Solved Google Redirect Virus - My Log

[Resolved] Google Redirect Virus - My Log

Hi,

I am experiencing the same issue as many, where Google/Yahoo/Ask.com search result links are being redirected to spam websites. I have tried to remedy this by running a scan through McAfee Security Centre and last night it advised me it had found a trojan horse and removed it (sorry, I didn't note down the full virus name) but today the problem still remains.

I have run logs as suggested and the results are below - hope you can help, thank you.

--------------------

DDS (Ver_09-01-19.01) - NTFSx86
Run by Hallows at 12:58:08.09 on 01/02/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1526.821 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hallows\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.club-vaio.com/en/
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe "
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe "
uRunOnce: [SAPostInstallPage] iexplore.exe http://www.siteadvisor.com/download...en-gb&os_ver=5.1.3.0&pip=true&installchoice=2
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [SonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe "
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [lxdjmon.exe] "c:\program files\lexmark 1400 series\lxdjmon.exe "
mRun: [lxdjamon] "c:\program files\lexmark 1400 series\lxdjamon.exe "
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [VAIO Update 4] "c:\program files\sony\vaio update 4\VAIOUpdt.exe" /Stationary
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: Add RSS Support Site to VAIO Information FLOW - c:\program files\sony\vaio information flow\aiesc.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\sony\image converter 2\menu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hallows\applic~1\mozilla\firefox\profiles\agtnjaiz.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/1/hi/entertainment/default.stm
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-2-1 201288]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-2-1 695624]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-2-1 79304]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-2-1 35240]
R3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2009-2-1 33800]
R3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2009-2-1 40488]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-8-15 812544]
R4 lxdjCATSCustConnectService;lxdjCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdjserv.exe [2007-12-8 99248]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-1 206096]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-2-1 359248]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-2-1 144704]
R4 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-15 1247600]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2006-8-15 16194]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2006-11-1 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2006-11-1 12672]
S4 0164771233488864mcinstcleanup;McAfee Application Installer Cleanup (0164771233488864);c:\windows\temp\016477~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\016477~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

=============== Created Last 30 ================

2009-02-01 11:53 <DIR> --d----- c:\docume~1\hallows\applic~1\McAfee
2009-02-01 11:45 2,111 a------- c:\windows\system32\Config.MPF
2009-02-01 10:11 <DIR> --d----- c:\program files\SiteAdvisor
2009-02-01 10:11 <DIR> --d----- c:\docume~1\hallows\applic~1\SiteAdvisor
2009-02-01 10:11 143,360 a------- c:\windows\system32\dunzip32.dll
2009-02-01 10:09 33,800 a------- c:\windows\system32\drivers\mferkdk.sys
2009-02-01 10:09 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-02-01 10:09 201,288 a------- c:\windows\system32\drivers\mfehidk.sys
2009-02-01 10:09 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-02-01 10:09 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-02-01 10:09 113,952 a------- c:\windows\system32\drivers\Mpfp.sys
2009-02-01 10:08 <DIR> --d----- c:\program files\McAfee.com
2009-02-01 10:08 <DIR> --d----- c:\program files\common files\McAfee
2009-02-01 10:08 <DIR> --d----- c:\program files\McAfee
2009-02-01 00:27 <DIR> --d----- c:\program files\Trend Micro
2009-01-30 23:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2009-01-30 22:26 299 ---shr-- C:\autorun.inf
2009-01-30 21:34 87,608 a------- c:\docume~1\hallows\applic~1\inst.exe
2009-01-30 21:34 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-01-30 21:34 47,360 a------- c:\docume~1\hallows\applic~1\pcouffin.sys
2009-01-30 21:34 102,439 a------- c:\windows\system32\sipr3260.dll
2009-01-30 21:34 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-01-30 21:34 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-01-30 21:34 217,127 a------- c:\windows\system32\drv43260.dll
2009-01-30 21:34 208,935 a------- c:\windows\system32\drv33260.dll
2009-01-30 21:34 176,165 a------- c:\windows\system32\drv23260.dll
2009-01-30 21:34 65,602 a------- c:\windows\system32\cook3260.dll
2009-01-30 21:34 <DIR> --d----- c:\program files\VSO
2009-01-30 19:29 69 a------- c:\windows\NeroDigital.ini

