Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Redirection Virus


  • Please log in to reply
3 replies to this topic

#1 stats007

stats007

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 11 December 2008 - 04:50 AM

A newbie to the forum and after help already I'm afraid!

I have recently 'upgraded' from XP Pro to Vista and whilst installing the usual free security etc I've already contracted a virus. It happens in both Firefox and IE - click on a search link from Google and usually www.copy-book.com appears in the url window briefly followed by www52.search.com and then a random page appears. If I click the back icon to Google and then click on the link it goes there without issue.

My Skype has also stopped working - whether that is related I don't know - reinstalling made no difference. It comes up with a floating point error.

Running Zonealarm, Avira AntiVir, Spybot Search & Destroy and Windows Defender.

I had run HijackThis previously and deleted these:

O17 - HKLM\System\CS9\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105

however they re-appear. I also had a csrssc.exe running which has been removed.

Kaspersky wouldn't download the database for some reason so I went straight to RSIT - logfiles below.

Any help appreciated!

Logfile of random's system information tool 1.04 (written by random/random)
Run by Amazing Alloys at 2008-12-11 09:34:54
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 47 GB (59%) free of 80 GB
Total RAM: 2046 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:35:00, on 11/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Installations\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Amazing Alloys.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CA0EAD2-DDE5-4DF0-88A7-8982163B0A99}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{42F22111-7D25-430F-A802-3399D3B551D8}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS9\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7326 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-06-28 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-06-28 8429568]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-06-28 81920]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-06-10 118784]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-03-03 959976]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2007-06-11 317560]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"lxdimon.exe"=C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe [2007-05-07 435120]
"lxdiamon"=C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe [2007-03-05 20480]
"FaxCenterServer"=C:\Program Files\\Lexmark Fax Solutions\fm3032.exe [2007-05-07 312240]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-09-26 206184]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Amazing Alloys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\Windows\system32\VESWinlogon.dll [2007-07-24 98304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\Amazing Alloys\AppData\Local\Temp\Rar$EX02.192\adobe.exe"="C:\Users\Amazing Alloys\AppData\Local\Temp\Rar$EX02.192\adobe.exe:*:Enabled:Windows Messanger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-12-11 09:34:54 ----D---- C:\rsit
2008-12-06 19:30:45 ----D---- C:\Users\Amazing Alloys\AppData\Roaming\dvdcss
2008-12-05 17:16:30 ----A---- C:\ComboFix.txt
2008-12-05 16:47:31 ----A---- C:\Windows\zip.exe
2008-12-05 16:47:31 ----A---- C:\Windows\VFIND.exe
2008-12-05 16:47:31 ----A---- C:\Windows\SWXCACLS.exe
2008-12-05 16:47:31 ----A---- C:\Windows\SWSC.exe
2008-12-05 16:47:31 ----A---- C:\Windows\SWREG.exe
2008-12-05 16:47:31 ----A---- C:\Windows\sed.exe
2008-12-05 16:47:31 ----A---- C:\Windows\NIRCMD.exe
2008-12-05 16:47:31 ----A---- C:\Windows\grep.exe
2008-12-05 16:47:31 ----A---- C:\Windows\fdsv.exe
2008-12-05 16:47:20 ----D---- C:\Windows\ERDNT
2008-12-05 16:47:20 ----D---- C:\Qoobox
2008-12-05 15:59:59 ----D---- C:\Program Files\Trend Micro
2008-12-05 14:04:29 ----D---- C:\ProgramData\Avira
2008-12-05 14:04:29 ----D---- C:\Program Files\Avira
2008-12-05 12:42:04 ----D---- C:\Users\Amazing Alloys\AppData\Roaming\Skype
2008-12-05 12:41:49 ----D---- C:\Program Files\Skype
2008-12-05 11:17:56 ----A---- C:\Windows\wininit.ini
2008-12-05 10:42:16 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-12-05 10:42:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-05 10:38:52 ----A---- C:\Windows\system32\javaws.exe
2008-12-05 10:38:52 ----A---- C:\Windows\system32\javaw.exe
2008-12-05 10:38:52 ----A---- C:\Windows\system32\java.exe
2008-12-05 10:15:22 ----A---- C:\jucaspj.exe
2008-12-05 10:15:11 ----A---- C:\wtdniivf.exe
2008-11-29 19:42:23 ----D---- C:\Video
2008-11-26 08:58:26 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 08:57:54 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 08:57:54 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 08:57:54 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 08:57:23 ----A---- C:\Windows\system32\connect.dll
2008-11-25 08:13:55 ----D---- C:\Users\Amazing Alloys\AppData\Roaming\Lexmark Productivity Studio
2008-11-20 00:14:15 ----D---- C:\Downloads
2008-11-19 10:21:26 ----A---- C:\Windows\system32\wups2.dll
2008-11-19 10:21:26 ----A---- C:\Windows\system32\wucltux.dll
2008-11-19 10:21:26 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-19 10:21:26 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-19 10:20:56 ----A---- C:\Windows\system32\wups.dll
2008-11-19 10:20:56 ----A---- C:\Windows\system32\wudriver.dll
2008-11-19 10:20:56 ----A---- C:\Windows\system32\wuapi.dll
2008-11-19 10:20:46 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-19 10:20:46 ----A---- C:\Windows\system32\wuapp.exe
2008-11-17 11:17:39 ----D---- C:\Program Files\Common Files\PCSuite
2008-11-16 10:55:09 ----D---- C:\Users\Amazing Alloys\AppData\Roaming\vlc
2008-11-16 10:54:17 ----D---- C:\Program Files\VideoLAN
2008-11-16 09:54:13 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2008-11-16 09:54:12 ----A---- C:\Windows\system32\pthreadGC2.dll
2008-11-16 09:54:12 ----A---- C:\Windows\system32\ff_vfw.dll
2008-11-16 09:54:11 ----D---- C:\Program Files\ffdshow
2008-11-16 09:38:20 ----A---- C:\Windows\system32\msxml3.dll
2008-11-16 09:37:51 ----A---- C:\Windows\system32\msxml6.dll
2008-11-12 15:07:48 ----D---- C:\Users\Amazing Alloys\AppData\Roaming\OpenOffice.org
2008-11-12 14:51:18 ----D---- C:\Program Files\JRE
2008-11-12 14:51:12 ----D---- C:\Program Files\OpenOffice.org 3
2008-11-12 14:49:57 ----D---- C:\Program Files\Common Files\Java

