Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google links redirected


  • This topic is locked This topic is locked
21 replies to this topic

#1 jdk7204

jdk7204

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 14 February 2009 - 09:23 PM

Last week I was infected with antimalware xp and used these forums to get rid of it (I think) using Malwarebytes and SuperAntiSpyware. Now my google links are redirected to different search/shopping sites. I ran the drweb-cureit, SDfix, and Fixwareout, but am still being redirected. Thanks in advance for the help.
Jim
Here's my DSS log...

DDS (Ver_09-02-01.01) - NTFSx86
Run by Jim at 20:03:47.98 on Sat 02/14/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.393 [GMT -6:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jim\Desktop\Programs\dds.scr

============== Pseudo HJT Report ===============

uStart Page =
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: aol.com\free
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jim\applic~1\mozilla\firefox\profiles\2ag9tzbp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\google\google updater\2.3.1314.1135\npCIDetect12.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 SlingAgentService;SlingAgent Service;c:\program files\sling media\slingagent\SlingAgentService.exe [2008-12-10 88576]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-2 1245064]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-8 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090214.022\NAVENG.SYS [2009-2-14 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090214.022\NAVEX15.SYS [2009-2-14 876112]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-7-24 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-7-24 226304]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2006-7-24 17251]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [2006-7-24 7520]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [2006-2-10 46848]
S3 SCRx31 USB Reader;SCRx31 USB Reader;c:\windows\system32\drivers\stc2.sys [2002-7-3 56320]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 XMUNIVERSAL;xmuni.sys driver;c:\windows\system32\drivers\xmuni.sys [2006-12-2 49408]

=============== Created Last 30 ================

2009-02-14 16:24 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-02-14 16:20 <DIR> --d----- c:\windows\ERUNT
2009-02-14 16:19 <DIR> --d----- C:\SDFix
2009-02-14 16:15 <DIR> --d----- c:\documents and settings\jim\DoctorWeb
2009-02-14 15:46 <DIR> --d----- C:\fixwareout
2009-02-12 11:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-12 11:45 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-12 11:45 <DIR> --d----- c:\docume~1\jim\applic~1\SUPERAntiSpyware.com
2009-02-12 11:45 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-02-10 15:31 0 a------- C:\-468528450
2009-02-10 14:34 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-10 14:34 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-10 14:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-10 12:14 <DIR> --d----- c:\windows\Start Menu
2009-02-10 12:14 <DIR> --d----- c:\windows\Favorites
2009-02-10 12:14 <DIR> --d----- c:\windows\Application Data
2009-02-10 09:45 473 a------- c:\windows\system32\win32hlp.cnf
2009-02-10 09:45 133,632 ac------ c:\windows\system32\dllcache\userinit.exe
2009-02-08 22:05 <DIR> --d----- c:\windows\system32\N360_BACKUP
2009-02-08 19:33 <DIR> --d----- c:\program files\Norton 360
2009-02-08 19:28 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-08 19:28 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-02-08 19:28 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-08 19:28 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-02-08 19:27 <DIR> --d----- c:\program files\Symantec
2009-02-08 19:10 <DIR> --d----- c:\program files\Enigma Software Group
2009-02-05 03:36 529 a------- c:\windows\system32\winlogon2.exe
2009-02-04 03:27 2,204 a------- c:\windows\kezatfox

==================== Find3M ====================

2009-02-10 09:45 133,632 a------- c:\windows\system32\userinit.exe

============= FINISH: 20:04:25.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:18 AM

Posted 22 February 2009 - 02:51 PM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 jdk7204

jdk7204
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 22 February 2009 - 05:21 PM

Thanks for the reply. I still need help, but now is not a good time for me to spend a lot of time with the computer. It would be best if I went back into the cue until Wed or so. I'll try to keep up as best I can though if you want to do it now. Here's my lastest dds and attachment. Some info I didn't post in my original post is that I'm using Firefox and it occurs for both google and yahoo. I also reloaded JAVA as a previous thread suggested and ran some online scans, but it didn't have an effect. Thanks again,
Jim

