livio - I have been reading your answers to others, so thought I would
try you for help, too. First, I am clueless about computers.
Secondly, my computer is so infected with this stuff sometimes 40
pop-ups will spawn at once, completely obscuring the page I was
reading and making it so I can't even get back to the page I was
reading. Sometimes if I try to x out of the pop-out, it just spawns
more. My computer is practically unusable because of this. I have
run adaware, which is about as advanced as I have gotten, it helps for
a little while, then the intrusion is worse than ever. I can't even
log off. I have to shut off the computer b/c it just gets jammed up.
Please help! |
Request for Question Clarification by
livioflores-ga
on
09 Jun 2005 17:42 PDT
Hi!!
I do not know how difficult this will be, but I am pretty sure that
two things will happen:
-Your computer will be fixed. (Faith is the last thing to lost)
-You will exit the fixing procedures knowing a lot more about your computer.
First thing that you must do:
Download HijackThis:
Go to a cyber and download it to a floppy disk or a CD.
http://216.180.233.162/~merijn/files/HijackThis.exe
If you have Windows 2000 or XP, also download Ewido:
If you cannot download it directly to your computer this file must be
downloaded and then copied to a CD, because it is bigger than a Floppy
disk.
http://download.ewido.net/ewido-setup.exe
Now start your computer in Safe Mode:
http://www.pchell.com/support/safemode.shtml
Then in this mode install Ewido (only if you have Windows 2000 or XP),
let it scan your computer and fix everything that it find; then copy
HijackThis to a folder created for it (just create a new folder and
name it HJT and copy the downloaded file there) and perform a scan,
then post a log here (as a clarification). If you cannot use your
computer to post the log, just copy the log file to a floppy and go to
a cyber to post it here.
For detailed instructions see:
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#HowToUse
With this log I will be able to help you.
I will wait your response to this request, if you need additional help
in some of the proposed tasks, do not hesitate to request for it, I
will be glad to give you further assistance to you.
Regards.
livioflores-ga
|
Clarification of Question by
grandmajones-ga
on
10 Jun 2005 03:07 PDT
thank you!!
I'm glad you have faith. Right now you will have to have enough for both of us!
I will get started on what you said. Believe it or not, I have never
saved anything to a cd, so I guess that is one thing I will learn
through this process.
Okay, here I go . . .
(thanks again)
|
Clarification of Question by
grandmajones-ga
on
10 Jun 2005 03:19 PDT
livio--
Okay, just a little more on what is happening. When my screen goes to
screensaver, it won't let me get back to my working screen. Touching
any key does not work. There is nowhere to click. I finally have to
turn off the power and start over. Then when I rebooted 11 popups
immediately layered over my home page and I even had trouble getting
to the sign-in page for my email. So now I guess I have to keep
"moving" so the screen saver doesn't come up until this gets fixed???
I want to say to the people who use these programs to force their ads
on people---I will NEVER buy ANYTHING or SERVICE you are selling!!!!!
Okay, back to work . . .
|
Clarification of Question by
grandmajones-ga
on
10 Jun 2005 04:37 PDT
hi, livio--
Let me see if I can tell you the steps/stuff that has happened so far:
I dl'd ewido and hjt to a cd.
I used the SCU method to start in safe mode.
I tried to run e in safe mode and got this message: "Database not
found! Please run an online update to get the latest signatures."
After fooling around with that for a while, I decided to ask you what to do.
I exited safe mode using the SCU method (unchecking SAFEBOOT on the BOOT.INI tab).
Then I rebooted and got a SCU box that said - comp currently in
diagnostice or selective startup mode - choose normal startup mode on
general tab . . . [box] don't show this message or launch the SCU
again"
I didn't check the box or x out. I just clicked the launch internet
icon so I could get to email you.
Once on the internet, an ewido box came up -- successfully installed,
etc. - I thought, okay, do the scan
I started the ewido scan and it was rolling along (LOTS of trojans,
etc.) - then I realized that maybe the computer wasn't in safe mode
(since I had at least tried to exit safemode, although the computer
seemed to be saying I hadn't) -
I rechecked your directions and thought maybe it's a problem to run
the scan if not in a safe mode -
so I cancelled the scan in order to get clarification from you first
now ewido keeps popping up with dialogue boxes - to complete cleaning,
reboot - when I click ok it goes to another file with same message -
what do you think?
|
Clarification of Question by
grandmajones-ga
on
10 Jun 2005 06:05 PDT
hi, livio--
this time when I rebooted the computer, before launching IE that SCU
box came up again, also ewido boxes - asking do you want to clean this
file - I clicked yes, then reply box "you must reboot to finish
cleaning process" -
but I have rebooted several times
I left boxes up and launched IE - then bunches of boxes came up
saying "this program cannot be closed because it is locked by the
system"
|
Clarification of Question by
grandmajones-ga
on
10 Jun 2005 07:01 PDT
next events:
I went back and reentered safe mode through the SCU
this time ewido would start, so I started a scan
at about 75% through, this msg came up:
"an infected file was found inside an archive and cannot be cleaned.
do you want to delete the whole archive?
C?\WINDOWS\system32\javex80.vxd "
I clicked on delete button (other choices were delete all and ignore)
then a box came up:
"securitysuite.exe encountered a probl and must close"
with the following info:
AppName: SecuritySuite.ext
AppVer: 3.0.0.101
ModName: msvcr71.dll
ModVer: 7.10.3052.4
Offset: 00029c37
then in the "send MS an error report" there was this info:
Exception Information
Code: 0x0000005
Flags: all zeroes
Rec - all zeroes
Add: 0x000000007c369c37
Module 1
SecuritySuite.ext
Image Base: 0x00400000
Image size - all zeroes
CheckSum - 0x0007234a
Signature - feef04bd
following files included in this error report:
C:DoCUME~1\CC\LOCALS~\Temp\WER1.tmp.dir00\appcompat.txt
|
Request for Question Clarification by
livioflores-ga
on
10 Jun 2005 07:36 PDT
Hi!!
Well, some thing was well done, others need a little refination. And
definitively you are learning dear friend.
These are the new instructions:
You can download the database signature for Ewido from here:
http://download.ewido.net/ewido-signatures-full-20050610.exe
With this new signature installed scan your computer again in safe
mode with Ewido and let it fix anything that it found. If for any
circumstance you start an scan in other mode just go ahead, there is
no problem, but some pests may be cause additional troubles when they
are fixed. It is always better to do troubleshooting procedures in
safe mode.
After you have cleaned your PC with Ewido reboot in normal mode and
run Hijackthis (HJT) from your computer (not from the CD) and post a
log here. Remember that you do must not try to fix anything with HJT,
just post the log. I will analyze it and tell you which things must be
fixed.
Regarding to the SCU box that said - comp currently in diagnostice or
selective startup mode - choose normal startup mode on general tab . .
. [box] don't show this message or launch the SCU again" it is normal,
just check the Don't show this message again box and click OK. I think
that it is preferable to start in safe mode using the F8 key method
(by the way wich version of windows are you using?).
Regarding to your last post (10 Jun 2005 06:05 PDT) I do not
understand it very well, so please try to clarify it a little.
Regards and good luck.
livioflores-ga
|
Request for Question Clarification by
livioflores-ga
on
10 Jun 2005 07:43 PDT
Reply to the 10 Jun 2005 07:01 PDT post:
Try to scan again in safe mode and if the same problem appears with
this file choose the ignore option and continue.
Whatever be the result of the fixing with Ewido, post a HJT log the next time.