======List of files/folders modified in the last 1 months======

2008-12-11 09:35:00 ----D---- C:\Windows\Temp
2008-12-11 09:35:00 ----D---- C:\Windows\Prefetch
2008-12-11 09:34:43 ----D---- C:\Windows\Internet Logs
2008-12-11 09:34:35 ----D---- C:\Installations
2008-12-11 08:16:04 ----D---- C:\Windows\System32
2008-12-11 08:16:04 ----D---- C:\Windows\inf
2008-12-11 08:16:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-10 18:14:18 ----D---- C:\ProgramData\Lx_cats
2008-12-10 18:14:14 ----HD---- C:\ProgramData
2008-12-10 11:15:35 ----SHD---- C:\System Volume Information
2008-12-05 17:18:45 ----D---- C:\Windows\Minidump
2008-12-05 17:18:42 ----D---- C:\Windows
2008-12-05 17:16:34 ----D---- C:\Windows\system32\en-US
2008-12-05 17:15:23 ----A---- C:\Windows\system.ini
2008-12-05 17:14:21 ----D---- C:\Windows\system32\drivers
2008-12-05 17:14:21 ----D---- C:\Windows\AppPatch
2008-12-05 17:14:21 ----D---- C:\Program Files\Common Files
2008-12-05 17:02:51 ----D---- C:\Program Files\Mozilla Firefox
2008-12-05 16:51:15 ----D---- C:\Windows\system32\config
2008-12-05 16:11:40 ----D---- C:\Windows\system32\WDI
2008-12-05 15:59:59 ----RD---- C:\Program Files
2008-12-05 13:44:51 ----D---- C:\Windows\system32\LogFiles
2008-12-05 12:59:45 ----D---- C:\Program Files\Common Files\Adobe
2008-12-05 12:42:02 ----SHD---- C:\Windows\Installer
2008-12-05 12:42:01 ----SHD---- C:\Config.Msi
2008-12-05 12:41:56 ----D---- C:\Windows\system32\Tasks
2008-12-05 12:41:50 ----D---- C:\ProgramData\Skype
2008-12-05 11:30:45 ----D---- C:\ProgramData\PC Suite
2008-12-05 10:45:49 ----D---- C:\Windows\rescache
2008-12-05 10:44:15 ----D---- C:\Program Files\TomTom HOME 2
2008-12-05 10:43:05 ----D---- C:\Windows\winsxs
2008-12-05 10:38:52 ----D---- C:\Program Files\Java
2008-12-05 10:23:01 ----D---- C:\Windows\system32\catroot2
2008-12-05 10:23:01 ----D---- C:\Windows\system32\catroot
2008-12-05 10:17:38 ----D---- C:\Users\Amazing Alloys\AppData\Roaming\Adobe
2008-12-01 12:53:02 ----RSD---- C:\Windows\Fonts
2008-11-24 08:48:08 ----D---- C:\Users\Amazing Alloys\AppData\Roaming\skypePM
2008-11-19 14:36:19 ----A---- C:\Windows\win.ini
2008-11-19 14:16:54 ----D---- C:\Program Files\Common Files\InstallEngine
2008-11-17 11:17:39 ----D---- C:\Program Files\Common Files\Nokia
2008-11-17 11:15:26 ----D---- C:\Program Files\Nokia
2008-11-17 11:09:58 ----D---- C:\ProgramData\Installations
2008-11-12 20:25:38 ----D---- C:\Windows\ModemLogs
2008-11-12 14:52:50 ----RSD---- C:\Windows\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2007-06-27 10216]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2008-03-03 279440]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-06-05 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-05 8192]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-10 140800]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-07-03 80936]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-03 98608]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-07-03 28464]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-03 17712]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-05 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-05 207360]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-30 2222080]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-06-28 7115072]
R3 R5U870FLx86;R5U870 UVC Lower Filter ; C:\Windows\System32\Drivers\R5U870FLx86.sys [2007-06-28 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ; C:\Windows\System32\Drivers\R5U870FUx86.sys [2007-06-28 43904]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
R3 SNC;Sony Firmware Extension Parser Device; C:\Windows\System32\Drivers\SonyNC.sys [2006-11-06 27520]
R3 ti21sony;ti21sony; C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
R3 usbvideo;R5U870 (UVC) ; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-05 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S1 Ndisprot.sys;Ndisprot.sys; C:\Windows\system32\drivers\Ndisprot.sys [2008-12-05 29184]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-13 330240]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2008-01-21 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 lxdi_device;lxdi_device; C:\Windows\system32\lxdicoms.exe [2007-04-26 517040]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2007-07-24 182392]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2008-03-03 79400]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-06-05 386560]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 99248]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-03-03 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-17 87328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.04 2008-12-11 09:35:02

