Find your solution!

aram987 · 05-May-2009, 01:01 PM #1

Hi there. I would like to caveat this post by saying I'm not the most tech savvy person, so if I'm missing something obvious, sorry for my lack of ability. I'll also try to be as detailed as possible, but if I miss anything important, if you post what I'm missing I'll add it as soon as I can. Thanks in advance for any help you can offer.

I'm getting a DNS server error. I've searched all over, but can't find anything that mirrors my particular issue.

I have a wireless network at home that myself, (using a Sony laptop running Vista), and my roommate, (using a Macbook with OSX), are both on. In addition, I have a Belkin Wi-fi Skype phone that uses the network.

Our internet went out aprox a week ago due to a provider issue. It was restored 2 days ago, but ever since the restore, I have an issue with the internet connection.

I can connect to the network with no problem, and the internet initially. After about 10-30 minutes online, however, I loose my internet. If I use the utility in the Network and Sharing center to diagnose the issue, it comes back as a DNS server error. This is where my issue parts ways with the problems I have seen in various forums.

My network still shows that it's connected to the internet, and whatever window I have open can still be navigated. The connection is only nonexistent if I open a new tab or window, or if I try to navigate to another URL. Any internal link on the site that opened prior to the apparent loss of connection can still be opened. I also keep Skype running on my computer, and as long as it's opened before I can't open a new page anymore, it works just fine unless I sign out and back in.

If I disconnect and reconnect to the network, (sometime 2-4 times), I have an internet connection again and the whole process starts over. Really frustrating to do this 2-6 times an hour.

My roommate on the Mac has no problem with his connection, leading me to believe that something is amiss with my computer. The only questionable part of this is the Skype phone. It seems to be having the same issue my computer is. It connects to the network, but lacks the internet connection sometimes. This is all going on as the roommate is browsing away, trouble free.

Another facet of the trouble with this issue is my locale. I'm a teacher in Bali, Indonesia. My ISP is worthless, and trying to get assistance from them on this problem is hopeless. I've called several times already, only to repeatedly explain the issue to someone who may speak just enough English to ask how you are this afternoon, but definitely not to understand the issue I'm describing to him, (unfortunately, it's the only option I have here. And it's 512k for $100 a month. Please take pity on me).

Oh, I use Chrome as my browser, but have tried both Safari and IE with the same results.

Thusfar, I have done a dns flush in the command prompt, and run every security program I have with nothing found, (Spybot, Windows Defender, and Panda anti-virus), and cleaned up the registry. I have reset and reconfigured the router several times, and considered purchasing an axe to beat the whole mess into tiny pieces with.

Please help before I loose my mind! Thank you.

Aram

Phantom010 · 05-May-2009, 02:04 PM #2

Please download and install HijackThis by clicking here.

Run it and select Do a system scan and save a logfile.

The log will be saved in Notepad. Copy and paste the log in your next post.

Do not fix anything

aram987 · 05-May-2009, 02:16 PM #3

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:24 AM, on 5/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Users\aram\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\tinySpell\tinyspell.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iTunes\iTunes.exe
C:\Users\aram\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aram\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aram\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aram\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\aram\Documents\Downloads\HJTInstall (1).exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIOMyMemCenter] "C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [VAIO Help and Support Demo] "C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe"
O4 - HKLM\..\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\aram\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [tinySpell] C:\Program Files\tinySpell\tinyspell.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Host Process] C:\Users\aram\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NanoServiceMain - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9681 bytes

Phantom010 · 05-May-2009, 02:43 PM #4

Your computer seems to be infected:

O4 - HKCU\..\Run: [Host Process] C:\Users\aram\svchost.exe

The legitimate svchost.exe file should not be in the msconfig/Startup list but should be located in C:\WINDOWS\System32\svchost.exe.

You should click on the Report button and ask to be moved to the Malware Removal forum.

aram987 · 05-May-2009, 02:53 PM #5

Thanks for your help. I've asked for the post to be moved.

