Jump to content

Recommended Posts

Im having trouble with search engines redirecting me to wrong sites, my kaspersky internet security keeps failing and when it fails my browser stops working for a while. I ran malewarebytes and it found nothing. when i ran avira it showed i had Tr/crypt.xpack.gen i removed it and im still having the same problems. Any help would be awesome.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:18:32 PM, on 4/2/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://esupport.sony.com/

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [sonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\WINDOWS\TEMP\E_S2A1.tmp" /EF "HKCU"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--

End of file - 9551 bytes

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.35

Database version: 1904

Windows 5.1.2600 Service Pack 3

4/3/2009 11:13:41 PM

mbam-log-2009-04-03 (23-13-41).txt

Scan type: Full Scan (C:\|)

Objects scanned: 138371

Time elapsed: 40 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi,

Can you update MBAM and post the log in your next reply please?
I don't see it being updated.

If you're having problems with updating, it's important to let me know :)

In case you can't update it..

Navigate to your C:\Windows folder and search for the file regedit.exe

Rightclick it and select to rename the file. Rename it to reg3dit.exe

Then launch the reg3dit.exe in order to open your Registry Editor.

There, browse to the following key:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32

You'll see on the left that you can expand the keys (they will look like folders). So expand them until you get drivers32

Rightclick the drivers32 key (folder) and select to export:

drivers32b.gif

(sorry, my regedit is in dutch, but I'm sure you understand)

Give it a name and export it as a txtfile on your desktop.

Then copy and paste the contents of it in your next reply.

If confused, please ask first.

Link to post
Share on other sites

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32

Class Name: <NO CLASS>

Last Write Time: 3/26/2009 - 2:20 PM

Value 0

Name: midimapper

Type: REG_SZ

Data: midimap.dll

Value 1

Name: msacm.imaadpcm

Type: REG_SZ

Data: imaadp32.acm

Value 2

Name: msacm.msadpcm

Type: REG_SZ

Data: msadp32.acm

Value 3

Name: msacm.msg711

Type: REG_SZ

Data: msg711.acm

Value 4

Name: msacm.msgsm610

Type: REG_SZ

Data: msgsm32.acm

Value 5

Name: msacm.trspch

Type: REG_SZ

Data: tssoft32.acm

Value 6

Name: vidc.cvid

Type: REG_SZ

Data: iccvid.dll

Value 7

Name: vidc.I420

Type: REG_SZ

Data: msh263.drv

Value 8

Name: vidc.iv31

Type: REG_SZ

Data: ir32_32.dll

Value 9

Name: vidc.iv32

Type: REG_SZ

Data: ir32_32.dll

Value 10

Name: vidc.iv41

Type: REG_SZ

Data: ir41_32.ax

Value 11

Name: vidc.iyuv

Type: REG_SZ

Data: iyuv_32.dll

Value 12

Name: vidc.mrle

Type: REG_SZ

Data: msrle32.dll

Value 13

Name: vidc.msvc

Type: REG_SZ

Data: msvidc32.dll

Value 14

Name: vidc.uyvy

Type: REG_SZ

Data: msyuv.dll

Value 15

Name: vidc.yuy2

Type: REG_SZ

Data: msyuv.dll

Value 16

Name: vidc.yvu9

Type: REG_SZ

Data: tsbyuv.dll

Value 17

Name: vidc.yvyu

Type: REG_SZ

Data: msyuv.dll

Value 18

Name: wavemapper

Type: REG_SZ

Data: msacm32.drv

Value 19

Name: msacm.msg723

Type: REG_SZ

Data: msg723.acm

Value 20

Name: vidc.M263

Type: REG_SZ

Data: msh263.drv

Value 21

Name: vidc.M261

Type: REG_SZ

Data: msh261.drv

Value 22

Name: msacm.msaudio1

Type: REG_SZ

Data: msaud32.acm

Value 23

Name: msacm.sl_anet

Type: REG_SZ

Data: sl_anet.acm

Value 24

Name: msacm.iac2

Type: REG_SZ

Data: C:\WINDOWS\system32\iac25_32.ax

Value 25

Name: vidc.iv50

Type: REG_SZ

Data: ir50_32.dll

Value 26

Name: msacm.l3acm

Type: REG_SZ

Data: C:\WINDOWS\system32\l3codeca.acm

Value 27

Name: wave

Type: REG_SZ

Data: wdmaud.drv

Value 28

Name: midi

Type: REG_SZ

Data: wdmaud.drv

Value 29

Name: mixer

Type: REG_SZ

Data: wdmaud.drv

Value 30

Name: aux

Type: REG_SZ

Data: wdmaud.drv

Value 31

Name: VIDC.dvsd

Type: REG_SZ

Data: C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

Value 32

Name: aux2

Type: REG_SZ

Data: C:\WINDOWS\system32\..\sqm.qtq

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server

Class Name: <NO CLASS>

Last Write Time: 9/1/2006 - 3:11 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP

Class Name: <NO CLASS>

Last Write Time: 9/1/2006 - 3:11 PM

Value 0

Name: wave

Type: REG_SZ

Data: rdpsnd.dll

Value 1

Name: mixer

Type: REG_SZ

Data: rdpsnd.dll

Value 2

Name: MaxBandwidth

Type: REG_DWORD

Data: 0x56b9

Value 3

Name: wavemapper

Type: REG_SZ

Data: msacm32.drv

Value 4

Name: EnableMP3Codec

Type: REG_DWORD

Data: 0x1

Value 5

Name: midimapper

Type: REG_SZ

Data: midimap.dll

Link to post
Share on other sites

  • Staff

Hi,

We've found the culprit..

* Open hijackthis, click 'config' (bottom right)

Choose the tab 'misc Tools' on top.

Choose 'delete a file on reboot'

In the field, copy and paste next:

C:\WINDOWS\sqm.qtq

Click open.

Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/ok

Your system should reboot now.

Then, Open notepad and copy and paste next present in the quotebox below in it:

(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"aux2"="wdmaud.drv"

Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this: reg.gif

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Let me know in your next reply how things are now.

That should fix the redirections, the updates, the refreshing explorer, the crashing taskbar etc etc..

Link to post
Share on other sites

Everything seems to be running fine now. I was able to update malewarebytes and google stopped redirecting me.

Thank you so much.. Your the best!

Is there any way of finding out how this got on my computer to prevent it from happening again?

Link to post
Share on other sites

  • Staff

Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

In your case, this one was most probably getting installed via a legitimate sire. So make sure all your applications (such as adobe reader) are up to date.

Happy Surfing again!

Link to post
Share on other sites

  • Staff

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.