DDS (Ver_09-02-01.01) - NTFSx86
Run by Jim at 16:10:45.53 on Sun 02/22/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.325 [GMT -6:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jim\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page =
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: aol.com\free
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jim\applic~1\mozilla\firefox\profiles\2ag9tzbp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\google\google updater\2.3.1314.1135\npCIDetect12.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-2-15 28544]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 SlingAgentService;SlingAgent Service;c:\program files\sling media\slingagent\SlingAgentService.exe [2008-12-10 88576]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-2 1245064]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-8 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090222.003\NAVENG.SYS [2009-2-22 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090222.003\NAVEX15.SYS [2009-2-22 876144]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-7-24 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-7-24 226304]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-2-17 33752]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2006-7-24 17251]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [2006-7-24 7520]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [2006-2-10 46848]
S3 SCRx31 USB Reader;SCRx31 USB Reader;c:\windows\system32\drivers\stc2.sys [2002-7-3 56320]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 XMUNIVERSAL;xmuni.sys driver;c:\windows\system32\drivers\xmuni.sys [2006-12-2 49408]

=============== Created Last 30 ================

2009-02-16 12:04 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-02-16 12:02 <DIR> --d----- c:\documents and settings\jim\.housecall6.6
2009-02-15 23:11 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-02-15 23:10 <DIR> --d----- c:\program files\Panda Security
2009-02-15 15:22 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-15 15:22 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-14 16:24 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-02-14 16:20 <DIR> --d----- c:\windows\ERUNT
2009-02-14 16:19 <DIR> --d----- C:\SDFix
2009-02-14 16:15 <DIR> --d----- c:\documents and settings\jim\DoctorWeb
2009-02-14 15:46 <DIR> --d----- C:\fixwareout
2009-02-12 11:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-12 11:45 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-12 11:45 <DIR> --d----- c:\docume~1\jim\applic~1\SUPERAntiSpyware.com
2009-02-12 11:45 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-02-10 15:31 0 a------- C:\-468528450
2009-02-10 14:34 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-10 14:34 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-10 14:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-10 12:14 <DIR> --d----- c:\windows\Start Menu
2009-02-10 12:14 <DIR> --d----- c:\windows\Favorites
2009-02-10 12:14 <DIR> --d----- c:\windows\Application Data
2009-02-10 09:45 473 a------- c:\windows\system32\win32hlp.cnf
2009-02-10 09:45 26,112 ac------ c:\windows\system32\dllcache\userinit.exe
2009-02-08 22:05 <DIR> --d----- c:\windows\system32\N360_BACKUP
2009-02-08 19:33 <DIR> --d----- c:\program files\Norton 360
2009-02-08 19:28 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-08 19:28 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-02-08 19:28 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-08 19:28 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-02-08 19:27 <DIR> --d----- c:\program files\Symantec
2009-02-08 19:10 <DIR> --d----- c:\program files\Enigma Software Group
2009-02-05 03:36 529 a------- c:\windows\system32\winlogon2.exe
2009-02-04 03:27 2,204 a------- c:\windows\kezatfox

==================== Find3M ====================


============= FINISH: 16:11:51.43 ===============

Attached Files



#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:18 AM

Posted 23 February 2009 - 03:38 AM

Hi,

Ok. I'll post the further instructions ready anyway :thumbup2:


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 jdk7204

jdk7204
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 24 February 2009 - 12:44 AM

Here are the results, Combo fix first...
(still having re-directs)


ComboFix 09-02-21.01 - Jim 2009-02-23 23:23:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.440 [GMT -6:00]
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated)
FW: Norton 360 *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\setup.exe
c:\windows\system32\init32.exe
c:\windows\system32\win32hlp.cnf
c:\windows\system32\winlogon2.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-24 to 2009-02-24 )))))))))))))))))))))))))))))))
.

2009-02-17 19:05 . 2009-02-17 19:05 <DIR> d-------- c:\program files\NOS
2009-02-17 19:05 . 2009-02-17 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-02-16 12:04 . 2009-02-16 12:03 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-02-16 12:02 . 2009-02-16 12:05 <DIR> d-------- c:\documents and settings\Jim\.housecall6.6
2009-02-15 23:11 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-02-15 23:10 . 2009-02-15 23:10 <DIR> d-------- c:\program files\Panda Security
2009-02-15 15:22 . 2009-02-15 15:21 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-15 15:22 . 2009-02-15 15:21 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-14 16:24 . 2009-02-14 16:24 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-02-14 16:20 . 2009-02-14 16:20 <DIR> d-------- c:\windows\ERUNT
2009-02-14 16:19 . 2009-02-14 19:48 <DIR> d-------- C:\SDFix
2009-02-14 16:15 . 2009-02-14 16:15 <DIR> d-------- c:\documents and settings\Jim\DoctorWeb
2009-02-14 15:46 . 2009-02-14 15:51 <DIR> d-------- C:\fixwareout
2009-02-12 11:46 . 2009-02-12 11:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-12 11:45 . 2009-02-13 03:15 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-12 11:45 . 2009-02-12 11:45 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-12 11:45 . 2009-02-12 11:45 <DIR> d-------- c:\documents and settings\Jim\Application Data\SUPERAntiSpyware.com
2009-02-10 15:31 . 2009-02-10 15:31 0 --a------ C:\-468528450
2009-02-10 14:34 . 2009-02-10 14:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-10 14:34 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-10 14:34 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-10 12:14 . 2009-02-10 12:14 <DIR> d-------- c:\windows\Start Menu
2009-02-10 12:14 . 2009-02-10 12:14 <DIR> d-------- c:\windows\Favorites
2009-02-10 12:14 . 2009-02-10 12:14 <DIR> d-------- c:\windows\Application Data
2009-02-10 09:45 . 2008-04-13 18:12 26,112 --a--c--- c:\windows\system32\dllcache\userinit.exe
2009-02-08 22:05 . 2009-02-08 22:05 <DIR> d-------- c:\windows\system32\N360_BACKUP
2009-02-08 19:33 . 2009-02-08 19:33 <DIR> d-------- c:\program files\Windows Sidebar
2009-02-08 19:33 . 2009-02-08 20:27 <DIR> d-------- c:\program files\Norton 360
2009-02-08 19:28 . 2009-02-08 19:56 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-08 19:28 . 2009-02-08 19:56 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-02-08 19:28 . 2009-02-08 19:56 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-08 19:28 . 2009-02-08 19:56 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-02-08 19:27 . 2009-02-08 19:56 <DIR> d-------- c:\program files\Symantec
2009-02-08 19:10 . 2009-02-08 21:02 <DIR> d-------- c:\program files\Enigma Software Group
2009-02-04 03:27 . 2009-02-11 01:49 2,204 --a------ c:\windows\kezatfox
2009-01-24 16:33 . 2009-01-24 16:35 <DIR> d-------- c:\program files\Winamp
2009-01-24 16:33 . 2009-01-24 16:35 <DIR> d-------- c:\documents and settings\Jim\Application Data\Winamp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 05:25 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-18 02:32 --------- d-----w c:\program files\PokerStars
2009-02-15 21:21 --------- d-----w c:\program files\Java
2009-02-14 16:38 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-14 16:19 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-10 20:31 --------- d-----w c:\program files\Trend Micro
2009-02-09 01:57 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-09 01:38 --------- d-----w c:\documents and settings\Jim\Application Data\Symantec
2009-01-20 17:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-09 05:34 --------- d-----w c:\documents and settings\Jim\Application Data\Malwarebytes
2009-01-09 05:34 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-08 23:14 --------- d-----w c:\documents and settings\Jim\Application Data\BitTorrent
2009-01-08 23:14 --------- d-----w c:\documents and settings\Jim\Application Data\Auslogics
2009-01-08 23:14 --------- d-----w c:\documents and settings\Jim\Application Data\Apple Computer
2009-01-08 23:14 --------- d-----w c:\documents and settings\Jim\Application Data\Amazon
2009-01-08 23:14 --------- d-----w c:\documents and settings\Jim\Application Data\AdobeUM
2009-01-08 15:23 --------- d-----w c:\program files\iTunes
2009-01-08 15:23 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-08 15:22 --------- d-----w c:\program files\iPod
2009-01-08 15:22 --------- d-----w c:\program files\Common Files\Apple
2009-01-08 15:20 --------- d-----w c:\program files\QuickTime
2008-06-30 19:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-15 148888]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-07-10 130864]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-07-10 15:28 281088 c:\program files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 15:51 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ActivCard Gold Smart Card Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ActivCard Gold Smart Card Agent.lnk
backup=c:\windows\pss\ActivCard Gold Smart Card Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ActivClient Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk
backup=c:\windows\pss\ActivClient Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub]
--a------ 2007-05-15 15:08 293168 c:\program files\ActivIdentity\ActivClient\accrdsub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirPort Base Station Agent]
--a------ 2008-05-20 14:17 737280 c:\program files\AirPort\APAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2006-05-08 06:17 81920 c:\progra~1\Sony\SONICS~1\SSAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
--a------ 2006-02-14 13:11 176128 c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-06-14 00:32 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
--a------ 2005-12-27 14:58 69632 c:\program files\Sony\VAIO Camera Utility\VCUServe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-27 15:19 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"SPTISRV"=3 (0x3)
"SonicStageMonitoring"=2 (0x2)
"iPod Service"=3 (0x3)
"Image Converter video recording monitor for VAIO Entertainment"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ALG"=3 (0x3)
"Accoca"=2 (0x2)
"acautoreg"=2 (0x2)
"ACachSrv"=2 (0x2)
"PACSPTISVR"=3 (0x3)
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"Turn Off Monitor Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:UDP"= 5353:UDP:Bonjour