======Uninstall list======

ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 5.5-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.5\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 5.5\Uninst.dll"
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Alps Pointing-device for VAIO-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
ffdshow [rev 2033] [2008-07-05]-->"C:\Program Files\ffdshow\unins000.exe"
HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200\UIU32m.exe -U -ISnSZIRXz.inf
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07D8511D-C9FE-4A93-933F-EAA5C8F20095}\setup.exe" -l0x9 -remove -removeonly
Intel® TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lexmark 3500-4500 Series-->C:\Program Files\Lexmark 3500-4500 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions-->C:\Program Files\\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1}
Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}
Nokia PC Suite-->C:\ProgramData\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Nokia_PC_Suite_rel_7_0_9_2_eng.exe
Nokia PC Suite-->MsiExec.exe /I{D5577624-0626-4C4B-87AA-D966DA1739D6}
Nokia Software Updater-->MsiExec.exe /X{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Sage Instant Accounts v14-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F9329C54-11AF-4A17-B2D8-C019B81AA1B4}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Video Shared Library-->C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TomTom HOME-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
VAIO Camera Capture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D2576EC-A0E9-418A-A09A-409933A3B6F4}\setup.exe" -l0x9 -removeonly
VAIO Content Metadata Intelligent Analyzing Manager-->C:\Program Files\InstallShield Installation Information\{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Content Metadata XML Interface Library-->C:\Program Files\InstallShield Installation Information\{AEBB1D78-EB8C-4F8B-B57E-459958979C3B}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Content Metadata XML Interface Library-->C:\Program Files\InstallShield Installation Information\{B5E2DF30-1061-4DB4-AF28-08996C8E5680}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72042FA6-5609-489F-A8EA-3C2DD650F667}\setup.exe" -l0x9 -removeonly
VAIO Event Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}\setup.exe" -l0x9 -removeonly
VAIO Original Function Setting-->"C:\Program Files\InstallShield Installation Information\{A63E7492-A0BC-4BB9-89A7-352965222380}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{802889F8-6AF5-45A5-9764-CA5B999E50FC}\setup.exe" -l0x9 -removeonly
VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software 6.1.0.1203-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Windows Driver Package - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_5e0e55c3\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_dcd936c5\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wireless Switch Setting Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}\setup.exe" -l0x9 -removeonly
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O17 - HKLM\System\CCS\Services\Tcpip\..\{42F22111-7D25-430F-A802-3399D3B551D8}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CA0EAD2-DDE5-4DF0-88A7-8982163B0A99}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS9\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{42F22111-7D25-430F-A802-3399D3B551D8}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CA0EAD2-DDE5-4DF0-88A7-8982163B0A99}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS9\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O13 - Gopher Prefix:
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\Users\Amazing Alloys\AppData\Local\Temp\winlogin.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\Users\Amazing Alloys\AppData\Local\Temp\winlogin.exe
O4 - HKLM\..\Run: [{7ABCACD8-3F1E-EB4A-995A-4D0B73EC4F57}] "C:\Users\AMAZIN~1\AppData\Local\Temp\IXP000.TMP\WMPupdate.exe" /r
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: C:\Windows\system32\jsdf8j3dgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsdf8j3dgf.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\twext.exe,
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - (no file)
O23 - Service: FCI - Unknown owner - C:\Windows\system32\fci.exe.exe:ext.exe (file missing)
O2 - BHO: C:\Windows\system32\jsdf8j3dgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsdf8j3dgf.dll
O17 - HKLM\System\CS1\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CA0EAD2-DDE5-4DF0-88A7-8982163B0A99}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS9\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{42F22111-7D25-430F-A802-3399D3B551D8}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{42F22111-7D25-430F-A802-3399D3B551D8}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CA0EAD2-DDE5-4DF0-88A7-8982163B0A99}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{42F22111-7D25-430F-A802-3399D3B551D8}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CA0EAD2-DDE5-4DF0-88A7-8982163B0A99}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS9\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CA0EAD2-DDE5-4DF0-88A7-8982163B0A99}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS9\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{42F22111-7D25-430F-A802-3399D3B551D8}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CA0EAD2-DDE5-4DF0-88A7-8982163B0A99}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CA0EAD2-DDE5-4DF0-88A7-8982163B0A99}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{42F22111-7D25-430F-A802-3399D3B551D8}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{42F22111-7D25-430F-A802-3399D3B551D8}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CA0EAD2-DDE5-4DF0-88A7-8982163B0A99}: NameServer = 85.255.115.54;85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{076B688B-71BA-45EE-8A0A-7FBF57BF9ED9}: NameServer = 85.255.115.54;85.255.112.105

