Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred]Nail/Abetterinternet/Aurora malware: HELP![RESOLVED]

Started by Enrique , May 01 2005 04:51 PM

  • This topic is locked This topic is locked

#1
Enrique
Posted 01 May 2005 - 04:51 PM

Enrique

    New Member

  • Member
  • Pip
  • 7 posts
I’ve been having the following problem for the last 5 days. I think I have the “ABetterInternet” spyware or one of its variants. I ran CWShredder and it detected the “VX2” spyware a couple of times, until it eventually deleted it or it is not detecting it anymore. I also have Spy Sweeper, which apparently deleted a bunch of stuff. However, it keeps detecting the “Abetterinternet” spyware (with about 20 traces) every time I run a sweep with it. Before running Spy Sweeper, the browser kept opening abruptly with all sorts of advertisement web sites. Now (after running/installing Spy Sweeper) the only symptom I can see is that every now and then a little window with the name “Aurora” opens, but at least I am not experiencing frequent “hijacking” of my browser since Spy Sweeper blocks it (I get a prompt). FYI, I also have Spywareblaster, Ad-Adware SE and SPybot S&D installed. Below is my Ad-Adware SE log file. As you will see, it detects a “general windows vulnerability”, which it doesn’t go away after quarentine/deletion. Also, with hijackthis!, I detect:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
which does not go away after “fixing” it. ANY help will be greatly appreciated since I am in the middle of a trip and really need this laptop running again; I am desperate!!. Thanks before hand.
=======================================
Ad-Aware SE Build 1.05
Logfile Created on:Sunday, May 01, 2005 11:01:46 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-1-2005 11:01:46 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 796
ThreadCreationTime : 5-2-2005 2:49:50 AM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 924
ThreadCreationTime : 5-2-2005 2:49:54 AM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 968
ThreadCreationTime : 5-2-2005 2:49:54 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 980
ThreadCreationTime : 5-2-2005 2:49:54 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1128
ThreadCreationTime : 5-2-2005 2:49:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1264
ThreadCreationTime : 5-2-2005 2:49:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1712
ThreadCreationTime : 5-2-2005 2:49:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:8 [cvpnd.exe]
FilePath : C:\Program Files\Cisco Systems\VPN Client\
ProcessID : 1944
ThreadCreationTime : 5-2-2005 2:50:01 AM
BasePriority : Normal
FileVersion : 4.0.5 (A)
ProductVersion : 4.0.5 (A)
ProductName : Cisco Systems VPN Client
CompanyName : Cisco Systems, Inc.
FileDescription : Cisco Systems VPN Client
InternalName : cvpnd
LegalCopyright : Copyright © 1998-2003 Cisco Systems, Inc.
OriginalFilename : CVPND.EXE

#:9 [defwatch.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 1960
ThreadCreationTime : 5-2-2005 2:50:01 AM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:10 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 2000
ThreadCreationTime : 5-2-2005 2:50:02 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:11 [rtvscan.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 2044
ThreadCreationTime : 5-2-2005 2:50:02 AM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003

#:12 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 232
ThreadCreationTime : 5-2-2005 2:50:02 AM
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:13 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 240
ThreadCreationTime : 5-2-2005 2:50:02 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:14 [sssvr.exe]
FilePath : C:\Program Files\Sony\VAIO Media Integrated Server\Music\
ProcessID : 312
ThreadCreationTime : 5-2-2005 2:50:02 AM
BasePriority : Normal
FileVersion : 2.6.00.10031
ProductVersion : 2.6.00
ProductName : VAIO Media Music Server
CompanyName : Sony Corporation
FileDescription : VAIO Media Music Server
InternalName : SSSvr
LegalCopyright : Copyright 2002,2003 Sony Corp.
OriginalFilename : SSSvr.exe
Comments : VAIO Media Music Server

#:15 [photoappsrv.exe]
FilePath : C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\
ProcessID : 336
ThreadCreationTime : 5-2-2005 2:50:02 AM
BasePriority : Normal


