Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Redirecting Sites....Firefox crashing....internet networks s

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Redirecting Sites....Firefox crashing....internet networks s

Unread postby alysia03 » April 12th, 2009, 9:44 pm

Ok so the problem I'm having is that when I click on links after doing a google search, I'm redirected to other searching sites that are related to whatever I'm searching. I also am having firefox randomly crash regardless of what I'm doing, and my internet networks disappearing without doing anything. I know the problems are with my computer and not my network, so I have ran AVG, Stopzilla, Spybot, Malwarebytes... and I've only had cookies found. Since the problems are continuing I'm still working on finding the root of this problem. I ran Hijackthis and this is my log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:58 PM, on 4/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5233442984
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Avlib\SSScsiSV.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 13986 bytes


Any Help you can provide would be much appreciated!
Thanks!
alysia03
Active Member
 
Posts: 5
Joined: April 12th, 2009, 9:38 pm
Top
Advertisement
Register to Remove

Re: Redirecting Sites....Firefox crashing....internet networks s

Unread postby jpshortstuff » April 14th, 2009, 7:38 am

Hi,

Please download DaonolFix from the link below and save it to your Desktop
Download Mirror #1
  • Double-click DaonolFix.exe to run it.
  • Select 1. Find Daonol (no fix) by typing 1 and pressing Enter.
  • You will see a lot of files being listed - don't worry, they are just being scanned.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called DaonolFix.txt).

Download ComboFix by sUBs from here or here

Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

**Save it to your desktop**

We need to disable one or more of your security programs so that they do not interfere with ComboFix.

Please open the AVG Control Center program, by right clicking on the AVG 8 icon on task bar.
  • Click on Tools.
  • Select Advanced.
  • In the left hand pane, scroll down to "Resident Shield".
  • In the main pane, deselect the option to "Enable Resident Shield".
    To re-enable AVG 8, select "Enable Resident Shield" again.

Double click on ComboFix.exe & follow the prompts. If you are prompted to install the Recovery Console I recommend you go ahead and hit yes.
When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT log

Notes:
  1. Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
  4. ComboFix disconnects your machine from the internet when it runs. This connection should be automatically restored when ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Thanks.
User avatar
jpshortstuff
WTT Malware Team
WTT Malware Team
 
Posts: 973
Joined: May 1st, 2007, 12:56 pm
Top

Re: Redirecting Sites....Firefox crashing....internet networks s

Unread postby alysia03 » April 14th, 2009, 5:27 pm

=====Find Daonol=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"="wdmaud.drv"
"aux1"="wdmaud.drv"
"aux2"="C:\WINDOWS\system32\..\hod.rds"
"midi"="wdmaud.drv"
"midi1"="wdmaud.drv"
"midimapper"="midimap.dll"
"mixer"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msaudio1"="msaud32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msg723"="msg723.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.siren"="sirenacm.dll"
"msacm.sl_anet"="sl_anet.acm"
"msacm.trspch"="tssoft32.acm"
"MSVideo8"="VfWWDM32.dll"
"vidc.cvid"="iccvid.dll"
"VIDC.dvsd"="C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll"
"VIDC.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"vidc.iv50"="ir50_32.dll"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.M261"="msh261.drv"
"vidc.M263"="msh263.drv"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"wave"="wdmaud.drv"
"wave1"="wdmaud.drv"
"wavemapper"="msacm32.drv"

-=Daonol Files=-
(none found)

