SYS --> c:\progra~1\COMMON~1\Motive\MRENDIS5.SYS [?]
S3 MRESP50;MRESP50 NDIS Protocol Driver;c:\progra~1\COMMON~1\Motive\MRESP50.SYS [14/11/2008 22:29 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;\??\c:\progra~1\COMMON~1\Motive\MRESP50a64.SYS --> c:\progra~1\COMMON~1\Motive\MRESP50a64.SYS [?]
S3 MSCSPTISRV;MSCSPTISRV;c:\program files\Common Files\Sony Shared\Avlib\MSCSPTISRV.exe [27/04/2006 16:35 53337]
S3 PACSPTISVR;PACSPTISVR;c:\program files\Common Files\Sony Shared\Avlib\PACSPTISVR.exe [27/04/2006 16:27 49241]
S3 QV2KUX;Casio Digital Camera;c:\windows\system32\drivers\qv2kux.sys [26/10/2007 21:25 3328]
S3 SPTISRV;Sony SPTI Service;c:\program files\Common Files\Sony Shared\Avlib\SPTISRV.exe [27/04/2006 16:16 69718]
S3 SSScsiSV;SonicStage SCSI Service;c:\program files\Common Files\Sony Shared\Avlib\SSScsiSV.exe [05/10/2006 08:32 69632]
S3 toshidpt;TOSHIBA Bluetooth HID port driver;c:\windows\system32\drivers\toshidpt.sys [31/08/2006 14:41 3712]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA;c:\windows\system32\drivers\tosrfbd.sys [31/08/2006 14:41 108928]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA;c:\windows\system32\drivers\tosrfbnp.sys [31/08/2006 14:41 37632]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA;c:\windows\system32\drivers\tosrfhid.sys [31/08/2006 14:41 62848]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA;c:\windows\system32\drivers\tosrfnds.sys [31/08/2006 14:41 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA;c:\windows\system32\drivers\tosrfsnd.sys [31/08/2006 14:41 52864]
S3 Tosrfusb;Bluetooth USB Controller;c:\windows\system32\drivers\tosrfusb.sys [31/08/2006 14:41 40192]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [01/09/2006 09:54 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server;c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe [05/10/2006 08:33 2084864]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [05/10/2006 08:33 57344]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [05/10/2006 08:33 770048]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server;c:\program files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [05/10/2006 08:33 155648]
.
Contents of the 'Scheduled Tasks' folder
2009-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2010-01-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-18 22:11]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://home.bt.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: &Search
IE: Add RSS Support Site to VAIO Information FLOW - c:\program files\Sony\VAIO Information FLOW\aiesc.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
Trusted Zone: elc.co.uk\www
Trusted Zone: motive.com\pbttbc.bt
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: Microsoft XML Parser for Java - [URL]file://c:\windows\Java\classes\xmldso.cab[/URL]
DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - hxxp://static.photobox.co.uk/sg/common/ImageUploader4.cab
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
SafeBoot-MCODS

**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86F5FE07]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75e2f28
\Driver\ACPI -> ACPI.sys @ 0xf7455cb8
\Driver\atapi -> atapi.sys @ 0xf73ef852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf72e5bb0
PacketIndicateHandler -> NDIS.sys @ 0xf72f2a21
SendHandler -> NDIS.sys @ 0xf72d087b
user & kernel MBR OK
**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_USERS\S-1-5-21-1617414117-3856491440-282225146-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\599\G2AWinLogon.dll
c:\windows\system32\VESWinlogon.dll
- - - - - - - > 'lsass.exe'(932)
c:\windows\system32\WININET.dll
.
Completion time: 2010-01-02 01:39:20
ComboFix-quarantined-files.txt 2010-01-02 01:39
Pre-Run: 20,634,243,072 bytes free
Post-Run: 20,892,172,288 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - 2EA825AB1257A6D7B788976306DDBF65

caza01

still getting detection pop ups arrrrrrrrrrr

caza01

not sure if i have completed the hostsxpert correctly as you state I should unzip once downloaded how do I do this ? and I also did not get a make writeable button but did get Restore Microsoft's Hosts File and then clicked OK. Then ran combofix as directed

caza01

right way past my bed time will check back in tomorrow (or should I say later today) thanks your help is very much appriciated......

aliEnRIK

caza01 wrote: »

not sure if i have completed the hostsxpert correctly as you state I should unzip once downloaded how do I do this ? and I also did not get a make writeable button but did get Restore Microsoft's Hosts File and then clicked OK. Then ran combofix as directed

Double click the file thats downloaded
It 'should' automatically open windows inbuilt program to UNZIP it
Once its unzipped (Decompressed = usable), you can then RUN the program (And follow the sintructions I gave)

if it DOESNT open a program to unzip it then download WINRAR and use that ~
http://www.filehippo.com/download/file/3a011da15130df0a46f647a547c8f45421a79c8de1f3b3ef146992a5e36622bc/
Install it. Double click the 'hostsxpert'zip. Click 'EXTRACT TO' then select DESKTOP and OK
You can then run the program from the desktop

caza01

Good afternoon, here we go again but only have limited time so may have to post back later today.... already have winrar installed so have click extract to the desktop and opened and run the program however followed the instructions from the previous post but cant see anything that states make writeable only able to to see RESTORE MS FILES

aliEnRIK

Maybe theyve changed it. Hang fire, ill run it and see what the options are

aliEnRIK

Ok. Mine has it ~ are you running as an ADMINISTRATOR (You need to be)
RIGHT CLICK the file and select RUN AS ADMINISTRATOR.

'MAKE WRITABLE' is top left

aliEnRIK

Failing the above does it work if you do just click to restore the files?