#:16 [sv_httpd.exe]
FilePath : C:\Program Files\Sony\VAIO Media Integrated Server\Platform\
ProcessID : 676
ThreadCreationTime : 5-2-2005 2:50:03 AM
BasePriority : Normal
FileVersion : 2.6.00.06090
ProductVersion : 2.6.00.06090
ProductName : SV_Httpd.exe
CompanyName : Sony Corporation
FileDescription : Sony HTTP Server
InternalName : SV_Httpd
LegalCopyright : Copyright 2002, 2003 Sony Corp.
OriginalFilename : SV_Httpd.exe

#:17 [upnpframework.exe]
FilePath : C:\Program Files\Sony\VAIO Media Integrated Server\Platform\
ProcessID : 720
ThreadCreationTime : 5-2-2005 2:50:04 AM
BasePriority : Normal
FileVersion : 4.0.00.10030
ProductVersion : 4.0.00.10030
ProductName : UPnPFramework.exe
CompanyName : Sony Corporation
FileDescription : Sony UPnP Framework
InternalName : UPnPFramework
LegalCopyright : Copyright 2002,2003 Sony Corp.
OriginalFilename : UPnPFramework.exe

#:18 [sv_httpd.exe]
FilePath : C:\Program Files\Sony\VAIO Media Integrated Server\Platform\
ProcessID : 732
ThreadCreationTime : 5-2-2005 2:50:04 AM
BasePriority : Normal
FileVersion : 2.6.00.06090
ProductVersion : 2.6.00.06090
ProductName : SV_Httpd.exe
CompanyName : Sony Corporation
FileDescription : Sony HTTP Server
InternalName : SV_Httpd
LegalCopyright : Copyright 2002, 2003 Sony Corp.
OriginalFilename : SV_Httpd.exe

#:19 [upnpframework.exe]
FilePath : C:\Program Files\Sony\VAIO Media Integrated Server\Platform\
ProcessID : 760
ThreadCreationTime : 5-2-2005 2:50:04 AM
BasePriority : Normal
FileVersion : 4.0.00.10030
ProductVersion : 4.0.00.10030
ProductName : UPnPFramework.exe
CompanyName : Sony Corporation
FileDescription : Sony UPnP Framework
InternalName : UPnPFramework
LegalCopyright : Copyright 2002,2003 Sony Corp.
OriginalFilename : UPnPFramework.exe

#:20 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 412
ThreadCreationTime : 5-2-2005 2:50:18 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:21 [ico.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1480
ThreadCreationTime : 5-2-2005 2:50:22 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 8
ProductVersion : 1.0.0.0
ProductName : MouseSuite 98
CompanyName : Primax Electronics Ltd.
FileDescription : Mouse Suite 98 Daemon
InternalName : pelmiced.exe
LegalCopyright : Copyright © 1997, Primax Electronics Ltd.
LegalTrademarks : Primax Electronics Ltd.

#:22 [reminder.exe]
FilePath : C:\WINDOWS\Sonysys\VAIO Recovery\
ProcessID : 1492
ThreadCreationTime : 5-2-2005 2:50:22 AM
BasePriority : Normal
FileVersion : 1.7.0.0
ProductVersion : 1.7.0.0
ProductName : Reminder Application
CompanyName : Sony Electronics, Inc
FileDescription : VAIO Recovery Media Kit Creation Reminder
InternalName : Reminder
LegalCopyright : Copyright © 2002, 2003
OriginalFilename : Reminder.EXE

#:23 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1504
ThreadCreationTime : 5-2-2005 2:50:22 AM
BasePriority : Normal
FileVersion : 6.1c
ProductVersion : QuickTime 6.1c
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:24 [hkserv.exe]
FilePath : C:\Program Files\Sony\HotKey Utility\
ProcessID : 592
ThreadCreationTime : 5-2-2005 2:50:22 AM
BasePriority : Normal


#:25 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 1768
ThreadCreationTime : 5-2-2005 2:50:25 AM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003

#:26 [ieprivacykeeper.exe]
FilePath : C:\Program Files\UnH Solutions\IE Privacy Keeper\
ProcessID : 1584
ThreadCreationTime : 5-2-2005 2:50:25 AM
BasePriority : Normal
FileVersion : 2.3.0
ProductVersion : 2.3.0
ProductName : IE Privacy Keeper
CompanyName : UnH Solutions
FileDescription : IE Privacy Keeper
InternalName : IEPrivacyKeeper.exe
LegalCopyright : Copyright © UnH Solutions. All rights reserved.
OriginalFilename : IEPrivacyKeeper.exe

#:27 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1800
ThreadCreationTime : 5-2-2005 2:50:26 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:28 [spysweeper.exe]
FilePath : C:\Program Files\Webroot\Spy Sweeper\
ProcessID : 1816
ThreadCreationTime : 5-2-2005 2:50:26 AM
BasePriority : Normal
FileVersion : 3.5.0.199
ProductVersion : 3.5
ProductName : Spy Sweeper
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper
LegalCopyright : Copyright © 2001-2004 Webroot Software, Inc.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.