==================== Find3M ====================

2009-01-25 21:35 21,716 a------- c:\docume~1\hallows\applic~1\wklnhst.dat
2008-12-29 14:09 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-17 19:47 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-11 10:57 333,952 a------- c:\windows\system32\drivers\srv.sys

============= FINISH: 12:58:53.84 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 30/10/2006 19:37:09
System Uptime: 02/01/2009 11:40:03 (721 hours ago)

Motherboard: Sony Corporation | | VAIO
Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | N/A | 1596/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 1.411 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 29.34 GiB free.
E: is Removable
F: is Removable
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6300
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6300
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP284: 30/01/2009 18:54:40 - Installed Nero 7 Ultra Edition

==== Installed Programs ======================


Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
µTorrent
AutoUpdate
Bonjour
Browser Address Error Redirector
CCScore
ConvertXtoDVD 3.3.4.107
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DNA
DVgate Plus
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
High Definition Audio Driver Package - KB835221
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Image Converter 2 Plus
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
InterVideo WinDVD for VAIO
iTunes
iTunes Genre Art Manager
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Pro 8
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
Java(TM) SE Runtime Environment 6 Update 1
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LAN-Express AS IEEE 802.11 Wireless LAN
LegalSounds Music Downloader 1.4
Lexmark 1400 Series
Macromedia Flash Player 8
McAfee SecurityCenter
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Works
MixVibes DVS uninstall
mMHouse
MobileMe Control Panel
Mozilla Firefox (3.0.5)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mXML
My Club VAIO MCE 1.0.0
neroxml
netbrdg
Nokia Connectivity Cable Driver
Office 2003 Trial Assistant
OfotoXMI
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module 4.5.01
PC Connectivity Solution
Picasa 2
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
Samsung PC Studio
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Setting Utility Series
SFR
SHASTA
skin0001
SKINXSDK
Sky Anytime
Soft Data Fax Modem with SmartCP
Sony MP4 Shared Library
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
staticcr
Symantec KB-DocID:2003093015493306
tooltips
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
VAIO Control Center
VAIO Entertainment Platform
VAIO Event Service
VAIO Hardware Diagnostics
VAIO Information FLOW
VAIO Long Battery Life Wallpaper
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Online Registration (English)
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management
VAIO Product Survey
VAIO Sea Wallpaper
VAIO Starfish Wallpaper
VAIO Update 4
VLC media player 0.9.8a
VOR
VPRINTOL
VPS
WebFldrs XP
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Imaging Component
Windows Live installer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
Wireless LAN Starter
Wireless Switch Setting Utility
Xvid 1.1.3 final uninstall

==== Event Viewer Messages From Past Week ========

01/02/2009 11:45:00, error: Service Control Manager [7022] - The VAIO Entertainment File Import Service service hung on starting.

==== End Of File ===========================

 

Welcome to WindowsBBS VegasRox

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix


Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

 

Many thanks, here is my ComboFix log:


ComboFix 09-02-02.04 - Hallows 2009-02-03 22:36:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.1077 [GMT 0:00]
Running from: c:\documents and settings\Hallows\My Documents\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\docume~1\Hallows\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\Hallows\Application Data\inst.exe
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\recycler\S-3-8-11-100016899-100031996-100016711-8052.com
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\gaopdxkalrvmpi.sys
c:\windows\system32\drivers\gaopdxkixhcepw.sys
c:\windows\system32\drivers\gaopdxrfnontvt.sys
c:\windows\system32\gaopdxrptxneri.dll
D:\Autorun.inf
d:\recycler\S-0-6-14-100000971-100014884-100027016-6468.com
d:\recycler\S-1-4-53-100019267-100005900-100024618-1474.com
d:\recycler\S-3-8-11-100016899-100031996-100016711-8052.com
d:\recycler\S-4-5-92-100018596-100026333-100022772-4020.com
d:\recycler\S-4-7-31-100027152-100013192-100008108-2621.com
d:\recycler\S-8-4-22-100018182-100026364-100023478-6353.com
d:\recycler\S-9-4-18-100016528-100014928-100029772-2010.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-01-03 to 2009-02-03 )))))))))))))))))))))))))))))))
.

2009-02-01 11:53 . 2009-02-01 11:53 <DIR> d-------- c:\documents and settings\Hallows\Application Data\McAfee
2009-02-01 11:45 . 2009-02-03 22:38 6,061 --a------ c:\windows\system32\Config.MPF
2009-02-01 10:11 . 2006-03-03 11:07 143,360 --a------ c:\windows\system32\dunzip32.dll
2009-02-01 10:09 . 2007-07-21 09:08 201,288 --a------ c:\windows\system32\drivers\mfehidk.sys
2009-02-01 10:09 . 2007-07-13 09:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys
2009-02-01 10:09 . 2007-07-24 07:40 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
2009-02-01 10:09 . 2007-07-21 09:08 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2009-02-01 10:09 . 2007-07-21 09:08 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2009-02-01 10:09 . 2007-07-24 12:02 33,800 --a------ c:\windows\system32\drivers\mferkdk.sys
2009-02-01 10:08 . 2009-02-01 10:08 <DIR> d-------- c:\program files\McAfee.com
2009-02-01 10:08 . 2009-02-01 13:35 <DIR> d-------- c:\program files\McAfee
2009-02-01 10:08 . 2009-02-01 10:09 <DIR> d-------- c:\program files\Common Files\McAfee
2009-02-01 00:27 . 2009-02-01 00:27 <DIR> d-------- c:\program files\Trend Micro
2009-01-30 23:29 . 2009-01-30 23:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\vsosdk
2009-01-30 22:26 . 2009-02-02 21:01 4 --a------ c:\windows\system32\gaopdxcounter
2009-01-30 21:34 . 2009-01-30 21:34 <DIR> d-------- c:\program files\VSO
2009-01-30 21:34 . 2009-01-30 21:36 <DIR> d-------- c:\documents and settings\Hallows\Application Data\Vso
2009-01-30 21:34 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2009-01-30 21:34 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2009-01-30 21:34 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll
2009-01-30 21:34 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll
2009-01-30 21:34 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll
2009-01-30 21:34 . 2002-12-10 02:20 102,439 --a------ c:\windows\system32\sipr3260.dll
2009-01-30 21:34 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll
2009-01-30 21:34 . 2009-01-30 21:34 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2009-01-30 21:34 . 2009-01-30 21:34 47,360 --a------ c:\documents and settings\Hallows\Application Data\pcouffin.sys
2009-01-30 19:29 . 2009-01-30 21:27 69 --a------ c:\windows\NeroDigital.ini
2009-01-30 19:01 . 2009-01-30 19:30 <DIR> d-------- c:\documents and settings\Hallows\Application Data\Ahead
2009-01-30 19:00 . 2009-01-30 19:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 22:43 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-02-03 22:31 --------- d-----w c:\documents and settings\Hallows\Application Data\DNA
2009-02-03 00:17 --------- d-----w c:\documents and settings\Hallows\Application Data\uTorrent
2009-02-02 21:01 --------- d-----w c:\program files\DNA
2009-02-02 00:07 21,716 ----a-w c:\documents and settings\Hallows\Application Data\wklnhst.dat
2009-02-01 13:41 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-02-01 11:56 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-01-26 21:36 --------- d-----w c:\program files\Lx_cats
2008-12-29 13:43 --------- d-----w c:\program files\Sony
2008-12-27 18:28 --------- d-----w c:\program files\iTunes Genre Art Manager
2008-12-25 22:01 --------- d-----w c:\documents and settings\Hallows\Application Data\vlc
2008-12-25 21:50 --------- d-----w c:\program files\VideoLAN
2008-12-23 00:02 --------- d-----w c:\documents and settings\Hallows\Application Data\OpenOffice.org2
2008-12-17 19:49 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-12-17 19:47 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-17 19:47 --------- d-----w c:\program files\Java
2008-12-13 12:15 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-13 12:15 --------- d-----w c:\documents and settings\Hallows\Application Data\Symantec
2008-12-13 12:15 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 20:40 --------- d-----w c:\program files\iTunes
2008-12-08 20:40 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-08 20:39 --------- d-----w c:\program files\iPod
2008-12-08 20:39 --------- d-----w c:\program files\Common Files\Apple
2008-12-08 20:36 --------- d-----w c:\program files\QuickTime
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe "= "c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"kdx "= "c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"BitTorrent DNA "= "c:\program files\DNA\btdna.exe" [2008-12-17 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint "= "c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2006-04-05 94208]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2006-04-05 77824]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2006-04-05 118784]
"AzMixerSel "= "c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"SonyPowerCfg "= "c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-10 217088]
"ISBMgr.exe "= "c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe "= "c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"lxdjamon "= "c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-04-30 20480]
"kdx "= "c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"VAIO Update 4 "= "c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-08-24 870240]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"McAfee Backup "= "c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-05-18 4838952]
"MBkLogOnHook "= "c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"SkyTel "= "SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"Mouse Suite 98 Daemon "= "ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync "= "c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 15:11 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd "= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Kontiki\\KService.exe "=
"c:\\WINDOWS\\system32\\lxdjcoms.exe "=
"c:\\Program Files\\Lexmark 1400 Series\\lxdjamon.exe "=
"c:\\WINDOWS\\system32\\lxdjcfg.exe "=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe "=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe "=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe "=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjwbgw.exe "=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=

