Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans detected


  • Please log in to reply
15 replies to this topic

#1 Chumper

Chumper

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 01 September 2011 - 12:59 PM

While running a few scans, I found that some system files were infected with Trojan.Patched!IK and Trojan.Win32.FakeAV!IK.
I have not noticed anything suspicious on this computer yet, but I would appreciate some help in removing these pesky trojans before anything else happens. Thanks in advance.

Here is the DDS log:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Vicki at 13:31:43 on 2011-09-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.104 [GMT -4:00]
.
AV: Ashampoo Anti-MalWare *Enabled/Updated* {91BDFB4E-BA7E-4ABC-9472-A79BA394CA4B}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe
C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Vicki\Local Settings\Application Data\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Main.exe
C:\Documents and Settings\Vicki\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vicki\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vicki\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://shop.trendmicro.com/tmasy/eolsony.html?X=300&Y=300&WIDTH=690&HEIGHT=480
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Google Update] "c:\documents and settings\vicki\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Ashampoo Anti-Malware Guard] "c:\program files\ashampoo\ashampoo anti-malware\AAMW_Guard.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7A6BE754-FDAC-4013-BF7D-0CA9A42BD1D1} : DhcpNameServer = 192.168.2.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R3 AAMWRegFilter;AAMWRegFilter;c:\program files\ashampoo\ashampoo anti-malware\AAMW_Regfilter32.sys [2011-6-28 18584]
R3 ASW3Scan;ASW3Scan;c:\program files\ashampoo\ashampoo anti-malware\AAMW_IFS32.sys [2011-6-28 17816]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2005-3-18 71961]
R3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]
.
=============== Created Last 30 ================
.
2011-09-01 15:22:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-01 15:21:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-01 15:21:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-10 14:09:16 -------- d-----w- C:\df1cc95263066b1246841081ddc21d75
2011-08-10 14:06:49 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 14:06:15 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-03 18:34:20 -------- d-----w- c:\documents and settings\vicki\application data\SUPERAntiSpyware.com
2011-08-03 18:34:01 -------- d-----w- c:\documents and settings\all users\application data\!SASCORE
2011-08-03 18:33:51 -------- d-----w- c:\program files\SUPERAntiSpyware
.
==================== Find3M ====================
.
2011-08-31 21:42:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 13:33:27.32 ===============

BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:52 PM

Posted 05 September 2011 - 10:06 AM

hi Chumper,

Your post is a few days old. If you still need help simply reply back.

How Can I Reduce My Risk to Malware?


#3 Chumper

Chumper
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 05 September 2011 - 10:52 AM

hi Chumper,

Your post is a few days old. If you still need help simply reply back.

Yes, I would still like some help.
My anti-virus has 30 infected files in quarantine.
It now takes a long time to load my desktop, and I get a pop-up that says this:

PMB.exe - Unable To Locate Component
This application has failed to start because adsldpc.dll was not found. Re-installing the application may fix this problem.

Edited by Chumper, 05 September 2011 - 10:54 AM.


#4 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:52 PM

Posted 05 September 2011 - 04:03 PM

I see you have Malwarebytes, Does it come up clean after a scan?

anti-virus has 30 infected files in quarantine.

Its doing its job.

PMB.exe

Related to Pando Media boost, we will come back to it.

You can do a online scan here for another check:

ESET online scanner:



http://www.eset.com/onlinescan/



Use Internet Explorer

check "YES" to accept terms

click start button

allow the ActiveX component to install

click the start button. the Scanner will update.

check both "Remove found threats" and "Scan archives" Leave the defaults checked under Advanced settings

click scan. When it completes click "List found threats"

click "Export to text file.." and save it to your desktop. Post the saved log.

Click "back" and "finish"

How Can I Reduce My Risk to Malware?


#5 Chumper

Chumper
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 05 September 2011 - 07:15 PM

Malwarebytes turns up clean after a scan.
The ESET online scanner also turned up clean, and there was no option to create a log.
I just got a pop-up saying:

RUNDLL
Error loading C:\Windows\system32\inetcpl.cpl
The specified module could not be found.

Ashampoo detected some files in the Google Chrome folders.
Here are the URLs to screenshots of the quarantined list. The files were too big to attach to the post.
http://i54.tinypic.com/2duf37k.jpg
http://i55.tinypic.com/30llxyo.jpg

Thanks for helping me.

Edited by Chumper, 05 September 2011 - 08:33 PM.


#6 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:52 PM

Posted 06 September 2011 - 07:03 PM

Malwarebytes turns up clean after a scan.

good

ESET online scanner also turned up clean

good again

Some of those in the screenshots are in your system restore archive, which we will clean out as a last step.

Post a traditional HJT this log also:

here Get version 2.0.4, not the beta version. Directions on use are on the site also once you get downloaded and installed. all you want to do is create and save a log, then post the log in your reply. Its pretty straight forward.

How Can I Reduce My Risk to Malware?


#7 Chumper

Chumper
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 06 September 2011 - 07:23 PM

Here's the HJT log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:21:42 PM, on 9/6/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe
C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Vicki\Local Settings\Application Data\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shop.trendmicro.com/tmasy/eolsony.html?X=300&Y=300&WIDTH=690&HEIGHT=480
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ashampoo Anti-Malware Guard] "C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Vicki\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Ashampoo Anti-Malware Service (AAMWService) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe
O23 - Service: Ashampoo Anti-Malware WSC Service (AAMW_WSC_Service_XP) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 8574 bytes

#8 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:52 PM

Posted 07 September 2011 - 04:44 PM

looks good, what about that PMB error and the .dll error, still happening?

How Can I Reduce My Risk to Malware?


#9 Chumper

Chumper
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 07 September 2011 - 05:29 PM

Yes, I am still getting the errors.

#10 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:52 PM

Posted 07 September 2011 - 07:22 PM

one of the dlls is related to Panda Media booster. Are you using the latest version? you might try uninstalling, rebooting then reinstalling the application.

How Can I Reduce My Risk to Malware?


#11 Chumper

Chumper
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 07 September 2011 - 07:51 PM

When PMB finished reinstalling, I got this pop-up 4 times:

netsh.exe - Unable to Locate Component
This application has failed to start because adsldpc.dll was not found. Re-installing the application may fix this problem.

Then the PMB.exe pop-up from before appeared as PMB was starting up.
Now that I rebooted after installing, I still get the PMB.exe pop-up.
I have the latest version installed.

#12 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:52 PM

Posted 08 September 2011 - 07:13 PM

do you have any online games installed on your machine?

How Can I Reduce My Risk to Malware?


#13 Chumper

Chumper
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 08 September 2011 - 07:17 PM

Yes, I do have online games installed.

#14 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:52 PM

Posted 11 September 2011 - 04:11 PM

Sorry for the delay. I believe Panda Media Booster is used in on line gaming. I would suggest you visit the games web site for FAQ/troubleshooting and see if you can find about the errors and possible solutions there. Whats the online game(s) you play?

How Can I Reduce My Risk to Malware?


#15 Chumper

Chumper
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 11 September 2011 - 05:31 PM

I uninstalled PMB and the game files, following the posts and help files I've read so I am not getting the pop-up anymore.
I'd appreciate your help with removing the trojans from my system files and Google Chrome files.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users