#:29 [hkwnd.exe]
FilePath : C:\Program Files\Sony\HotKey Utility\
ProcessID : 1852
ThreadCreationTime : 5-2-2005 2:50:27 AM
BasePriority : Normal


#:30 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Acrobat 5.0\Distillr\
ProcessID : 1756
ThreadCreationTime : 5-2-2005 2:50:28 AM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:31 [wzqkpick.exe]
FilePath : C:\Program Files\WinZip\
ProcessID : 2096
ThreadCreationTime : 5-2-2005 2:50:29 AM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6028)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:32 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2716
ThreadCreationTime : 5-2-2005 2:51:55 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
716 entries scanned.
New critical objects:0
Objects found so far: 1




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

11:48:12 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:46:25.475
Objects scanned:317129
Objects identified:1
Objects ignored:0
New critical objects:1
  • 0

Advertisements

#2
Guest_Andy_veal_*
Posted 01 May 2005 - 06:10 PM

Guest_Andy_veal_*
  • Guest

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
716 entries scanned.
New critical objects:0
Objects found so far: 1


If your system is running a program which changes the hosts file or you have added listings to the hosts file then there is no need to check further. Otherwise, please download the "Host File Viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your HOST file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip
  • 0

#3
Guest_Andy_veal_*
Posted 01 May 2005 - 06:10 PM

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

#4
Enrique
Posted 02 May 2005 - 06:51 AM

Enrique

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Andy,
thanks for your help, sorry for the late reply as I am in Europe. I didn't understand your first Post (#2); I don't know exactly what you mean about the hosts files and and I don't know what should my defaults settings for my host file should be (I am not an expert :tazz: ). In response to your post #3, here is my Hijack this! file (below). As I said before, the F2 entry does not go away when fixing it, and I still get a small Audora pop up every now and then. Thanks very much for your help!
--Enrique
----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 2:46:42 PM, on 5/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ie.psu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ie.psu.edu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ie.psu.edu/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -stcleanup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O15 - Trusted Zone: http://www.abnamro.nl
O15 - Trusted Zone: http://www.accorhotels.com
O15 - Trusted Zone: http://www.aclu.org
O15 - Trusted Zone: http://book.bestwestern.com
O15 - Trusted Zone: http://www.download.com
O15 - Trusted Zone: http://www.eurostar.com
O15 - Trusted Zone: http://www.eurotunnel.com
O15 - Trusted Zone: http://www.guidesdecharme.com
O15 - Trusted Zone: http://www.hoteldelacite.com
O15 - Trusted Zone: http://www.mercure.com
O15 - Trusted Zone: http://www.merijn.org
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: www.micrososoft.com
O15 - Trusted Zone: http://marsprogram.jpl.nasa.gov
O15 - Trusted Zone: http://www.nasa.gov
O15 - Trusted Zone: http://webmail.nvcs.org
O15 - Trusted Zone: http://www.parador.es
O15 - Trusted Zone: http://www.toscanelli.com
O15 - Trusted Zone: http://www.jornada.unam.mx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ie.psu.edu
O17 - HKLM\Software\..\Telephony: DomainName = ie.psu.edu
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\tuneup\WinStylerThemeSvc.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
  • 0

#5
Enrique
Posted 02 May 2005 - 09:00 AM

Enrique

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Andy (or whoever can help me, as I was re-directed to this forum from the Ad-Aware forum):
with respect to Andy's Post#2 and the "hosts" situation, I downloaded the Hostfilesreader program and looked into the hosts file. It contian a lot of addresses unknown to me. Thus, I reset the setting to the defualt (now I know what you meant). Still, I am getting the Audora little pop up and Hijackthis still says I have the Nail.exe program. This is a new Hijackthis file. Any help will surely be appreciated.
==============

Logfile of HijackThis v1.99.1
Scan saved at 5:02:13 PM, on 5/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ie.psu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ie.psu.edu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ie.psu.edu/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -stcleanup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O15 - Trusted Zone: http://www.abnamro.nl
O15 - Trusted Zone: http://members.accessbee.com
O15 - Trusted Zone: http://www.accorhotels.com
O15 - Trusted Zone: http://www.aclu.org
O15 - Trusted Zone: http://book.bestwestern.com
O15 - Trusted Zone: http://www.download.com
O15 - Trusted Zone: http://www.eurostar.com
O15 - Trusted Zone: http://www.eurotunnel.com
O15 - Trusted Zone: http://www.guidesdecharme.com
O15 - Trusted Zone: http://www.hoteldelacite.com
O15 - Trusted Zone: http://www.mercure.com
O15 - Trusted Zone: http://www.merijn.org
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: www.micrososoft.com
O15 - Trusted Zone: http://marsprogram.jpl.nasa.gov
O15 - Trusted Zone: http://www.nasa.gov
O15 - Trusted Zone: http://webmail.nvcs.org
O15 - Trusted Zone: http://www.parador.es
O15 - Trusted Zone: http://www.toscanelli.com
O15 - Trusted Zone: http://www.jornada.unam.mx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ie.psu.edu
O17 - HKLM\Software\..\Telephony: DomainName = ie.psu.edu
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\tuneup\WinStylerThemeSvc.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
  • 0

#6
Metallica
Posted 02 May 2005 - 09:11 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hi Enrique,

I'll want to look what files are left behind.

Download FindIt's.zip to your desktop: http://forums.net-in...=post&id=142443

1. Unzip/extract the files inside to a folder on your desktop.
2. Open the folder and run FindIt's.bat and wait for notepad to open a text file. It will take awhile so please be patient ...
3. Then post the results here

Regards,
  • 0

#7
Enrique
Posted 02 May 2005 - 10:39 AM

Enrique

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Pieter,
thanks very for your help. Below is the Find-It's info. you asked for.
--Enrique
---------------

Microsoft Windows XP [Version 5.1.2600]
The current date is: Mon 05/02/2005
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» aurora Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»

* aurora C:\WINDOWS\BOXQTJY.EXE

»»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Dont delete file's in the section without guidance
If any doubt back them up first

* UPX! C:\WINDOWS\DNVCZC~1.EXE
* UPX! C:\WINDOWS\NAIL.EXE

»»»»» lagitamate file's can/will show in this section.

»»»»»»»»»»»»»»»»»»»»»»»» Buddy file's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* buddy C:\WINDOWS\DNVCZC~1.EXE

»»»»»»»»»»»»»»»»»»»»»»»» SAHAgent Files found »»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Misc checks »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»» Checking Windir\svcproc.exe and nail.exe.

Nail.exe
»»»»» Checking for System32\DrPMon.dll.

»»»»» Check for Windows\SYSTEM32\cache32_rtneg* folder.

Volume in drive C has no label.
Volume Serial Number is 980E-5DD3

Directory of C:\WINDOWS\SYSTEM32

»»»»» Checking for SAHAgent ico files.
Volume in drive C has no label.
Volume Serial Number is 980E-5DD3

Directory of C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»».


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\aurora
  • 0

#8
Metallica
Posted 02 May 2005 - 12:38 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Click Start > Run > type cmd > OK

The command prompt will open.
Usually it does this in C:\Documents and settings\{username}
Type the command cd\ until only the C:\> is left

then type the following commands:
cd Windows
Nail.exe /Fullremove

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\Nail.exe 
C:\WINDOWS\Bolger.dll 
C:\WINDOWS\svcproc.exe 
C:\WINDOWS\DNVCZC~1.EXE
C:\WINDOWS\BOXQTJY.EXE

6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot and post a new HijackThis log

Regards,
  • 0

#9
Enrique
Posted 02 May 2005 - 02:45 PM

Enrique

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Pieter,
I did as you said, I think (Killbox only took the first 3 file names from the Clipboard, but then I entered the last 2 and I think it worked OK). When rebooting, I got a Windows error saying "Windows can't find c:\windows\Nail.exe"; I wonder if this is good or bad. The new hijackthis file is below. Thanks for your help!
---------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:39:45 PM, on 5/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
D:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ie.psu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ie.psu.edu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ie.psu.edu/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -stcleanup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O15 - Trusted Zone: http://www.abnamro.nl
O15 - Trusted Zone: http://members.accessbee.com
O15 - Trusted Zone: http://www.accorhotels.com
O15 - Trusted Zone: http://www.aclu.org
O15 - Trusted Zone: http://book.bestwestern.com
O15 - Trusted Zone: http://www.download.com
O15 - Trusted Zone: http://www.eurostar.com
O15 - Trusted Zone: http://www.eurotunnel.com
O15 - Trusted Zone: http://www.guidesdecharme.com
O15 - Trusted Zone: http://www.hoteldelacite.com
O15 - Trusted Zone: http://www.mercure.com
O15 - Trusted Zone: http://www.merijn.org
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: www.micrososoft.com
O15 - Trusted Zone: http://marsprogram.jpl.nasa.gov
O15 - Trusted Zone: http://www.nasa.gov
O15 - Trusted Zone: http://forums.net-integration.net
O15 - Trusted Zone: http://webmail.nvcs.org
O15 - Trusted Zone: http://www.parador.es
O15 - Trusted Zone: http://www.downloads.subratam.org
O15 - Trusted Zone: http://www.toscanelli.com
O15 - Trusted Zone: http://www.jornada.unam.mx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ie.psu.edu
O17 - HKLM\Software\..\Telephony: DomainName = ie.psu.edu
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\tuneup\WinStylerThemeSvc.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
  • 0

#10
Metallica
Posted 02 May 2005 - 02:52 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
That probably means the /Fullremove didn't work.
Did you include the space?

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

And reboot.

The rest looks good.

Post another FindIt's log just to make sure.

Regards,

Pieter
  • 0

#11
Enrique
Posted 02 May 2005 - 03:19 PM

Enrique

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Pieter,
I think I did include the space. Good news is that I don't see the F2--nail.exe item in the new hijackthis log (see below). Does this mean I'm clean? :tazz: In case I am, what good free anti-spyware do you suggest I use in the future? I installed spy sweeper which seems to be quite good (although, as you can see, didn't remove this bug!) but is not really free.
--------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:13:45 PM, on 5/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
D:\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ie.psu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ie.psu.edu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ie.psu.edu/
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -stcleanup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O15 - Trusted Zone: http://www.abnamro.nl
O15 - Trusted Zone: http://members.accessbee.com
O15 - Trusted Zone: http://www.accorhotels.com
O15 - Trusted Zone: http://www.aclu.org
O15 - Trusted Zone: http://book.bestwestern.com
O15 - Trusted Zone: http://www.download.com
O15 - Trusted Zone: http://www.eurostar.com
O15 - Trusted Zone: http://www.eurotunnel.com
O15 - Trusted Zone: http://www.guidesdecharme.com
O15 - Trusted Zone: http://www.hoteldelacite.com
O15 - Trusted Zone: http://www.mercure.com
O15 - Trusted Zone: http://www.merijn.org
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: www.micrososoft.com
O15 - Trusted Zone: http://marsprogram.jpl.nasa.gov
O15 - Trusted Zone: http://www.nasa.gov
O15 - Trusted Zone: http://forums.net-integration.net
O15 - Trusted Zone: http://webmail.nvcs.org
O15 - Trusted Zone: http://www.parador.es
O15 - Trusted Zone: http://www.downloads.subratam.org
O15 - Trusted Zone: http://www.toscanelli.com
O15 - Trusted Zone: http://www.jornada.unam.mx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ie.psu.edu
O17 - HKLM\Software\..\Telephony: DomainName = ie.psu.edu
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\tuneup\WinStylerThemeSvc.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
  • 0

#12
Metallica
Posted 03 May 2005 - 01:21 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Please have a look at my site for some tips on how to remove and prevent spyware.

Let me know if your computer is behaving that way too.

Your log is clean now, so you did a great job.

Regards,
  • 0

#13
Enrique
Posted 05 May 2005 - 02:45 PM

Enrique

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks very much for all your great help, Pieter.
--Enrique
  • 0

#14
Metallica
Posted 05 May 2005 - 03:07 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP