Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help --getting attacked by aurora [RESOLVED]

Started by Bru1922 , May 01 2005 01:54 PM

  • This topic is locked This topic is locked

#16
Bru1922
Posted 03 May 2005 - 07:52 PM

Bru1922

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I can't see it in my temp file. I havn't been able to see alot of these items. Norton
kept finding virus's in my tempory internet files but icould never delete them?
  • 0

Advertisements

#17
Michelle
Posted 03 May 2005 - 07:57 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Set your computer to show hidden files. Click this link to learn how: http://www.xtra.co.n...1916458,00.html

Then look for it, it's definitely there because it's in running processes right now :tazz:
  • 0

#18
Bru1922
Posted 03 May 2005 - 08:07 PM

Bru1922

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
That is how my setting are set. It does not show its ugly face.

I show 13 tmp files.
Folders:

History
MKY
VBE
WXB

HPH2,3,4,5,6

1 NOTEPAD NAMED KB
AND A FILE NAMED

VMGRREMOK (WHEN i POINT @ IT. IT SHOWS VEIWMGRINSTALLER

SORRY
  • 0

#19
Michelle
Posted 03 May 2005 - 08:08 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Will you post another hijackthis log so I can see if it's still there?

Edited by bananafanafo, 03 May 2005 - 08:10 PM.

  • 0

#20
Bru1922
Posted 03 May 2005 - 08:10 PM

Bru1922

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:09:29 PM, on 5/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
D:\Program Files\Highjackthis\HijackThis.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Sony\giga pocket\GPVSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [tgcmd] "c:\program files\support.com\client\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [SSRunScript] "c:\program files\support.com\client\Charter\bin\SSRunScript.exe" /script "c:\program files\support.com\client\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O9 - Extra button: Microsoft® JavaScript® Console - {482A48E6-3BF1-44D2-BA59-009AA793D7EF} - C:\WINDOWS\system32\comdlg32.ocx
O9 - Extra 'Tools' menuitem: JavaScript Console - {482A48E6-3BF1-44D2-BA59-009AA793D7EF} - C:\WINDOWS\system32\comdlg32.ocx
O9 - Extra button: Microsoft® JavaScript® Console - {6492733B-053E-46B4-9BF4-62AF7A6D69AA} - C:\WINDOWS\system32\comdlg32.ocx
O9 - Extra 'Tools' menuitem: JavaScript Console - {6492733B-053E-46B4-9BF4-62AF7A6D69AA} - C:\WINDOWS\system32\comdlg32.ocx
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Fortune Bingo by pogo - http://superbingo.po...o-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/...n-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo....g-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.co...u-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.po...s-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.co...s-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo...s-ob-assets.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/zd/kdx.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (Application) (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\giga pocket\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (Application) (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#21
Michelle
Posted 03 May 2005 - 08:26 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
It's gone now :tazz:

Please run this online virus scan:
ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log.
  • 0

#22
Bru1922
Posted 03 May 2005 - 08:37 PM

Bru1922

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
It came up with an error. I tried a second time error again. I suggests that I rebbot the system and I figured I betterask permission?
  • 0

#23
Michelle
Posted 03 May 2005 - 08:51 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Go ahead and reboot then try it :tazz:
  • 0

#24
Bru1922
Posted 04 May 2005 - 04:31 AM

Bru1922

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I got it here are the scans.