-=End Of File=-
alysia03
Active Member
 
Posts: 5
Joined: April 12th, 2009, 9:38 pm
Top

Re: Redirecting Sites....Firefox crashing....internet networks s

Unread postby alysia03 » April 14th, 2009, 5:42 pm

combo fix

* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\setup.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-14 21:31 . 2006-03-03 07:42 73728 ----a-w C:\pv.exe
2009-04-14 21:10 . 2009-04-14 21:16 744 ----a-w c:\windows\system32\drivers\kgpcpy.cfg
2009-04-13 00:38 . 2009-04-13 00:38 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-13 00:38 . 2009-04-13 00:38 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-13 00:38 . 2009-04-13 00:38 -------- d-----w c:\documents and settings\Alysia Walters\Application Data\SUPERAntiSpyware.com
2009-04-13 00:37 . 2009-04-13 00:37 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-13 00:24 . 2009-04-13 00:24 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-13 00:24 . 2009-04-13 00:24 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-13 00:24 . 2009-04-13 00:24 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-13 00:24 . 2009-04-14 21:18 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-13 00:24 . 2009-04-13 00:24 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-12 07:47 . 2009-04-12 07:49 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-12 07:47 . 2009-04-12 07:49 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-12 07:00 . 2009-04-12 07:11 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-11 22:58 . 2009-04-11 22:58 -------- d-----w c:\documents and settings\All Users\Application Data\SITEguard
2009-04-11 22:56 . 2009-04-12 17:40 -------- d-----w c:\program files\STOPzilla!
2009-04-11 22:56 . 2009-04-11 22:56 -------- d-----w c:\program files\Common Files\iS3
2009-04-11 22:56 . 2009-04-14 21:31 -------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2009-04-06 18:21 . 2009-04-06 18:21 -------- d-----w c:\program files\AVG
2009-03-31 21:57 . 2009-03-31 21:57 17408 ----a-r c:\windows\system32\SZIO5.dll
2009-03-31 21:56 . 2009-03-31 21:56 294912 ----a-r c:\windows\system32\SZBase5.dll
2009-03-31 21:55 . 2009-03-31 21:55 540672 ----a-r c:\windows\system32\SZComp5.dll
2009-03-27 17:56 . 2009-03-27 17:56 126976 ----a-r c:\windows\system32\IS3HTUI5.dll
2009-03-27 17:55 . 2009-03-27 17:55 393216 ----a-r c:\windows\system32\IS3DBA5.dll
2009-03-27 17:55 . 2009-03-27 17:55 372736 ----a-r c:\windows\system32\IS3UI5.dll
2009-03-27 17:55 . 2009-03-27 17:55 61440 ----a-r c:\windows\system32\IS3Hks5.dll
2009-03-27 17:54 . 2009-03-27 17:54 23040 ----a-r c:\windows\system32\IS3XDat5.dll
2009-03-27 17:54 . 2009-03-27 17:54 221184 ----a-r c:\windows\system32\IS3Win325.dll
2009-03-27 17:54 . 2009-03-27 17:54 94208 ----a-r c:\windows\system32\IS3Inet5.dll
2009-03-27 17:53 . 2009-03-27 17:53 90112 ----a-r c:\windows\system32\IS3Svc5.dll
2009-03-27 17:50 . 2009-03-27 17:50 716800 ----a-r c:\windows\system32\IS3Base5.dll
2009-03-27 00:39 . 2008-04-14 07:15 60032 -c--a-w c:\windows\system32\dllcache\usbaudio.sys
2009-03-27 00:39 . 2008-04-14 07:15 60032 ----a-w c:\windows\system32\drivers\USBAUDIO.sys
2009-03-22 20:45 . 2009-03-22 20:45 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-16 19:48 . 2009-03-16 19:48 -------- d-----w c:\documents and settings\Alysia Walters\Application Data\Hermitech Laboratory
2009-03-16 19:48 . 2009-03-16 19:48 -------- d-----w c:\program files\Hermitech Laboratory

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 05:12 . 2008-11-11 06:26 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-13 01:32 . 2008-10-28 21:54 -------- d-----w c:\program files\Trend Micro
2009-04-13 01:00 . 2009-03-06 23:26 -------- d-----w c:\program files\Norton Security Scan
2009-04-12 22:59 . 2008-12-31 05:09 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-11 01:00 . 2008-10-28 22:14 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-08 18:58 . 2008-11-17 06:52 73181 ----a-w C:\hpfr3425.log
2009-04-08 18:58 . 2008-11-17 06:52 524 ----a-w C:\hpfr3420.xml
2009-04-06 22:32 . 2008-12-31 05:09 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 22:32 . 2008-12-31 05:09 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-15 21:04 . 2009-03-15 21:04 -------- d-----w c:\program files\Pearson Prentice Hall
2009-03-12 19:18 . 2009-03-12 19:18 54656 ----a-r c:\windows\system32\drivers\SZKG.sys
2009-03-09 03:08 . 2009-03-09 02:59 -------- d-----w c:\documents and settings\Alysia Walters\Application Data\Move Networks
2009-03-06 23:21 . 2009-02-09 02:29 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-21 15:25 . 2009-02-21 15:25 691592 ----a-w c:\windows\system32\OGACheckControl.DLL
2009-02-18 22:37 . 2005-12-06 20:46 91944 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-09 11:13 . 2005-12-06 02:20 1846784 ----a-w c:\windows\system32\win32k.sys
2005-12-06 20:46 . 2008-10-28 22:28 12328 ----a-w c:\documents and settings\Alysia Walters\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-12-06 19:47 . 2008-10-28 22:28 136 ----a-w c:\documents and settings\Alysia Walters\Local Settings\Application Data\fusioncache.dat
2005-12-06 19:47 . 2005-12-06 19:47 136 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-09 2828184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-16 136600]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-05-16 551032]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-20 184320]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-02 289576]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-13 1932568]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-08-09 14743552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Trend Micro Anti-Spyware.lnk - c:\program files\Trend Micro\Tmas\Tmas.exe [2008-10-28 1310720]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= "c:\program files\Trend Micro\Tmas\sshook.dll" [2008-10-28 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-13 00:24 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-08-12 02:09 73728 ----a-w c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 22:12 32768 ----a-w c:\program files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

S0 szkg5;szkg;c:\windows\system32\DRIVERS\szkg.sys [2009-03-12 54656]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-13 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-13 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-13 298264]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2005-11-30 28800]

.
Contents of the 'Scheduled Tasks' folder

2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-02-19 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4226901360.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-10 01:56]

2009-04-13 c:\windows\Tasks\Norton Security Scan for Alysia Walters.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 03:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Mouse Suite 98 Daemon - ICO.EXE


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
FF - ProfilePath - c:\documents and settings\Alysia Walters\Application Data\Mozilla\Firefox\Profiles\3j7srvou.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Alysia Walters\Application Data\Mozilla\Firefox\Profiles\3j7srvou.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 14:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'lsass.exe'(828)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
.
Completion time: ~,10time:~,-3
ComboFix-quarantined-files.txt 2009-04-14 21:39

Pre-Run: 69,332,021,248 bytes free
Post-Run: 69,593,952,256 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /PAE

205 --- E O F --- 2009-04-12 17:09
alysia03
Active Member
 
Posts: 5
Joined: April 12th, 2009, 9:38 pm
Top

Re: Redirecting Sites....Firefox crashing....internet networks s

Unread postby jpshortstuff » April 15th, 2009, 4:12 am

Hi,

1. Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: Select all
File::
C:\WINDOWS\hod.rds

FileLook::
C:\pv.exe

Registry::
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux2"=-


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.


Please go to Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.


Please go to this site:
Bleeping Computer Submission

Please paste a link to this topic in the first field. Browse to the following file:
c:\windows\system32\drivers\kgpcpy.cfg

Click Send File.


Let me know how things are running.
User avatar
jpshortstuff
WTT Malware Team
WTT Malware Team
 
Posts: 973
Joined: May 1st, 2007, 12:56 pm
Top

Re: Redirecting Sites....Firefox crashing....internet networks s

Unread postby alysia03 » April 15th, 2009, 3:49 pm

combofix

* Created a new restore point

FILE ::
c:\windows\hod.rds
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\hod.rds

.
((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.

2009-04-15 19:41 . 2009-04-15 19:41 150 ----a-w c:\windows\system32\spupdsvc.inf
2009-04-15 00:11 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 00:11 . 2009-03-06 14:22 284160 ----a-w c:\windows\system32\SET155.tmp
2009-04-15 00:11 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 00:11 . 2009-02-09 12:10 401408 ----a-w c:\windows\system32\SET154.tmp
2009-04-15 00:11 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-15 00:11 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 00:11 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 00:11 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 00:11 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 00:11 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 00:11 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 00:11 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 00:05 . 2009-04-15 19:40 -------- d-----w c:\windows\LastGood
2009-04-15 00:04 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 00:04 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 00:04 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 21:31 . 2006-03-03 07:42 73728 ----a-w C:\pv.exe
2009-04-14 21:10 . 2009-04-14 21:16 744 ----a-w c:\windows\system32\drivers\kgpcpy.cfg
2009-04-13 00:38 . 2009-04-13 00:38 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-13 00:38 . 2009-04-13 00:38 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-13 00:38 . 2009-04-13 00:38 -------- d-----w c:\documents and settings\Alysia Walters\Application Data\SUPERAntiSpyware.com
2009-04-13 00:37 . 2009-04-13 00:37 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-13 00:24 . 2009-04-13 00:24 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-13 00:24 . 2009-04-13 00:24 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-13 00:24 . 2009-04-13 00:24 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-13 00:24 . 2009-04-15 19:31 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-13 00:24 . 2009-04-13 00:24 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-12 07:47 . 2009-04-12 07:49 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-12 07:47 . 2009-04-12 07:49 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-12 07:00 . 2009-04-12 07:11 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-11 22:58 . 2009-04-11 22:58 -------- d-----w c:\documents and settings\All Users\Application Data\SITEguard
2009-04-11 22:56 . 2009-04-12 17:40 -------- d-----w c:\program files\STOPzilla!
2009-04-11 22:56 . 2009-04-11 22:56 -------- d-----w c:\program files\Common Files\iS3
2009-04-11 22:56 . 2009-04-14 21:31 -------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2009-04-06 18:21 . 2009-04-06 18:21 -------- d-----w c:\program files\AVG
2009-03-31 21:57 . 2009-03-31 21:57 17408 ----a-r c:\windows\system32\SZIO5.dll
2009-03-31 21:56 . 2009-03-31 21:56 294912 ----a-r c:\windows\system32\SZBase5.dll
2009-03-31 21:55 . 2009-03-31 21:55 540672 ----a-r c:\windows\system32\SZComp5.dll
2009-03-27 17:56 . 2009-03-27 17:56 126976 ----a-r c:\windows\system32\IS3HTUI5.dll
2009-03-27 17:55 . 2009-03-27 17:55 393216 ----a-r c:\windows\system32\IS3DBA5.dll
2009-03-27 17:55 . 2009-03-27 17:55 372736 ----a-r c:\windows\system32\IS3UI5.dll
2009-03-27 17:55 . 2009-03-27 17:55 61440 ----a-r c:\windows\system32\IS3Hks5.dll
2009-03-27 17:54 . 2009-03-27 17:54 23040 ----a-r c:\windows\system32\IS3XDat5.dll
2009-03-27 17:54 . 2009-03-27 17:54 221184 ----a-r c:\windows\system32\IS3Win325.dll
2009-03-27 17:54 . 2009-03-27 17:54 94208 ----a-r c:\windows\system32\IS3Inet5.dll
2009-03-27 17:53 . 2009-03-27 17:53 90112 ----a-r c:\windows\system32\IS3Svc5.dll
2009-03-27 17:50 . 2009-03-27 17:50 716800 ----a-r c:\windows\system32\IS3Base5.dll
2009-03-27 00:39 . 2008-04-14 07:15 60032 -c--a-w c:\windows\system32\dllcache\usbaudio.sys
2009-03-27 00:39 . 2008-04-14 07:15 60032 ----a-w c:\windows\system32\drivers\USBAUDIO.sys
2009-03-22 20:45 . 2009-03-22 20:45 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-16 19:48 . 2009-03-16 19:48 -------- d-----w c:\documents and settings\Alysia Walters\Application Data\Hermitech Laboratory
2009-03-16 19:48 . 2009-03-16 19:48 -------- d-----w c:\program files\Hermitech Laboratory

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 05:19 . 2008-11-11 06:26 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-13 01:32 . 2008-10-28 21:54 -------- d-----w c:\program files\Trend Micro
2009-04-13 01:00 . 2009-03-06 23:26 -------- d-----w c:\program files\Norton Security Scan
2009-04-12 22:59 . 2008-12-31 05:09 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-11 01:00 . 2008-10-28 22:14 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-08 18:58 . 2008-11-17 06:52 73181 ----a-w C:\hpfr3425.log
2009-04-08 18:58 . 2008-11-17 06:52 524 ----a-w C:\hpfr3420.xml
2009-04-06 22:32 . 2008-12-31 05:09 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 22:32 . 2008-12-31 05:09 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-27 06:58 . 2009-04-15 00:04 1203922 ----a-w c:\windows\AppPatch\SET10D.tmp
2009-03-15 21:04 . 2009-03-15 21:04 -------- d-----w c:\program files\Pearson Prentice Hall
2009-03-12 19:18 . 2009-03-12 19:18 54656 ----a-r c:\windows\system32\drivers\SZKG.sys
2009-03-09 03:08 . 2009-03-09 02:59 -------- d-----w c:\documents and settings\Alysia Walters\Application Data\Move Networks
2009-03-06 23:21 . 2009-02-09 02:29 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-21 15:25 . 2009-02-21 15:25 691592 ----a-w c:\windows\system32\OGACheckControl.DLL
2009-02-18 22:37 . 2005-12-06 20:46 91944 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-09 12:10 . 2005-12-06 02:20 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-12-06 02:20 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2005-12-06 02:20 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2005-12-06 02:20 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 02:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2005-12-06 02:20 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2005-12-06 02:20 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2005-12-06 02:20 35328 ----a-w c:\windows\system32\sc.exe
2005-12-06 20:46 . 2008-10-28 22:28 12328 ----a-w c:\documents and settings\Alysia Walters\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-12-06 19:47 . 2008-10-28 22:28 136 ----a-w c:\documents and settings\Alysia Walters\Local Settings\Application Data\fusioncache.dat
2005-12-06 19:47 . 2005-12-06 19:47 136 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\pv.exe -- Unable to find Resource table header.
File Size: 73728
Created Time: 2009-04-14 21:31
Modified Time: 2006-03-03 07:42
Accessed Time: 2009-04-15 19:35
MD5: 92BD80F82FE8A28385B7D9D3F215E8B3
SHA: E1EC40D4458B269D009D9C60344DE3D187385290


((((((((((((((((((((((((((((( SnapShot@2009-04-14_21.38.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-28 22:46 . 2007-08-11 04:46 26488 c:\windows\system32\spupdsvc.exe
+ 2008-10-28 22:46 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
- 2005-12-06 19:07 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2005-12-06 19:07 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll
+ 2005-12-06 02:20 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
+ 2009-04-15 00:11 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
- 2008-11-12 06:08 . 2009-03-11 14:44 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-11-12 06:08 . 2009-04-15 19:34 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-11-12 06:08 . 2009-03-11 14:44 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-11-12 06:08 . 2009-04-15 19:34 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-11-12 06:08 . 2009-03-11 14:44 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-11-12 06:08 . 2009-04-15 19:34 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-11-12 06:08 . 2009-03-11 14:44 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-11-12 06:08 . 2009-04-15 19:34 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-04-15 19:35 . 2009-04-15 19:35 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-02-16 18:21 . 2009-02-16 18:21 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-04-15 00:04 . 2008-05-03 11:55 2560 c:\windows\system32\xpsp4res.dll
+ 2008-11-12 06:08 . 2009-04-15 19:34 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-11-12 06:08 . 2009-03-11 14:44 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-12-06 02:20 . 2009-02-06 11:11 110592 c:\windows\system32\services.exe
+ 2005-12-06 02:20 . 2009-02-09 12:10 714752 c:\windows\system32\ntdll.dll
+ 2005-12-06 02:20 . 2009-02-09 12:10 729088 c:\windows\system32\lsasrv.dll
+ 2009-04-15 00:04 . 2008-04-21 12:08 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2009-04-15 00:11 . 2009-02-06 10:10 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2009-04-15 00:11 . 2009-02-09 12:10 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2009-04-15 00:11 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\services.exe
+ 2009-04-15 00:11 . 2009-02-09 12:10 401408 c:\windows\system32\dllcache\rpcss.dll
+ 2009-04-15 00:11 . 2009-03-06 14:22 284160 c:\windows\system32\dllcache\pdh.dll
+ 2009-04-15 00:11 . 2009-02-09 12:10 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2009-04-15 00:11 . 2009-02-09 12:10 729088 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-04-15 00:11 . 2009-02-09 12:10 473600 c:\windows\system32\dllcache\fastprox.dll
+ 2009-04-15 00:11 . 2009-02-09 12:10 617472 c:\windows\system32\dllcache\advapi32.dll
- 2005-12-06 02:20 . 2008-04-14 13:41 617472 c:\windows\system32\advapi32.dll
+ 2005-12-06 02:20 . 2009-02-09 12:10 617472 c:\windows\system32\advapi32.dll
+ 2005-12-06 02:20 . 2008-04-14 13:41 617472 c:\windows\system32\_000024_.tmp.dll
+ 2005-12-06 02:20 . 2008-04-14 13:41 728064 c:\windows\system32\_000023_.tmp.dll
+ 2005-12-06 02:20 . 2008-04-14 13:41 706048 c:\windows\system32\_000022_.tmp.dll
+ 2005-12-06 02:20 . 2008-04-14 13:42 108544 c:\windows\system32\_000021_.tmp.dll
- 2008-11-12 06:08 . 2009-03-11 14:44 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-11-12 06:08 . 2009-04-15 19:34 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-11-12 06:08 . 2009-04-15 19:34 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-11-12 06:08 . 2009-03-11 14:44 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-11-12 06:08 . 2009-03-11 14:44 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-11-12 06:08 . 2009-04-15 19:34 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-11-12 06:08 . 2009-04-15 19:34 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-11-12 06:08 . 2009-03-11 14:44 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-11-12 06:08 . 2009-03-11 14:44 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-12 06:08 . 2009-04-15 19:34 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2005-12-06 02:20 . 2009-02-06 11:08 2189056 c:\windows\system32\ntoskrnl.exe
- 2004-08-03 22:59 . 2008-08-14 09:33 2066048 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-03 22:59 . 2009-02-08 02:02 2066048 c:\windows\system32\ntkrnlpa.exe
+ 2008-10-28 22:57 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-28 22:57 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-28 22:57 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-28 22:57 . 2008-08-14 09:33 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-28 22:57 . 2009-02-08 02:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-28 22:57 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-28 22:57 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-28 22:57 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-28 22:57 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-28 22:57 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-28 22:57 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-28 22:57 . 2009-02-08 02:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-28 22:57 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-28 22:57 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-09 2828184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-16 136600]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-05-16 551032]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-20 184320]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-02 289576]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-13 1932568]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-08-09 14743552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Trend Micro Anti-Spyware.lnk - c:\program files\Trend Micro\Tmas\Tmas.exe [2008-10-28 1310720]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= "c:\program files\Trend Micro\Tmas\sshook.dll" [2008-10-28 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-13 00:24 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-08-12 02:09 73728 ----a-w c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 22:12 32768 ----a-w c:\program files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2008-07-09 26488]
S0 szkg5;szkg;c:\windows\system32\DRIVERS\szkg.sys [2009-03-12 54656]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-13 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-13 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-13 298264]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2005-11-30 28800]