Regards.
livioflores-ga
|
Request for Question Clarification by
livioflores-ga
on
10 Jun 2005 07:50 PDT
One more thing, try cleaning all the TEMP files using CleanUP!:
http://cleanup.stevengould.org/
http://downloads.stevengould.org/cleanup/CleanUp40.exe
If it is possible, do this before cleaning with Ewido, if not no
problem do it anyway.
|
Clarification of Question by
grandmajones-ga
on
10 Jun 2005 11:27 PDT
so far--
to answer your Q: I have Win XP Home -
I used the SCU method for safe mode b/c my computer would not respond
to using the F8 key
I ran ewido again -
it got to that file that snagged it before - I clicked ignore as you
said -- it went to the next file, which has the same message (an
infected file in the archive, do you want to delete whole archive) - I
clicked ignore - got same message as before -
securitysuite.exe has encountered a problem and must close - option to
send error report to Microsoft
then I ran cleanup - 691.2 MB of stuff deleted
then I ran hijack (I think! - golly, this is all beyond me) and here
is the log as you requested:
Logfile of HijackThis v1.99.1
Scan saved at 2:22:02 PM, on 6/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\WINDOWS\sshkdll.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
= http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9}
- C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} -
C:\WINDOWS\systb.dll (file missing)
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program
files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program
Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [Sysnet] C:\Documents and Settings\CC\snuninst.exe
O4 - HKLM\..\Run: [sshkdll] C:\WINDOWS\sshkdll.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\stubinstaller6480.exe"
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program
Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program
Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O9 - Extra button: ShopperReports - Compare travel rates -
{946B3E9E-E21A-49c8-9F63-900533FAFE14} -
C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices -
{E77EDA01-3C56-4a96-8D08-02B42891C169} -
C:\WINDOWS\System32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) -
http://www.errorguard.com/installation/Install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader
Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec
Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks -
C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks -
C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) -
Symantec Corporation - C:\Program Files\Norton Internet
Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -
C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner -
C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: VAIO Media Music Server
(VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe"
/Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO
Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP)
(VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe"
/Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony
Corporation\VAIO Media Platform\2.0"
/RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP)
(VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server
(VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation -
C:\Program Files\Sony\VAIO Media Integrated
Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP)
(VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe"
/Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony
Corporation\VAIO Media Platform\2.0"
/RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP)
(VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server
(VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe"
/Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO
Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP)
(VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe"
/Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony
Corporation\VAIO Media Platform\2.0"
/RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP)
(VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -
America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows VisFx Components - Unknown owner -
C:\WINDOWS\ftphsvc.exe (file missing)
|
Request for Question Clarification by
livioflores-ga
on
10 Jun 2005 15:37 PDT
I just see your reply, I will work on it and have an answer tonight.
Regards.
livioflores-ga
|
Clarification of Question by
grandmajones-ga
on
10 Jun 2005 18:09 PDT
thank you, livio - very much
my computer is already much better than it was, thanks to you
I look forward to the rest of your reply.
|
Request for Question Clarification by
livioflores-ga
on
10 Jun 2005 20:36 PDT
Hi!!
We are closer!!
Print these instructions and boot in safe mode (this is important in
this case) and run HJT to perform a scan.
First you will try to uninstall WeirdOnTheWeb and VirtualBouncer:
- Click Start > Settings > Control Panel or Start > Control Panel
- In the Control Panel window, double-click Add/Remove Programs.
- In the prompted window scroll down until you see WeirdOnTheWeb, click on it.
- Click Add/Remove, Change/Remove, or Remove (this varies with the
operating system). Follow the prompts.
- Go back to the Add/Remove Programs window.
- Scroll down until you see Virtual Bouncer, click on it.
- Click Add/Remove, Change/Remove, or Remove (this varies with the
operating system). Follow the prompts.
Note: Uninstall what you can, if you cannot find one of them just skip
the uninstallation for it. The same if you get some error do not worry
just skip this step.
Before start HJT see if the following process are running, in the
affirmative you must stop them:
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\WINDOWS\sshkdll.exe
You must use the Task Manager to stop them:
- Press CNTRL-Alt-Delete (at the SAME time) and select from the pop-up
window "Task Manager" or right-click on an unused part of your
task-bar and select "Task Manager"
- Click on the Processes tab and see if you find the mentioned processes.
- Select the process to be stoped and click on the "End Process"
button at the right bottom of the window.
-Close the Task manager.
http://www.wown.info/j_helmig/wxptskmg.htm
Now try to delete such files:
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\WINDOWS\sshkdll.exe
Also delete the folder (if still present):
C:\Program Files\WeirdOnTheWeb\
Into your Favorites folder (%UserProfile%\Favorites\WeirdOnTheWeb.url) delete:
WeirdOnTheWeb.url
(You can use the Windows search tool to find it: open MyPC and click
the SEARCH button, if you canot find this file skip this step)
Now ensure that there are no browser's open window, all instances of
IE or AOL or whatever browser you use must be closed (IMPORTANT).
Run HJT an scan you PC, then select to fix the following items if present:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
= http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9}
- C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} -
C:\WINDOWS\systb.dll (file missing)
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program
Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [Sysnet] C:\Documents and Settings\CC\snuninst.exe
O4 - HKLM\..\Run: [sshkdll] C:\WINDOWS\sshkdll.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\stubinstaller6480.exe"
O9 - Extra button: ShopperReports - Compare travel rates -
{946B3E9E-E21A-49c8-9F63-00533FAFE14} -
C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices -
{E77EDA01-3C56-4a96-8D08-02B42891C169} -
C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) -
http://www.errorguard.com/installation/Install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://www.nick.com/common/groove/gx/GrooveAX27.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner -
C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: VAIO Media Music Server
(VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe"
/Service=VAIOMediaPlatform-MusicServer- AppServer /DisplayName="VAIO
Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP)
(VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe"
/Service=VAIOMediaPlatform-MusicServer- TTP /RegRoot="Software\Sony
Corporation\VAIO Media Platform\2.0"
/RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server
(VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe"
/Service=VAIOMediaPlatform-VideoServer- ppServer /DisplayName="VAIO
Media Video Server (file missing)
O23 - Service: Windows VisFx Components - Unknown owner -
C:\WINDOWS\ftphsvc.exe (file missing)
Note: The services related to Sony VAIO to be fixed are unnecessary
entries that can be fixed because the associate files are missed.
Now click the FIX CHECKED button and cross your fingers.
Reboot and run HJT to scan your computer and post a new HJT log (this
new one may be shows a clean computer)
Regards.
livioflores-ga
|
Clarification of Question by
grandmajones-ga
on
10 Jun 2005 21:10 PDT
this is so incredibly daunting - but somehow I have gotten this far
with your help - believe me, I am only following instructions as best
I can, I have no idea what I am doing -
okay, I'll see you when I complete the last assignment
thank you!!
|
Clarification of Question by
grandmajones-ga
on
10 Jun 2005 21:58 PDT
hi!! here's my next hjt log - don't worry if you are busy over the
weekend - i really appreciate your help - I actually did this three
times, b/c some of the files did not go away even though I checked
them
e of HijackThis v1.99.1
Scan saved at 12:49:05 AM, on 6/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program
files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program
Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program
Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O9 - Extra button: ShopperReports - Compare travel rates -
{946B3E9E-E21A-49c8-9F63-900533FAFE14} -
C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices -
{E77EDA01-3C56-4a96-8D08-02B42891C169} -
C:\WINDOWS\System32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader
Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec
Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks -
C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks -
C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) -
Symantec Corporation - C:\Program Files\Norton Internet
Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -
C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner -
C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: VAIO Media Music Server
(VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe"
/Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO
Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP)
(VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe"
/Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony
Corporation\VAIO Media Platform\2.0"
/RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP)
(VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server
(VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation -
C:\Program Files\Sony\VAIO Media Integrated
Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP)
(VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe"
/Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony
Corporation\VAIO Media Platform\2.0"
/RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP)
(VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server
(VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe"
/Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO
Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP)
(VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe"
/Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony
Corporation\VAIO Media Platform\2.0"
/RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP)
(VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -
America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
|
Request for Question Clarification by
livioflores-ga
on
10 Jun 2005 22:38 PDT
Hey!!
You are almost clean!!
Boot in Safe mode.
Go to Control Panel --> Add/Remove Programs and remove the following
if it is there:
ShopperReports
Then delete if you can find it the following folder:
C:\Program Files\ShopperReports
Run HJT and check to fix (close all browser instances!!):
O9 - Extra button: ShopperReports - Compare travel rates -
{946B3E9E-E21A-49c8-9F63-900533FAFE14} -
C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices -
{E77EDA01-3C56-4a96-8D08-02B42891C169} -
C:\WINDOWS\System32\shdocvw.dll
Click the Fix Checked button and reboot in normal mode, run HJT and
post a fresh log.
Good luck!!
|
Request for Question Clarification by
livioflores-ga
on
10 Jun 2005 22:40 PDT
One more thing, check your computer behavior and let me know how is
working after the last HJT fix.
|
Clarification of Question by
grandmajones-ga
on
12 Jun 2005 17:46 PDT
hey!!
okay, 2 things:
I went to add/remove programs like you said. I did not see the
shoppers thing. However, two other programs showed up for the first
time: ABI Network (AURORA THE PEST) and SUrf SideKick.
I did not remove them until I talk to you.
Then I ran HJT in safe mode. Here is the new log:
e of HijackThis v1.99.1
Scan saved at 8:40:19 PM, on 6/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hijackthis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program
files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program
Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program
Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O9 - Extra button: ShopperReports - Compare travel rates -
{946B3E9E-E21A-49c8-9F63-900533FAFE14} -
C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices -
{E77EDA01-3C56-4a96-8D08-02B42891C169} -
C:\WINDOWS\System32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader
Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec
Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks -
C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks -
C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) -
Symantec Corporation - C:\Program Files\Norton Internet
Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -
C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner -
C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: VAIO Media Music Server
(VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe"
/Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO
Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP)
(VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe"
/Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony
Corporation\VAIO Media Platform\2.0"
/RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP)
(VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server
(VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation -
C:\Program Files\Sony\VAIO Media Integrated
Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP)
(VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe"
/Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony
Corporation\VAIO Media Platform\2.0"
/RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP)
(VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server
(VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe"
/Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO
Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP)
(VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe"
/Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony
Corporation\VAIO Media Platform\2.0"
/RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP)
(VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -
America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
|
Clarification of Question by
grandmajones-ga
on
12 Jun 2005 17:48 PDT
hi, liv!!
Then I saw that you said run HJT again in normal mode, so I did and
here is that log:
e of HijackThis v1.99.1
Scan saved at 8:46:35 PM, on 6/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program
files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program
Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program
Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O9 - Extra button: ShopperReports - Compare travel rates -
{946B3E9E-E21A-49c8-9F63-900533FAFE14} -
C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices -
{E77EDA01-3C56-4a96-8D08-02B42891C169} -
C:\WINDOWS\System32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader
Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec
Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks -
C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks -
C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) -
Symantec Corporation - C:\Program Files\Norton Internet
Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -
C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner -
C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: VAIO Media Music Server
(VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe"
/Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO
Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP)
(VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe"
/Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony
Corporation\VAIO Media Platform\2.0"
/RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP)
(VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server
(VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation -
C:\Program Files\Sony\VAIO Media Integrated
Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP)
(VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe"
/Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony
Corporation\VAIO Media Platform\2.0"
/RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP)
(VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server
(VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe"
/Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO
Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP)
(VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe"
/Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony
Corporation\VAIO Media Platform\2.0"
/RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP)
(VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program
Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -
America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
THANK YOU!!!!!!!!
|