======Security center information======

FW: ZoneAlarm Firewall
AS: Spybot - Search and Destroy
AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Sage SBD
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"tvdumpflags"=8
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Joe - London

Joe - London

  • Security Colleague
  • 327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:08 AM

Posted 11 December 2008 - 12:21 PM

Hi stats007,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Include a new Hijckthis log please and let me know if the issue is resolved.

Joe.

Edited by Joe - London, 11 December 2008 - 12:23 PM.

If I have helped you in any way, please consider a donation:
Posted Image
Member of UNITE and ASAP.

#3 stats007

stats007
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 13 December 2008 - 08:17 AM

Looks like those items were the cause of the redirection

:

Malwarebytes' Anti-Malware 1.31
Database version: 1496
Windows 6.0.6001 Service Pack 1

13/12/2008 13:03:56
mbam-log-2008-12-13 (13-03-56).txt

Scan type: Quick Scan
Objects scanned: 45743
Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 12
Folders Infected: 2
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.54;85.255.112.105 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{076b688b-71ba-45ee-8a0a-7fbf57bf9ed9}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.54;85.255.112.105 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{076b688b-71ba-45ee-8a0a-7fbf57bf9ed9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.54;85.255.112.105 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1ca0ead2-dde5-4df0-88a7-8982163b0a99}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.54;85.255.112.105 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1ca0ead2-dde5-4df0-88a7-8982163b0a99}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.54;85.255.112.105 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{42f22111-7d25-430f-a802-3399d3b551d8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.54;85.255.112.105 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.54;85.255.112.105 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{076b688b-71ba-45ee-8a0a-7fbf57bf9ed9}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.54;85.255.112.105 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{076b688b-71ba-45ee-8a0a-7fbf57bf9ed9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.54;85.255.112.105 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1ca0ead2-dde5-4df0-88a7-8982163b0a99}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.54;85.255.112.105 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1ca0ead2-dde5-4df0-88a7-8982163b0a99}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.54;85.255.112.105 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{42f22111-7d25-430f-a802-3399d3b551d8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.54;85.255.112.105 -> Delete on reboot.

Folders Infected:
C:\Users\Amazing Alloys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\msqpdxwqsctmei.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\drivers\msqpdxmcmccrrx.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\jucaspj.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\homeview\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\msqpdxrfppntlv.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\Prefetch\FCI.EXE.EXE (Trojan.Agent) -> Quarantined and deleted successfully.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:29, on 13/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6511 bytes


Now gone - all working - Skype too!

Many thanks, Joe.

Edited by stats007, 13 December 2008 - 08:19 AM.


#4 Joe - London

Joe - London

  • Security Colleague
  • 327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:08 AM

Posted 13 December 2008 - 10:26 AM

Hi stats007,

Looks like those items were the cause of the redirection

Yes its called a "Wareout Infection" and its been around for a long time trying to wear us all out. lol Fortunately some of the Anti-virus people have now caught up with some varieties of this infection.

That all looks good now just post this so I can look at your securities:

Open Hijackthis,
Click Config | Misc Tools | Open Unistall Manager.
A list of the entries in Add/remove programs will appear.
Click on Save List...
The list will be saved as 'Uninstall_list.txt'
Copy & Paste the contents in your next reply.

Joe.
If I have helped you in any way, please consider a donation:
Posted Image
Member of UNITE and ASAP.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users