.
Contents of the 'Scheduled Tasks' folder

2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-02-19 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4226901360.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-10 01:56]

2009-04-13 c:\windows\Tasks\Norton Security Scan for Alysia Walters.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
FF - ProfilePath - c:\documents and settings\Alysia Walters\Application Data\Mozilla\Firefox\Profiles\3j7srvou.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Alysia Walters\Application Data\Mozilla\Firefox\Profiles\3j7srvou.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 12:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'lsass.exe'(828)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
.
Completion time: ~,10time:~,-3
ComboFix-quarantined-files.txt 2009-04-15 19:45
ComboFix2.txt 2009-04-14 21:40

Pre-Run: 69,276,733,440 bytes free
Post-Run: 69,183,852,544 bytes free

306 --- E O F --- 2009-04-15 19:36


HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:08 PM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5233442984
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Avlib\SSScsiSV.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14433 bytes
alysia03
Active Member
 
Posts: 5
Joined: April 12th, 2009, 9:38 pm
Top

Re: Redirecting Sites....Firefox crashing....internet networks s

Unread postby jpshortstuff » April 16th, 2009, 4:44 am

Have you had a chance to run Kaspersky or upload that file?

Things are starting to look a lot better.
User avatar
jpshortstuff
WTT Malware Team
WTT Malware Team
 
Posts: 973
Joined: May 1st, 2007, 12:56 pm
Top

Re: Redirecting Sites....Firefox crashing....internet networks s

Unread postby alysia03 » April 16th, 2009, 3:46 pm

I ran the Karpesky and it said it didn't find anything. It didn't create a file though.
alysia03
Active Member
 
Posts: 5
Joined: April 12th, 2009, 9:38 pm
Top

Re: Redirecting Sites....Firefox crashing....internet networks s

Unread postby jpshortstuff » April 18th, 2009, 3:41 am

Hi alsyia03

Log looks good :thumbup:


Click Start >> Run, and then type ComboFix /u and hit enter.
You can now delete any other tools I had you download and use, unless you wish to keep them.

Now that your system appears to be clean, there's just a few steps I'd like you to take to prevent any future infections.

  • Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis.

  • You don't appear to be running any third party Firewall software.

    Install a firewall! Without a firewall you are very susceptible to being hacked, and people could gain access to your computer. If you don't have a firewall I strongly recommend you download ONE of the following:
    1) Comodo
    2) Agnitum
    3) Sunbelt/Kerio

  • Make sure you update your Anti-Virus software regularly, new viruses are being developed all the time.

  • Some more programs that it would be useful to have [OPTIONAL but RECOMMENDED]:

    SpywareBlaster is another real-time scanner that prevents most spyware from even being installed.
    Freely available: Download SpywareBlaster

    Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Also, please read this great article by Tony Klein: So How Did I Get Infected In First Place

Glad we could be of assistance.

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

Stay Clean!

jpshortstuff
User avatar
jpshortstuff
WTT Malware Team
WTT Malware Team
 
Posts: 973
Joined: May 1st, 2007, 12:56 pm
Top

Re: Redirecting Sites....Firefox crashing....internet networks s

Unread postby NonSuch » April 23rd, 2009, 7:08 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 255 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index