R2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdjserv.exe [2007-12-08 99248]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-01 206096]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-08-15 812544]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2006-08-15 16194]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2006-11-01 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2006-11-01 12672]
.
Contents of the 'Scheduled Tasks' folder

2009-02-01 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-07-25 15:10]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-07-25 15:10]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-lxdjmon.exe - c:\program files\Lexmark 1400 Series\lxdjmon.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: Add RSS Support Site to VAIO Information FLOW - c:\program files\Sony\VAIO Information FLOW\aiesc.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
FF - ProfilePath - c:\documents and settings\Hallows\Application Data\Mozilla\Firefox\Profiles\agtnjaiz.default\
FF - prefs.js: browser.search.selectedEngine - HMV Search
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/1/hi/entertainment/default.stm
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 22:43:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2009-02-03 22:45:33
ComboFix-quarantined-files.txt 2009-02-03 22:45:30

Pre-Run: 1,211,662,336 bytes free
Post-Run: 2,333,081,600 bytes free

220 --- E O F --- 2009-01-15 11:12:50

 

ComboFix didn't leave much to clean up.

Delete the following file.

c:\windows\system32\gaopdxcounter

Things back to normal again? Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.

 

Thanks for your reply, I have tried the above process several times however I keep getting the following error box popping up:

"Starting Java applet has failed! Please go online to use this program. "

I click OK then the egg timer keeps ticking over but nothing else happens...

 

Lets try another tool. This tool tends to be quite aggressive, so please be sure to configure it exactly as listed below. I only want to see a Report of what it finds.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and click 'Start' to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.

• Once the short scan has finished, we need to change the default settings.
• In the Menu Bar at the top, click 'Setting'>Change Settings.
• Click on the Actions tab
• Using the drop down menus, change each item under Objects and Malware to [color= "Blue"] Report[/color]
• Next, 'tick' Complete Scan.
• Click the green arrow at the right, and the scan will start.
• Click 'No to All' if it asks if you want to cure/move the file.
• After the scan has completed, in the Dr.Web CureIt menu on top, click File and choose Save Report List
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Post the contents of the log from Dr.Web you saved previously in your next reply.

 

Hi, sorry for the delay. In answer to your previous question, deleting that file does have everything back to normal again!

I did the scan, the log is below (hopefully this is the right info you were looking for):

01 Dakota.m4a;C:\Documents and Settings\Hallows\My Documents\My Music\Stereophonics\Decade In The Sun - Best Of Stereophonic;Modification of Win32.Sector.17;;
gaopdxkalrvmpi.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;BackDoor.Tdss.73;;
gaopdxkixhcepw.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;BackDoor.Tdss.73;;
gaopdxrfnontvt.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;BackDoor.Tdss.73;;
A0089852.sys;C:\System Volume Information\_restore{B796F2AC-1554-447F-884C-115E1947B37A}\RP285;BackDoor.Tdss.73;;
A0089874.sys;C:\System Volume Information\_restore{B796F2AC-1554-447F-884C-115E1947B37A}\RP285;BackDoor.Tdss.73;;
A0089875.sys;C:\System Volume Information\_restore{B796F2AC-1554-447F-884C-115E1947B37A}\RP285;BackDoor.Tdss.73;;
A0089886.bat;C:\System Volume Information\_restore{B796F2AC-1554-447F-884C-115E1947B37A}\RP285;Probably BATCH.Virus;;

 

Appears the following file might be infected.

C:\Documents and Settings\Hallows\My Documents\My Music\Stereophonics\Decade In The Sun - Best Of Stereophonic\Dakota.m4a

Please upload it to VirusTotal and scan, then post the results here.

 

Hi, this is the info that came back:

File 01_Dakota.m4a received on 02.16.2009 00:55:50 (CET)
Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.15 -
AhnLab-V3 5.0.0.2 2009.02.15 -
AntiVir 7.9.0.79 2009.02.15 -
Authentium 5.1.0.4 2009.02.15 -
Avast 4.8.1335.0 2009.02.15 -
AVG 8.0.0.237 2009.02.15 -
BitDefender 7.2 2009.02.16 -
CAT-QuickHeal 10.00 2009.02.13 -
ClamAV 0.94.1 2009.02.16 -
Comodo 978 2009.02.15 -
DrWeb 4.44.0.09170 2009.02.16 modification of Win32.Sector.17
eSafe 7.0.17.0 2009.02.15 -
eTrust-Vet 31.6.6358 2009.02.14 -
F-Prot 4.4.4.56 2009.02.15 -
F-Secure 8.0.14470.0 2009.02.16 -
Fortinet 3.117.0.0 2009.02.15 -
GData 19 2009.02.16 -
Ikarus T3.1.1.45.0 2009.02.15 -
K7AntiVirus 7.10.630 2009.02.14 -
Kaspersky 7.0.0.125 2009.02.15 -
McAfee 5527 2009.02.15 -
McAfee+Artemis 5527 2009.02.15 -
Microsoft 1.4306 2009.02.15 -
NOD32 3853 2009.02.14 -
Norman 6.00.02 2009.02.13 -
nProtect 2009.1.8.0 2009.02.15 -
Panda 10.0.0.10 2009.02.15 -
PCTools 4.4.2.0 2009.02.15 -
Prevx1 V2 2009.02.16 -
Rising 21.16.62.00 2009.02.15 -
SecureWeb-Gateway 6.7.6 2009.02.15 -
Sophos 4.38.0 2009.02.15 -
Sunbelt 3.2.1851.2 2009.02.12 -
Symantec 10 2009.02.16 -
TheHacker 6.3.2.1.258 2009.02.16 -
TrendMicro 8.700.0.1004 2009.02.15 -
VBA32 3.12.8.12 2009.02.15 -
ViRobot 2009.2.14.1607 2009.02.15 -
VirusBuster 4.5.11.0 2009.02.15 -
Additional information
File size: 9566149 bytes
MD5...: 39ce21c2767e384107cc3c5e2751cf70
SHA1..: 43a7551c5d87ccce2cb7ef4d7c166699b33f4ebd
SHA256: bbfec1e94c4e8a949be31bb9984ae6ea534b14472058019917810f4dd0b1d7b2
SHA512: a570cb43e6d05969684d0341af874442197d8e26ad2e939fd36549cb72638be1<br>f6e19285207cd503ffef9d316596a6e190b0cd0e6510217160eed0d064df634e<br>
ssdeep: 196608:Wu3N+JQeNVnSGLr3QUGWIWPYi69U5Fc/RA35fWUQ9TLkxA1:WuUJtnSGL<br>rg/WIfiGkFuRAtYTYm<br>
PEiD..: -
TrID..: File type identification<br>AAC Audio in MP4 container (89.5%)<br>QuickTime Movie (5.2%)<br>Generic MP4 container (3.1%)<br>Adobe PhotoShop Brush (1.0%)<br>MacBinary 2 header (1.0%)
PEInfo: -

 

With only one detection on the file, and very little information available on 'Win32.Sector.17', I'd suspect it's a false positive.


Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.

Delete dds.scr from My Documents.
You can delete any other logs that were created/saved too.
DrWeb CureIt can be kept as an additional scanner or deleted - your option.
Empty the recycle bin when done.



Uninstall the following Java components via Add/Remove Programs.

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Pro 8
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
Java(TM) SE Runtime Environment 6 Update 1

Then, install the latest JRE 6 Update 12 from here


Provided things are still working normally, that should finish things up.

 

Have completed all of the above and everything still working fine - thank you very much for all your help!

 

You're very welcome. Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!