Incident Status Location

Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\winupdt.008
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Fun & Games\Betting.lnk
Adware:Adware/DelFinMedia No disinfected Windows Registry
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Adware:Adware/WUpd No disinfected Windows Registry
Adware:Adware/PowerSearch No disinfected C:\WINDOWS\system32\stlb2.xml
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Kurt\Application Data\sskknwrd.dll
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\ceres.inf
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Kurt\Application Data\Sskcwrd.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Kurt\Application Data\Sskknwrd.dll
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Fun & Games\Betting.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Fun & Games\Casino Palace.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Fun & Games\Casino.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Fun & Games\Games.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Fun & Games\Horoscope.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Going Places\Air Tickets.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Going Places\Car Rentals.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Going Places\Hotel Deals.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Going Places\Luggage.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Going Places\Travel.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Shop\Auctions.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Shop\Books.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Shop\Computers.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Shop\Discount.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Shop\Flowers.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Shop\Golf.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Shop\Jewelry.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Shop\Movies.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Shop\Music.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Shop\Online Store.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Shop\Perfume.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Shop\Sleepwear.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Technology\Adware Remover.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Technology\Anti-Virus.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Technology\PC Cleaner.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Kurt\Favorites\Technology\Tech & gadgets.lnk
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Adware:Adware/nCase No disinfected C:\WINDOWS\icont.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\ceres.inf
Virus:Trj/SCBop.C Disinfected C:\WINDOWS\mbop1-0-3b.exe
Virus:Trj/SCBop.C Disinfected C:\WINDOWS\ms0558873965.exe
Adware:Adware/SaveNow No disinfected C:\WINDOWS\system32\datastore.dll
Adware:Adware/PowerSearch No disinfected C:\WINDOWS\system32\stlb2.xml
Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\winupdt.008
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\FwD: [bleep]!\article8281.pif
Virus:W32/Netsky.J.worm Disinfected Personal Folders\Norton AntiSpam Folder\Re: Re: Document\your_document.pif
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\error in dbase\p_message7169.txt.pif
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\Returned mail: see transcript for details\FwD: Sorry, that's your mail\yourmail.xls.zip[p-zipped_file_data .pif]
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\FwD: Sorry, that's your mail\yourmail.xls.zip[p-zipped_file_data .pif]
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\[Norton AntiSpam] \[bleep]!\article.DOC.bat
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\Returned mail: see transcript for details\[bleep]!\article.DOC.bat
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\Returned mail: see transcript for details\ups, i've got your mail\yourmail.TXT.bat
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\[bleep]!\article.DOC.bat
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\Returned mail: see transcript for details\FwD: hi there\stuff-9188.zip[p-zipped_file_data .pif]
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\hi there\stuff4818.zip[p-zipped_file_data .pif]
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\Registration confirmation <ID:2851>\nortrax_2709.TXT.zip[p-zipped_file_data .pif]
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\hi there\photo-315.zip[p-zipped_file_data .pif]
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\Returned mail: see transcript for details\hi there\photo-315.zip[p-zipped_file_data .pif]
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\Smiling Like a Killer\more_infos1686.eml.zip[p-zipped_file_data .pif]
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\Returned mail: see transcript for details\hi there\your_docs.zip[p-zipped_file_data .pif]
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\hi there\photo_7077.zip[p-zipped_file_data .pif]
Virus:W32/Netsky.J.worm Disinfected Personal Folders\Norton AntiSpam Folder\[Norton AntiSpam] Re: Your details\your_details.pif
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\[Norton AntiSpam] Sorry, that's your mail\yourmail.DOC.zip[p-zipped_file_data .pif]
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\[Norton AntiSpam] \Sorry, that's your mail\yourmail.DOC.zip[p-zipped_file_data .pif]
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\[Norton AntiSpam] Returned mail: see transcript for details\Sorry, that's your mail\yourmail.DOC.zip[p-zipped_file_data .pif]
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\[Norton AntiSpam] \FwD: hi there\stuff-715.zip[p-zipped_file_data .pif]
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\[Norton AntiSpam] Returned mail: see transcript for details\FwD: hi there\stuff-715.zip[p-zipped_file_data .pif]
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\[Norton AntiSpam] [bleep]!\article_4902.word.zip[p-zipped_file_data .pif]
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\[Norton AntiSpam] \[bleep]!\article_4902.word.zip[p-zipped_file_data .pif]
Virus:W32/Sober.G.worm Disinfected Personal Folders\Norton AntiSpam Folder\[Norton AntiSpam] Returned mail: see transcript for details\[bleep]!\article_4902.word.zip[p-zipped_file_data .pif]

and the highjack scan


Logfile of HijackThis v1.99.1
Scan saved at 5:30:30 AM, on 5/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Sony\giga pocket\GPVSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Notepad.exe
D:\Program Files\Highjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [tgcmd] "c:\program files\support.com\client\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [SSRunScript] "c:\program files\support.com\client\Charter\bin\SSRunScript.exe" /script "c:\program files\support.com\client\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O9 - Extra button: Microsoft® JavaScript® Console - {482A48E6-3BF1-44D2-BA59-009AA793D7EF} - C:\WINDOWS\system32\comdlg32.ocx
O9 - Extra 'Tools' menuitem: JavaScript Console - {482A48E6-3BF1-44D2-BA59-009AA793D7EF} - C:\WINDOWS\system32\comdlg32.ocx
O9 - Extra button: Microsoft® JavaScript® Console - {6492733B-053E-46B4-9BF4-62AF7A6D69AA} - C:\WINDOWS\system32\comdlg32.ocx
O9 - Extra 'Tools' menuitem: JavaScript Console - {6492733B-053E-46B4-9BF4-62AF7A6D69AA} - C:\WINDOWS\system32\comdlg32.ocx
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Fortune Bingo by pogo - http://superbingo.po...o-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/...n-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo....g-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.co...u-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.po...s-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.co...s-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo...s-ob-assets.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/zd/kdx.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (Application) (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\giga pocket\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (Application) (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#25
Michelle
Posted 04 May 2005 - 12:28 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I need you to copy all of the Killbox instructions below and paste them into Notepad and save it.

* Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.

*Save it to your desktop.

* Run Killbox.exe.

* Select "Delete on Reboot".