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-15 28544]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 SlingAgentService;SlingAgent Service;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2008-12-10 88576]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-08 99376]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-07-24 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-07-24 226304]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-02-17 33752]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2006-07-24 17251]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [2006-07-24 7520]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [2006-02-10 46848]
S3 SCRx31 USB Reader;SCRx31 USB Reader;c:\windows\system32\drivers\stc2.sys [2002-07-03 56320]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 XMUNIVERSAL;xmuni.sys driver;c:\windows\system32\drivers\xmuni.sys [2006-12-02 49408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
\Shell\AutoRun\command - e:\sony\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-acEventServ - c:\program files\ActivCard\ActivCard Gold\acevtsrv.exe
MSConfigStartUp-Auto LogOff - c:\program files\Turn Off Monitor\AutoLogOff.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
MSConfigStartUp-Turn Off Monitor - c:\program files\Turn Off Monitor\TurnOffMon.exe


.
------- Supplementary Scan -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2ag9tzbp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\Google\Google Updater\2.3.1314.1135\npCIDetect12.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-23 23:25:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-212050406-319311033-1941454399-1005\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-212050406-319311033-1941454399-1005\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-212050406-319311033-1941454399-1005\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-212050406-319311033-1941454399-1005\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1284)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\aipingui.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
.
Completion time: 2009-02-23 23:27:39
ComboFix-quarantined-files.txt 2009-02-24 05:27:36

Pre-Run: 58,196,672,512 bytes free
Post-Run: 58,387,992,576 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

326 --- E O F --- 2009-02-15 09:03:03

DDS Report

DDS (Ver_09-02-01.01) - NTFSx86
Run by Jim at 23:35:06.70 on Mon 02/23/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.351 [GMT -6:00]

AV: Norton 360 *On-access scanning disabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jim\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page =
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: aol.com\free
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jim\applic~1\mozilla\firefox\profiles\2ag9tzbp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\google\google updater\2.3.1314.1135\npCIDetect12.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-2-15 28544]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 SlingAgentService;SlingAgent Service;c:\program files\sling media\slingagent\SlingAgentService.exe [2008-12-10 88576]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-2 1245064]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-8 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090223.002\NAVENG.SYS [2009-2-23 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090223.002\NAVEX15.SYS [2009-2-23 876144]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-7-24 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-7-24 226304]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-2-17 33752]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2006-7-24 17251]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [2006-7-24 7520]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [2006-2-10 46848]
S3 SCRx31 USB Reader;SCRx31 USB Reader;c:\windows\system32\drivers\stc2.sys [2002-7-3 56320]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 XMUNIVERSAL;xmuni.sys driver;c:\windows\system32\drivers\xmuni.sys [2006-12-2 49408]

=============== Created Last 30 ================

2009-02-23 23:22 <DIR> a-dshr-- C:\cmdcons
2009-02-23 23:21 161,792 a------- c:\windows\SWREG.exe
2009-02-23 23:21 98,816 a------- c:\windows\sed.exe
2009-02-16 12:04 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-02-16 12:02 <DIR> --d----- c:\documents and settings\jim\.housecall6.6
2009-02-15 23:11 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-02-15 23:10 <DIR> --d----- c:\program files\Panda Security
2009-02-15 15:22 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-15 15:22 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-14 16:24 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-02-14 16:20 <DIR> --d----- c:\windows\ERUNT
2009-02-14 16:19 <DIR> --d----- C:\SDFix
2009-02-14 16:15 <DIR> --d----- c:\documents and settings\jim\DoctorWeb
2009-02-14 15:46 <DIR> --d----- C:\fixwareout
2009-02-12 11:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-12 11:45 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-12 11:45 <DIR> --d----- c:\docume~1\jim\applic~1\SUPERAntiSpyware.com
2009-02-12 11:45 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-02-10 15:31 0 a------- C:\-468528450
2009-02-10 14:34 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-10 14:34 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-10 14:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-10 12:14 <DIR> --d----- c:\windows\Start Menu
2009-02-10 12:14 <DIR> --d----- c:\windows\Favorites
2009-02-10 12:14 <DIR> --d----- c:\windows\Application Data
2009-02-10 09:45 26,112 ac------ c:\windows\system32\dllcache\userinit.exe
2009-02-08 22:05 <DIR> --d----- c:\windows\system32\N360_BACKUP
2009-02-08 19:33 <DIR> --d----- c:\program files\Norton 360
2009-02-08 19:28 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-08 19:28 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-02-08 19:28 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-08 19:28 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-02-08 19:27 <DIR> --d----- c:\program files\Symantec
2009-02-08 19:10 <DIR> --d----- c:\program files\Enigma Software Group
2009-02-04 03:27 2,204 a------- c:\windows\kezatfox

==================== Find3M ====================


============= FINISH: 23:35:31.17 ===============

Attached Files



#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:18 AM

Posted 24 February 2009 - 04:05 AM

Hi

Nowadays major part of infections spreads in P2P networks. I recommend you uninstall BitTorrent and other P2P clients installed there.

Do you get redirected with both IE and Firefox?


Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader!


Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\-468528450
c:\windows\kezatfox

DDS::
uStart Page = 

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\drivers\\svchost.exe"=-


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Download ATF (Atribune Temp File) Cleanerę by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here. If you get a message that latest Java must be installed "enable" the Java add-ons in IE7. Do that using "manage add-ons" from the IE7 toolbar.


Post back its report, a fresh hjt log and above mentioned ComboFix resultant log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 jdk7204

jdk7204
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 25 February 2009 - 03:20 PM

IE doesn't seem to be affected, only Firefox. Would uninstalling/reinstalling Firefox help? I forgot to uninstal BitTorrent before reviewing the instructions just now, but it's uninstalled now. I did everything else and restarted my computer. The links are still being redirected. Normally I would get 1-3 correct links before being redirected. This time I made it almost a page of links before they were redirected. I can't get to the second page because the "2" link is redirected. This happens in yahoo and google.

Kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, February 25, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, February 25, 2009 17:24:28
Records in database: 1843771
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 95364
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:46:49

No malware has been detected. The scan area is clean.

The selected area was scanned.


HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:45 PM, on 2/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SlingAgent Service (SlingAgentService) - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 10035 bytes

Combofix

ComboFix 09-02-24.02 - Jim 2009-02-25 11:12:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.503 [GMT -6:00]
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jim\Desktop\cfscript.txt
AV: Norton 360 *On-access scanning disabled* (Updated)
FW: Norton 360 *enabled*
* Created a new restore point

FILE ::
C:\-468528450
c:\windows\kezatfox
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-468528450
c:\windows\kezatfox

.
((((((((((((((((((((((((( Files Created from 2009-01-25 to 2009-02-25 )))))))))))))))))))))))))))))))
.

2009-02-25 11:06 . 2009-02-25 11:06 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-25 11:05 . 2009-02-25 11:05 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-25 10:57 . 2009-02-25 10:57 <DIR> d-------- c:\windows\LastGood
2009-02-17 19:05 . 2009-02-17 19:05 <DIR> d-------- c:\program files\NOS
2009-02-17 19:05 . 2009-02-17 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-02-16 12:04 . 2009-02-16 12:03 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-02-16 12:02 . 2009-02-16 12:05 <DIR> d-------- c:\documents and settings\Jim\.housecall6.6
2009-02-15 23:11 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-02-15 23:10 . 2009-02-15 23:10 <DIR> d-------- c:\program files\Panda Security
2009-02-15 15:22 . 2009-02-15 15:21 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-15 15:22 . 2009-02-15 15:21 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-14 16:24 . 2009-02-14 16:24 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-02-14 16:20 . 2009-02-14 16:20 <DIR> d-------- c:\windows\ERUNT
2009-02-14 16:19 . 2009-02-14 19:48 <DIR> d-------- C:\SDFix
2009-02-14 16:15 . 2009-02-14 16:15 <DIR> d-------- c:\documents and settings\Jim\DoctorWeb
2009-02-14 15:46 . 2009-02-14 15:51 <DIR> d-------- C:\fixwareout
2009-02-12 11:46 . 2009-02-12 11:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-12 11:45 . 2009-02-13 03:15 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-12 11:45 . 2009-02-12 11:45 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-12 11:45 . 2009-02-12 11:45 <DIR> d-------- c:\documents and settings\Jim\Application Data\SUPERAntiSpyware.com
2009-02-10 14:34 . 2009-02-10 14:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-10 14:34 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-10 14:34 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-10 12:14 . 2009-02-10 12:14 <DIR> d-------- c:\windows\Start Menu
2009-02-10 12:14 . 2009-02-10 12:14 <DIR> d-------- c:\windows\Favorites
2009-02-10 12:14 . 2009-02-10 12:14 <DIR> d-------- c:\windows\Application Data
2009-02-10 09:45 . 2008-04-13 18:12 26,112 --a--c--- c:\windows\system32\dllcache\userinit.exe
2009-02-08 22:05 . 2009-02-08 22:05 <DIR> d-------- c:\windows\system32\N360_BACKUP
2009-02-08 19:33 . 2009-02-08 19:33 <DIR> d-------- c:\program files\Windows Sidebar
2009-02-08 19:33 . 2009-02-08 20:27 <DIR> d-------- c:\program files\Norton 360
2009-02-08 19:28 . 2009-02-08 19:56 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-08 19:28 . 2009-02-08 19:56 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-02-08 19:28 . 2009-02-08 19:56 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-08 19:28 . 2009-02-08 19:56 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-02-08 19:27 . 2009-02-08 19:56 <DIR> d-------- c:\program files\Symantec
2009-02-08 19:10 . 2009-02-08 21:02 <DIR> d-------- c:\program files\Enigma Software Group

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-25 17:07 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-18 02:32 --------- d-----w c:\program files\PokerStars
2009-02-15 21:21 --------- d-----w c:\program files\Java
2009-02-14 16:38 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-14 16:19 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-10 20:31 --------- d-----w c:\program files\Trend Micro
2009-02-09 01:57 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-09 01:38 --------- d-----w c:\documents and settings\Jim\Application Data\Symantec
2009-01-24 22:35 --------- d-----w c:\program files\Winamp
2009-01-24 22:35 --------- d-----w c:\documents and settings\Jim\Application Data\Winamp
2009-01-20 17:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-09 05:34 --------- d-----w c:\documents and settings\Jim\Application Data\Malwarebytes
2009-01-09 05:34 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-08 23:14 --------- d-----w c:\documents and settings\Jim\Application Data\BitTorrent
2009-01-08 23:14 --------- d-----w c:\documents and settings\Jim\Application Data\Auslogics
2009-01-08 23:14 --------- d-----w c:\documents and settings\Jim\Application Data\Apple Computer
2009-01-08 23:14 --------- d-----w c:\documents and settings\Jim\Application Data\Amazon
2009-01-08 23:14 --------- d-----w c:\documents and settings\Jim\Application Data\AdobeUM
2009-01-08 15:23 --------- d-----w c:\program files\iTunes
2009-01-08 15:23 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-08 15:22 --------- d-----w c:\program files\iPod
2009-01-08 15:22 --------- d-----w c:\program files\Common Files\Apple
2009-01-08 15:20 --------- d-----w c:\program files\QuickTime
2008-06-30 19:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-23_23.26.02.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 21:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
+ 2009-02-25 16:54:39 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1dc.dat
+ 2009-02-25 16:54:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_37c.dat
+ 2009-02-25 16:54:43 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6c0.dat
+ 2009-02-25 16:54:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_998.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-15 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-07-10 130864]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-07-10 15:28 281088 c:\program files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 15:51 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ActivCard Gold Smart Card Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ActivCard Gold Smart Card Agent.lnk
backup=c:\windows\pss\ActivCard Gold Smart Card Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ActivClient Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk
backup=c:\windows\pss\ActivClient Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub]
--a------ 2007-05-15 15:08 293168 c:\program files\ActivIdentity\ActivClient\accrdsub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirPort Base Station Agent]
--a------ 2008-05-20 14:17 737280 c:\program files\AirPort\APAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2006-05-08 06:17 81920 c:\progra~1\Sony\SONICS~1\SSAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
--a------ 2006-02-14 13:11 176128 c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-06-14 00:32 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
--a------ 2005-12-27 14:58 69632 c:\program files\Sony\VAIO Camera Utility\VCUServe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-27 15:19 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"SPTISRV"=3 (0x3)
"SonicStageMonitoring"=2 (0x2)
"iPod Service"=3 (0x3)
"Image Converter video recording monitor for VAIO Entertainment"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ALG"=3 (0x3)
"Accoca"=2 (0x2)
"acautoreg"=2 (0x2)
"ACachSrv"=2 (0x2)
"PACSPTISVR"=3 (0x3)
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"Turn Off Monitor Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:UDP"= 5353:UDP:Bonjour

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-15 28544]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 SlingAgentService;SlingAgent Service;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2008-12-10 88576]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-08 99376]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-07-24 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-07-24 226304]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-02-17 33752]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2006-07-24 17251]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [2006-07-24 7520]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [2006-02-10 46848]
S3 SCRx31 USB Reader;SCRx31 USB Reader;c:\windows\system32\drivers\stc2.sys [2002-07-03 56320]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 XMUNIVERSAL;xmuni.sys driver;c:\windows\system32\drivers\xmuni.sys [2006-12-02 49408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
\Shell\AutoRun\command - e:\sony\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2ag9tzbp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\Google\Google Updater\2.3.1314.1135\npCIDetect12.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 11:15:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-212050406-319311033-1941454399-1005\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-212050406-319311033-1941454399-1005\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-212050406-319311033-1941454399-1005\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-212050406-319311033-1941454399-1005\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1284)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\aipingui.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
.
Completion time: 2009-02-25 11:17:23
ComboFix-quarantined-files.txt 2009-02-25 17:17:20
ComboFix2.txt 2009-02-24 05:27:40

Pre-Run: 57,930,334,208 bytes free
Post-Run: 57,913,978,880 bytes free

319 --- E O F --- 2009-02-15 09:03:03

Attached Files



#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:18 AM

Posted 26 February 2009 - 02:11 AM

Hi

Please see if reinstall works. Make sure you uninstall Firefox completely (profile data included) first.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 jdk7204

jdk7204
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 26 February 2009 - 01:29 PM

Did it, still being redirected...only in firefox, google and yahoo. Google links are redirected after two or three successful links. Yahoo made it through the page, but was redirected when trying to go to page 2 or more.

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:18 AM

Posted 26 February 2009 - 01:40 PM

Hi

Please post a fresh dds log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 jdk7204

jdk7204
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 26 February 2009 - 06:43 PM

Here's the latest...

DDS (Ver_09-02-01.01) - NTFSx86
Run by Jim at 16:57:06.70 on Thu 02/26/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.239 [GMT -6:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jim\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: aol.com\free
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jim\applic~1\mozilla\firefox\profiles\vajxs3ws.default\
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\google\google updater\2.3.1314.1135\npCIDetect12.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-2-15 28544]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 SlingAgentService;SlingAgent Service;c:\program files\sling media\slingagent\SlingAgentService.exe [2008-12-10 88576]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-2 1245064]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-8 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090226.003\NAVENG.SYS [2009-2-26 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090226.003\NAVEX15.SYS [2009-2-26 876144]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-7-24 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-7-24 226304]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-2-17 33752]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2006-7-24 17251]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [2006-7-24 7520]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [2006-2-10 46848]
S3 SCRx31 USB Reader;SCRx31 USB Reader;c:\windows\system32\drivers\stc2.sys [2002-7-3 56320]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 XMUNIVERSAL;xmuni.sys driver;c:\windows\system32\drivers\xmuni.sys [2006-12-2 49408]

=============== Created Last 30 ================

2009-02-23 23:22 <DIR> a-dshr-- C:\cmdcons
2009-02-23 23:21 161,792 a------- c:\windows\SWREG.exe
2009-02-23 23:21 98,816 a------- c:\windows\sed.exe
2009-02-16 12:04 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-02-16 12:02 <DIR> --d----- c:\documents and settings\jim\.housecall6.6
2009-02-15 23:11 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-02-15 23:10 <DIR> --d----- c:\program files\Panda Security
2009-02-15 15:22 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-15 15:22 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-14 16:24 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-02-14 16:20 <DIR> --d----- c:\windows\ERUNT
2009-02-14 16:19 <DIR> --d----- C:\SDFix
2009-02-14 16:15 <DIR> --d----- c:\documents and settings\jim\DoctorWeb
2009-02-14 15:46 <DIR> --d----- C:\fixwareout
2009-02-12 11:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-12 11:45 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-12 11:45 <DIR> --d----- c:\docume~1\jim\applic~1\SUPERAntiSpyware.com
2009-02-12 11:45 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-02-10 14:34 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-10 14:34 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-10 14:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-10 12:14 <DIR> --d----- c:\windows\Start Menu
2009-02-10 12:14 <DIR> --d----- c:\windows\Favorites
2009-02-10 12:14 <DIR> --d----- c:\windows\Application Data
2009-02-10 09:45 26,112 ac------ c:\windows\system32\dllcache\userinit.exe
2009-02-08 22:05 <DIR> --d----- c:\windows\system32\N360_BACKUP
2009-02-08 19:33 <DIR> --d----- c:\program files\Norton 360
2009-02-08 19:28 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-08 19:28 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-02-08 19:28 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-08 19:28 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-02-08 19:27 <DIR> --d----- c:\program files\Symantec
2009-02-08 19:10 <DIR> --d----- c:\program files\Enigma Software Group

==================== Find3M ====================


============= FINISH: 16:57:59.75 ===============

Attached Files



#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:18 AM

Posted 27 February 2009 - 06:53 AM

Hi


Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
regedit /a c:\regkey.txt "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32"

Double-click on fixes.bat file to execute it. Post back the contents of c:\regkey.txt file.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 jdk7204

jdk7204
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 27 February 2009 - 05:36 PM

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"VIDC.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"wavemapper"="msacm32.drv"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.iac2"="C:\\WINDOWS\\system32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"msacm.l3acm"="C:\\WINDOWS\\system32\\l3codeca.acm"
"MSVideo8"="VfWWDM32.dll"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"wave1"="wdmaud.drv"
"midi1"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"VIDC.dvsd"="C:\\PROGRA~1\\COMMON~1\\SONYSH~1\\VideoLib\\sonydv.dll"
"wave2"="wdmaud.drv"
"midi2"="wdmaud.drv"
"mixer2"="wdmaud.drv"
"VIDC.FFDS"="ff_vfw.dll"
"vidc.DIVX"="DivX.dll"
"vidc.yv12"="DivX.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server\RDP]
"wave"="rdpsnd.dll"
"mixer"="rdpsnd.dll"
"MaxBandwidth"=dword:000056b9
"wavemapper"="msacm32.drv"
"EnableMP3Codec"=dword:00000001
"midimapper"="midimap.dll"

Attached Files



#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:18 AM

Posted 28 February 2009 - 07:59 AM

Hi

I don't see anything out of ordinary there.

Do you use a router to connect internet? If you do, please login to router and see what DNS server addresses are there.


Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category
View, select the Network and Internet Connections category otherwise
double click on Network Connections. Then right click on your default
connection, usually local area connection for cable and dsl, and left
click on properties. Click the Networking tab. Double-click on the
Internet Protocol (TCP/IP) item and select the radio dial that says
Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable on some systems
Next Go start run type cmd and hit OK
type ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 jdk7204

jdk7204
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 28 February 2009 - 09:56 AM

Here's my DNS addresses...they were already set to be obtained automatically. I checked them before and after the flushdns command and then after I restarted my computer. They were the same all three times. While in the network configurations window I noticed a 1394 connection that I haven't noticed before. It probably has been there for years, but I never paid it any attention.

DNS 1 : 205.152.132.23
DNS 2 : 205.152.37.23
DNS 3 :




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users