Phantom010 · 05-May-2009, 02:56 PM #6

You're welcome!

aram987 · 05-May-2009, 09:49 PM #7

This is the resulting log from combofix.

ComboFix 09-05-05.02 - aram 05/06/2009 9:39.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1152 [GMT 8:00]
Running from: c:\users\aram\Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2009-04-06 to 2009-05-06 )))))))))))))))))))))))))))))))
.

2009-05-06 01:35 . 2009-05-06 01:35 -------- d-----w c:\users\aram\AppData\Local\Apple Computer
2009-05-05 18:10 . 2009-05-05 18:10 -------- d-----w c:\program files\Trend Micro
2009-05-04 13:49 . 2009-05-04 13:51 -------- d-----w c:\users\aram\AppData\Roaming\Auslogics
2009-05-04 13:48 . 2009-05-04 13:48 -------- d-----w c:\program files\Auslogics
2009-05-04 03:51 . 2009-05-04 03:51 -------- d-----w c:\users\aram\AppData\Roaming\Panda Security
2009-05-04 03:45 . 2009-05-04 03:45 245 ----a-w c:\windows\system32\PSUNCpl.dat
2009-05-04 03:45 . 2009-05-04 03:45 -------- d-----w c:\programdata\Panda Security
2009-05-04 03:45 . 2009-05-04 03:45 -------- d-----w c:\users\All Users\Panda Security
2009-05-04 03:45 . 2009-05-04 03:45 -------- d-----w c:\program files\Panda Security
2009-05-03 13:45 . 2009-05-03 13:45 -------- d-----w c:\programdata\WindowsSearch
2009-05-03 13:45 . 2009-05-03 13:45 -------- d-----w c:\users\All Users\WindowsSearch
2009-05-03 12:40 . 2009-05-03 12:40 -------- d-----w C:\VAIO Entertainment
2009-04-29 06:19 . 2009-04-29 06:19 -------- d-----w c:\program files\tinySpell
2009-04-29 06:19 . 2009-04-29 06:55 -------- d-----w c:\users\aram\AppData\Roaming\tinySpell
2009-04-23 12:14 . 2009-04-23 12:14 114184 ----a-w c:\windows\system32\drivers\PSINKNC.sys
2009-04-23 12:14 . 2009-04-23 12:14 98312 ----a-w c:\windows\system32\drivers\PSINProc.sys
2009-04-23 12:14 . 2009-04-23 12:14 137224 ----a-w c:\windows\system32\drivers\PSINAflt.sys
2009-04-23 12:14 . 2009-04-23 12:14 94216 ----a-w c:\windows\system32\drivers\PSINFile.sys
2009-04-19 07:14 . 2009-04-19 07:14 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-19 04:04 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-19 04:04 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-19 04:04 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-19 04:04 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-19 04:04 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-19 04:04 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-19 04:04 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-19 04:04 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-19 04:04 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-19 04:04 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-19 04:03 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-19 04:03 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-19 04:03 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-06 02:31 . 2009-04-06 02:31 -------- d-----w c:\program files\Common Files\Skype
2009-04-06 02:31 . 2009-04-06 02:31 -------- d-----r c:\program files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 11:48 . 2008-08-28 21:29 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-03 14:38 . 2008-03-31 17:56 -------- d-----w c:\program files\Common Files\Sony Shared
2009-05-03 14:36 . 2008-03-31 17:36 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-03 14:35 . 2008-03-31 17:58 -------- d-----w c:\program files\Sony
2009-05-01 09:40 . 2008-11-25 18:47 3452 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-05-01 09:40 . 2008-11-25 18:47 88 --sha-r c:\windows\system32\EC9522A7F6.sys
2009-04-19 14:03 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-19 07:14 . 2008-03-31 18:08 -------- d-----w c:\program files\Java
2009-03-28 09:05 . 2009-03-28 09:04 -------- d-----w c:\program files\The Rosetta Stone
2009-03-17 03:38 . 2009-04-19 03:59 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-19 03:59 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:40 . 2009-04-19 03:59 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:37 . 2009-04-19 03:59 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 02:28 . 2009-04-19 03:59 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-19 03:59 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-19 03:59 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 03:30 2033152 ----a-w c:\windows\system32\win32k.sys
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2008-02-03 00:27 303104 ----a-w c:\ddi\OverIcon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\aram\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-26 133104]
"tinySpell"="c:\program files\tinySpell\tinyspell.exe" [2009-01-28 217088]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 137752]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-11-21 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-19 148888]
"VAIOMyMemCenter"="c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" [2008-02-29 679936]
"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-02-19 24576]
"VAIO Help and Support Demo"="c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [2007-08-28 290816]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 577536]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2009-04-23 353536]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-23 4718592]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-13 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 03:05 98304 ----a-w c:\windows\System32\VESWinlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BFE443D1-139A-4E02-89AB-8C586D8B1145}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{39396829-E6F0-4039-B6F9-FB58CC9ECCA9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{9A56D6D7-2377-42E2-A094-A8808BF92B2C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{673D3A69-6041-412A-9811-8E006A95F600}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{DF18D683-CEE3-44A5-9B23-1AD39F01AAF1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{79771649-EEE1-4320-B331-508D222DE568}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EB3C4E44-3FAD-43FF-A5E6-ED7D57A348DE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B57B2049-8F8C-4DD9-A849-B8B77C7F5436}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6F5D33EE-BD85-4B5C-87E3-E42F65666E47}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3FBB7F4C-EC4D-4E02-A61E-FD5F9006879B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F78A5F33-1D94-4A3E-857D-910B71540B97}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{B1C117DF-C41A-4D59-9CC1-F3F83612F503}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{361F09BD-443A-47D5-B7C6-76CFD628ECDF}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

R1 PSINKNC;PSINKNC;c:\windows\System32\drivers\PSINKNC.sys [4/23/2009 8:14 PM 114184]
R2 NanoServiceMain;NanoServiceMain;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [4/23/2009 8:14 PM 95488]
R2 PSINAflt;PSINAflt;c:\windows\System32\drivers\PSINAflt.sys [4/23/2009 8:14 PM 137224]
R2 PSINFile;PSINFile;c:\windows\System32\drivers\PSINFile.sys [4/23/2009 8:14 PM 94216]
R2 PSINProc;PSINProc;c:\windows\System32\drivers\PSINProc.sys [4/23/2009 8:14 PM 98312]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [4/18/2007 11:09 AM 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [8/29/2008 5:29 AM 1153368]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [4/1/2008 1:15 AM 9344]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [4/1/2008 1:13 AM 812544]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [4/1/2008 2:13 AM 87328]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{07fa07f3-9d0e-11dd-b096-001a80f922e2}]
\shell\Auto\command - H:\AutoRun.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{2ea74279-a713-11dd-9dd8-001a80f922e2}]
\shell\AutoRun\command - AutoRun\AutoStart.exe
\shell\Explore\Command - AutoRun\AutoStart.exe
\shell\Open\Command - AutoRun\AutoStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{ffcb4ff3-92a5-11dd-8cb3-001a80f922e2}]
\shell\AutoRun\command - g:\setup\rsrc\Autorun.exe
\shell\dinstall\command - g:\directx\dxsetup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2940882579-1214232623-769095737-1000.job
- c:\users\aram\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-26 08:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Host Process - c:\users\aram\svchost.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 09:42
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6072)
c:\ddi\overicon.dll
.
Completion time: 2009-05-06 9:44
ComboFix-quarantined-files.txt 2009-05-06 01:44

Pre-Run: 53,072,887,808 bytes free
Post-Run: 53,039,251,456 bytes free

180 --- E O F --- 2009-05-05 05:06

aram987 · 06-May-2009, 05:55 AM #8

I had this message from a user, not sure where it went though:

"Download these softwares. 1. ATF cleaner, 2. Combofix 3. free A-square antimalware. First run ATF cleaner, then combofix- need to rename combofix before using it, and then free a-square antimalware. Follow instructions on each set of software.
Ecsave."

Followed the advice, problem still remains the same.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)