* Open the Notepad file where you saved these instructions earlier, and copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C:

C:\WINDOWS\delprot.ini
C:\WINDOWS\icont.exe
C:\WINDOWS\inf\ceres.inf
C:\WINDOWS\system32\datastore.dll
C:\WINDOWS\system32\stlb2.xml
C:\WINDOWS\system32\winupdt.008
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
C:\Documents and Settings\Kurt\Application Data\sskknwrd.dll
C:\Documents and Settings\Kurt\Application Data\Sskcwrd.dll
C:\Documents and Settings\Kurt\Application Data\Sskknwrd.dll
C:\Documents and Settings\Kurt\Favorites\Fun & Games\Betting.lnk
C:\Documents and Settings\Kurt\Favorites\Fun & Games\Casino Palace.lnk
C:\Documents and Settings\Kurt\Favorites\Fun & Games\Casino.lnk
C:\Documents and Settings\Kurt\Favorites\Fun & Games\Games.lnk
C:\Documents and Settings\Kurt\Favorites\Fun & Games\Horoscope.lnk
C:\Documents and Settings\Kurt\Favorites\Going Places\Air Tickets.lnk
C:\Documents and Settings\Kurt\Favorites\Going Places\Car Rentals.lnk
C:\Documents and Settings\Kurt\Favorites\Going Places\Hotel Deals.lnk
C:\Documents and Settings\Kurt\Favorites\Going Places\Luggage.lnk
C:\Documents and Settings\Kurt\Favorites\Going Places\Travel.lnk
C:\Documents and Settings\Kurt\Favorites\Shop\Auctions.lnk
C:\Documents and Settings\Kurt\Favorites\Shop\Books.lnk
C:\Documents and Settings\Kurt\Favorites\Shop\Computers.lnk
C:\Documents and Settings\Kurt\Favorites\Shop\Discount.lnk
C:\Documents and Settings\Kurt\Favorites\Shop\Flowers.lnk
C:\Documents and Settings\Kurt\Favorites\Shop\Golf.lnk
C:\Documents and Settings\Kurt\Favorites\Shop\Jewelry.lnk
C:\Documents and Settings\Kurt\Favorites\Shop\Movies.lnk
C:\Documents and Settings\Kurt\Favorites\Shop\Music.lnk
C:\Documents and Settings\Kurt\Favorites\Shop\Online Store.lnk
C:\Documents and Settings\Kurt\Favorites\Shop\Perfume.lnk
C:\Documents and Settings\Kurt\Favorites\Shop\Sleepwear.lnk
C:\Documents and Settings\Kurt\Favorites\Technology\Adware Remover.lnk
C:\Documents and Settings\Kurt\Favorites\Technology\Anti-Virus.lnk
C:\Documents and Settings\Kurt\Favorites\Technology\PC Cleaner.lnk
C:\Documents and Settings\Kurt\Favorites\Technology\Tech & gadgets.lnk

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

After your computer reboots, post a new HiJackThis log.
  • 0

Advertisements

#26
Bru1922
Posted 04 May 2005 - 06:05 PM

Bru1922

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:03:34 PM, on 5/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\WINDOWS\Explorer.EXE
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Sony\giga pocket\GPVSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Highjackthis\HijackThis.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\System32\imapi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [tgcmd] "c:\program files\support.com\client\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [SSRunScript] "c:\program files\support.com\client\Charter\bin\SSRunScript.exe" /script "c:\program files\support.com\client\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O9 - Extra button: Microsoft® JavaScript® Console - {482A48E6-3BF1-44D2-BA59-009AA793D7EF} - C:\WINDOWS\system32\comdlg32.ocx
O9 - Extra 'Tools' menuitem: JavaScript Console - {482A48E6-3BF1-44D2-BA59-009AA793D7EF} - C:\WINDOWS\system32\comdlg32.ocx
O9 - Extra button: Microsoft® JavaScript® Console - {6492733B-053E-46B4-9BF4-62AF7A6D69AA} - C:\WINDOWS\system32\comdlg32.ocx
O9 - Extra 'Tools' menuitem: JavaScript Console - {6492733B-053E-46B4-9BF4-62AF7A6D69AA} - C:\WINDOWS\system32\comdlg32.ocx
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Fortune Bingo by pogo - http://superbingo.po...o-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/...n-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo....g-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.co...u-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.po...s-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.co...s-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo...s-ob-assets.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/zd/kdx.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (Application) (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\giga pocket\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (Application) (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#27
Michelle
Posted 04 May 2005 - 06:13 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Do you play at Party Poker?

How is your system running now?
  • 0

#28
Bru1922
Posted 04 May 2005 - 06:15 PM

Bru1922

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I used to play but not much anymore. If that is why I am getting this we can eliminate. It appears to be going pretty good. Havn't been getting any pop-ups the last day or so. :tazz:
  • 0

#29
Michelle
Posted 04 May 2005 - 06:48 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
There is one more thing I'm looking at, I'll be right back! :tazz:
  • 0

#30
Michelle
Posted 04 May 2005 - 07:04 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I don't know of any problem with party poker, I just always ask when someone has software such as that on their computer ;)

If you want to remove it, then go to Start > Control panel > Add or Remove programs and remove, if found:

PartyPoker

Delete this folder:
c:\program files\partypoker

Then Run HiJackThis, and put a check next to the following items and click FIX CHECKED:

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll

If you want to keep it then there isn't anything else you need to get rid of because it looks good! ;)

Congratulations your log is clean! Great job on the clean up :tazz:

I recommend checking the http://www.microsoft.com website periodically for critical updates to install.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Ewido Security Suite <= Protection against Trojans, Worms, Dialers, Hijackers, Spyware, and Keyloggers.

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definitely a must have. Two good free versions are Sygate and ZoneLabs.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP