Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antivirus Gold


  • This topic is locked This topic is locked

#1
kuya86

kuya86

    New Member

  • Member
  • Pip
  • 4 posts
Hello,

First i really appreciate you taking your time out to help people and give them advice. I'm one of many that has been captured by the Antivirus Gold. I've ran spybot and ad-aware but nothing changes.

Here's my thread :

Logfile of HijackThis v1.99.1
Scan saved at 11:30:19 PM, on 6/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
c:\windows\system32\gxuxuib.exe
C:\WINDOWS\inetdata\services.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Media Pass\MediaPassK.exe
C:\WINDOWS\system32\gglib.exe
C:\WINDOWS\winsocks5.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\hookdump.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Media Pass\MediaPass.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\JENNIF~1\LOCALS~1\Temp\3.exe
C:\Documents and Settings\Jennifer Muya\Local Settings\Temporary Internet Files\Content.IE5\MLQ72D8D\HijackThis[1].exe
C:\DOCUME~1\JENNIF~1\LOCALS~1\Temp\6.tmp\thnall1a.exe
C:\WINDOWS\Nail.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10039/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.sony.com/vaiopeople
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\inetdata\services.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jennifer Muya\Application Data\Mozilla\Profiles\default\7u9iu4cs.slt\prefs.js)
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - (no file)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gysxdqa] c:\windows\system32\gysxdqa.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [mT1q21l] C:\WINDOWS\embbaq.exe
O4 - HKLM\..\Run: [lst] C:\WINDOWS\lst.exe
O4 - HKLM\..\Run: [atulih] C:\WINDOWS\atulih.exe
O4 - HKLM\..\Run: [ahqhyl] C:\WINDOWS\ahqhyl.exe
O4 - HKLM\..\Run: [izgj] C:\WINDOWS\izgj.exe
O4 - HKLM\..\Run: [nezafgj] C:\WINDOWS\nezafgj.exe
O4 - HKLM\..\Run: [rmrcj] C:\WINDOWS\rmrcj.exe
O4 - HKLM\..\Run: [mtgpql] C:\WINDOWS\mtgpql.exe
O4 - HKLM\..\Run: [fif] C:\WINDOWS\fif.exe
O4 - HKLM\..\Run: [bcjul] C:\WINDOWS\bcjul.exe
O4 - HKLM\..\Run: [qlsbodeh] C:\WINDOWS\qlsbodeh.exe
O4 - HKLM\..\Run: [yrohankn] C:\WINDOWS\yrohankn.exe
O4 - HKLM\..\Run: [bbxsom] c:\windows\system32\vkouxgj.exe
O4 - HKLM\..\Run: [bebedkv] C:\WINDOWS\bebedkv.exe
O4 - HKLM\..\Run: [vmtuner] gglib.exe
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\winsocks5.exe
O4 - HKLM\..\Run: [zhvspp] c:\windows\system32\gxuxuib.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\CalibAdobe Gamma Loader.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {54BA6321-553C-41DF-BAA3-9E5DC2452F7C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {54BA6321-553C-41DF-BAA3-9E5DC2452F7C} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8D344452-C968-4FBD-9D16-68FEA30C6933} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8D344452-C968-4FBD-9D16-68FEA30C6933} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {CB320B73-2B31-4409-B9E6-6C103BCFF65D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CB320B73-2B31-4409-B9E6-6C103BCFF65D} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02974988-E5D4-32C0-B461-36CF7E12F540} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony...ct/VaioInfo.CAB
O16 - DPF: {06F12E16-5B63-04D7-01D4-302F52EF00B0} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {0722E8E9-78BE-3724-192F-664D3743F062} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {0C694ADA-2234-1787-DEEE-324E26A4D0CD} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {12D91D3B-880B-5035-CE90-6B7A08BECF94} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {1373B17C-BE7C-3F5D-7299-49F812661904} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c7.cab
O16 - DPF: {19EA9C82-F488-18D1-9542-6BCE1E659361} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {1A67C422-DEA8-4CFF-ACD7-29BA6F781B28} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {1AB9A5F7-ACC6-7A2B-AC6E-50BC2A789F4D} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {1D6AF921-03AF-5C86-8F4C-1BD832426930} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {1EF65F6D-D4D4-11EA-AFC4-311B12CEF76B} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {1FA8E848-C3D5-2FD4-B45A-2C5A16B74810} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {2674620D-6983-3B03-2B35-3B634437E859} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {29B23C77-0F5A-3EB6-4E10-37573843F925} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {2CFAB3AB-9163-654C-48CC-55CB444253F0} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {2DA678EF-E302-1C0B-B73D-6E303F870AC6} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {2F41D58A-BED6-0A9C-FCD3-425076B4E5F6} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {3144763D-14FE-40C0-D63E-78C12237B026} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {326FEF3B-06B5-63A2-09A3-61D62ECF0364} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {3986ADBF-C56E-3E5C-0A83-385F78772500} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {3C77189C-2CB2-113E-9A2E-6FC73822C9EA} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {3DC0C7BF-F6D2-3C3D-734E-1AD863F5ABBD} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {3E63B2C6-6A02-7BA7-CC2B-140A0AAA6FA1} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {420B01E2-7809-3168-0C6A-16755DCCDB4C} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {43083AA7-F44D-2548-A75F-38721C476366} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {455FDC66-1DC9-4420-FE77-6CD6668EC950} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {48A1F459-3EC0-0FEC-B06A-350F24CBCDEE} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {48C2F02F-FF5D-2B86-EE6D-350A62E7CCE6} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {499B0BC6-485A-2EAB-13B0-6F4D2B79BF4F} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {4A431F9B-3828-030F-0F2A-033A1E278A73} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {4A7A21BB-DFBE-5C48-F5CE-610550A0696C} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {4B923693-AAA3-799C-797C-5E296BF94C04} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {4FDAC5FC-A507-0D3A-7696-200055CAEA01} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {5418CB0D-DA43-5949-0485-072F5E2A0D71} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {54543515-952B-02F5-99F7-34AB76731259} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {58D8B3FE-A51B-6E25-DCF1-64F50042F694} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {5958B62A-1385-09B3-002D-266913171B09} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {627A3F86-7C5C-4340-6971-29F6703FA89B} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {664D0AD8-4362-4666-A171-0A425020F83D} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {6A19202D-48B2-449E-6123-24E43AD828DC} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {7089B444-D67B-3839-A145-7E0F1C5DAAEC} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {73BE50A4-7398-5724-E38E-31D977772409} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {7A5200FE-C92E-5F5F-EAAE-1A465D207CE8} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {7BF86C97-DAE6-61A0-5928-556C746C7737} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {7D4A7186-6EC4-2ED0-7B2E-7F1D5D0FFF51} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/d...ionale_ver4.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O20 - AppInit_DLLs: w8c6s4xcm66.dll
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

Thank You...
  • 0

Advertisements


#2
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome kuya86 to Geeks to Go!

Please read these instructions carefully. You may want to print them. Copy the text to a Notepad file and save it to your desktop! We will need the file later.
Be sure to follow ALL instructions!



Download: deldomains.
To use: right-click and select: Install (no need to restart)
Should the link above display the text instead of downloading the file, then copy & paste the text into notepad and save the file as DellDomains.inf
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

***

Please RIGHT-CLICK here and go to Save As (in Internet Explorer it's "Save Target As") in order to download Metallica’s reg file. Save it to your desktop.
Leave it for now.

***

Download CleanUp!.
If that doesn’t work, use this link.
Double click the file cleanup.

Go to option
Select ‘custom’
Put a check to:* Cookies
* Prefetch
* Temp
* All users.
Press 'cleanup!'

Once it's done, press Close.

Let the system reboot.

***

Please download the Killbox.
Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\Windows\System32\hookdump.exe
C:\Windows\System32\winnook.exe
C:\Windows\desktop.html
C:\Windows\screen.html

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt if you get one.
*If the computer does not reboot by itself, do it manually.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

***

Locate "antivirusgold.reg" on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the "merged successfully" prompt then follow the rest of the instructions below.

***

Delete the entire folder C:\Program Files\AntiVirusGold

In the Control Panel click Display > Desktop > Customize desktop > Website > Uncheck "Security Info"

***

Then boot back to normal.

***

Download Hoster
Unzip it to a convenient place and open the program.
Choose "Restore Original Hosts" and press "OK".
Close the program.

***

Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
Reboot your machine and post back a new HJT log and the ewido.txt log file you saved by using Add Reply

Edited by g2i2r4, 15 June 2005 - 04:29 PM.

  • 0

#3
kuya86

kuya86

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
okay, here's my HJT log....Antivirius Gold has disappeared..THANK YOU SO MUCH...but unfortunately i think i have a Coolwebsearch problem... :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 1:47:56 AM, on 6/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\inetdata\services.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\winsocks5.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jennifer Muya\My Documents\GTG help\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10039/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.sony.com/vaiopeople
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\inetdata\services.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jennifer Muya\Application Data\Mozilla\Profiles\default\7u9iu4cs.slt\prefs.js)
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll (file missing)
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - (no file)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gysxdqa] c:\windows\system32\gysxdqa.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [mT1q21l] C:\WINDOWS\embbaq.exe
O4 - HKLM\..\Run: [lst] C:\WINDOWS\lst.exe
O4 - HKLM\..\Run: [atulih] C:\WINDOWS\atulih.exe
O4 - HKLM\..\Run: [ahqhyl] C:\WINDOWS\ahqhyl.exe
O4 - HKLM\..\Run: [izgj] C:\WINDOWS\izgj.exe
O4 - HKLM\..\Run: [nezafgj] C:\WINDOWS\nezafgj.exe
O4 - HKLM\..\Run: [rmrcj] C:\WINDOWS\rmrcj.exe
O4 - HKLM\..\Run: [mtgpql] C:\WINDOWS\mtgpql.exe
O4 - HKLM\..\Run: [fif] C:\WINDOWS\fif.exe
O4 - HKLM\..\Run: [bcjul] C:\WINDOWS\bcjul.exe
O4 - HKLM\..\Run: [qlsbodeh] C:\WINDOWS\qlsbodeh.exe
O4 - HKLM\..\Run: [yrohankn] C:\WINDOWS\yrohankn.exe
O4 - HKLM\..\Run: [bbxsom] c:\windows\system32\vkouxgj.exe
O4 - HKLM\..\Run: [bebedkv] C:\WINDOWS\bebedkv.exe
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\winsocks5.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\CalibAdobe Gamma Loader.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {54BA6321-553C-41DF-BAA3-9E5DC2452F7C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {54BA6321-553C-41DF-BAA3-9E5DC2452F7C} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8D344452-C968-4FBD-9D16-68FEA30C6933} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8D344452-C968-4FBD-9D16-68FEA30C6933} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {CB320B73-2B31-4409-B9E6-6C103BCFF65D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CB320B73-2B31-4409-B9E6-6C103BCFF65D} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02974988-E5D4-32C0-B461-36CF7E12F540} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony...ct/VaioInfo.CAB
O16 - DPF: {06F12E16-5B63-04D7-01D4-302F52EF00B0} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {0722E8E9-78BE-3724-192F-664D3743F062} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {0C694ADA-2234-1787-DEEE-324E26A4D0CD} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {12D91D3B-880B-5035-CE90-6B7A08BECF94} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {1373B17C-BE7C-3F5D-7299-49F812661904} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c7.cab
O16 - DPF: {19EA9C82-F488-18D1-9542-6BCE1E659361} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {1A67C422-DEA8-4CFF-ACD7-29BA6F781B28} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {1AB9A5F7-ACC6-7A2B-AC6E-50BC2A789F4D} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {1D6AF921-03AF-5C86-8F4C-1BD832426930} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {1EF65F6D-D4D4-11EA-AFC4-311B12CEF76B} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {1FA8E848-C3D5-2FD4-B45A-2C5A16B74810} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {2674620D-6983-3B03-2B35-3B634437E859} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {29B23C77-0F5A-3EB6-4E10-37573843F925} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {2CFAB3AB-9163-654C-48CC-55CB444253F0} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {2DA678EF-E302-1C0B-B73D-6E303F870AC6} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {2F41D58A-BED6-0A9C-FCD3-425076B4E5F6} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {3144763D-14FE-40C0-D63E-78C12237B026} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {326FEF3B-06B5-63A2-09A3-61D62ECF0364} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {3986ADBF-C56E-3E5C-0A83-385F78772500} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {3C77189C-2CB2-113E-9A2E-6FC73822C9EA} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {3DC0C7BF-F6D2-3C3D-734E-1AD863F5ABBD} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {3E63B2C6-6A02-7BA7-CC2B-140A0AAA6FA1} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {420B01E2-7809-3168-0C6A-16755DCCDB4C} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {43083AA7-F44D-2548-A75F-38721C476366} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {455FDC66-1DC9-4420-FE77-6CD6668EC950} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {48A1F459-3EC0-0FEC-B06A-350F24CBCDEE} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {48C2F02F-FF5D-2B86-EE6D-350A62E7CCE6} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {499B0BC6-485A-2EAB-13B0-6F4D2B79BF4F} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {4A431F9B-3828-030F-0F2A-033A1E278A73} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {4A7A21BB-DFBE-5C48-F5CE-610550A0696C} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {4B923693-AAA3-799C-797C-5E296BF94C04} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {4FDAC5FC-A507-0D3A-7696-200055CAEA01} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {5418CB0D-DA43-5949-0485-072F5E2A0D71} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {54543515-952B-02F5-99F7-34AB76731259} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {58D8B3FE-A51B-6E25-DCF1-64F50042F694} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {5958B62A-1385-09B3-002D-266913171B09} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {627A3F86-7C5C-4340-6971-29F6703FA89B} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {664D0AD8-4362-4666-A171-0A425020F83D} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {6A19202D-48B2-449E-6123-24E43AD828DC} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {7089B444-D67B-3839-A145-7E0F1C5DAAEC} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {73BE50A4-7398-5724-E38E-31D977772409} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {7A5200FE-C92E-5F5F-EAAE-1A465D207CE8} - http://69.50.182.94/1/gdnJP994.exe
O16 - DPF: {7BF86C97-DAE6-61A0-5928-556C746C7737} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {7D4A7186-6EC4-2ED0-7B2E-7F1D5D0FFF51} - http://69.50.182.94/1/gdnJP896.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180search...com/180saax.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/d...ionale_ver4.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O20 - AppInit_DLLs: w8c6s4xcm66.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

and here is my ewido.txt log file

Attached Files


  • 0

#4
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
You must have been collecting these things. :tazz:

No problem, let's move on to the next infection.

Please disable SpybotSD’s protection, as it may hinder the removal of the infection. You can enable it after you're clean.

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on System Startup icon.
Uncheck Teatimer box and/or Uncheck Resident.
Click Allow Change box.
Close Spybot and reboot.

***

Please read these instructions carefully. You may want to print them. Copy the text to a Notepad file and save it to your desktop! We will need the file later.
Be sure to follow ALL instructions!


***

Download about:buster by RubbeRDuckY .
Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
***

Download CWShredder Here.
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
***

Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

***

Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

***

Please run About:Buster:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end.

***

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

***

Next please run HijackThis, click Scan, and check:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10039/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com

F3 - REG:win.ini: run=C:\WINDOWS\inetdata\services.exe

O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll (file missing)

O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - (no file)

O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll (file missing)

O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe

O4 - HKLM\..\Run: [gysxdqa] c:\windows\system32\gysxdqa.exe

O4 - HKLM\..\Run: [mT1q21l] C:\WINDOWS\embbaq.exe

O4 - HKLM\..\Run: [lst] C:\WINDOWS\lst.exe

O4 - HKLM\..\Run: [atulih] C:\WINDOWS\atulih.exe

O4 - HKLM\..\Run: [ahqhyl] C:\WINDOWS\ahqhyl.exe

O4 - HKLM\..\Run: [izgj] C:\WINDOWS\izgj.exe

O4 - HKLM\..\Run: [nezafgj] C:\WINDOWS\nezafgj.exe

O4 - HKLM\..\Run: [rmrcj] C:\WINDOWS\rmrcj.exe

O4 - HKLM\..\Run: [mtgpql] C:\WINDOWS\mtgpql.exe

O4 - HKLM\..\Run: [fif] C:\WINDOWS\fif.exe

O4 - HKLM\..\Run: [bcjul] C:\WINDOWS\bcjul.exe

O4 - HKLM\..\Run: [qlsbodeh] C:\WINDOWS\qlsbodeh.exe

O4 - HKLM\..\Run: [yrohankn] C:\WINDOWS\yrohankn.exe

O4 - HKLM\..\Run: [bbxsom] c:\windows\system32\vkouxgj.exe

O4 - HKLM\..\Run: [bebedkv] C:\WINDOWS\bebedkv.exe

O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\winsocks5.exe

O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe

O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZS

O9 - Extra button: Microsoft AntiSpyware helper - {54BA6321-553C-41DF-BAA3-9E5DC2452F7C} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {54BA6321-553C-41DF-BAA3-9E5DC2452F7C} - (no file) (HKCU)

O9 - Extra button: Microsoft AntiSpyware helper - {8D344452-C968-4FBD-9D16-68FEA30C6933} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8D344452-C968-4FBD-9D16-68FEA30C6933} - (no file) (HKCU)

O9 - Extra button: Microsoft AntiSpyware helper - {CB320B73-2B31-4409-B9E6-6C103BCFF65D} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CB320B73-2B31-4409-B9E6-6C103BCFF65D} - (no file) (HKCU)

O16 - DPF: {02974988-E5D4-32C0-B461-36CF7E12F540} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {06F12E16-5B63-04D7-01D4-302F52EF00B0} - http://69.50.182.94/1/gdnJP896.exe

O16 - DPF: {0722E8E9-78BE-3724-192F-664D3743F062} - http://69.50.182.94/1/gdnJP896.exe

O16 - DPF: {0C694ADA-2234-1787-DEEE-324E26A4D0CD} - http://69.50.182.94/1/gdnJP896.exe

O16 - DPF: {12D91D3B-880B-5035-CE90-6B7A08BECF94} - http://69.50.182.94/1/gdnJP896.exe

O16 - DPF: {1373B17C-BE7C-3F5D-7299-49F812661904} - http://69.50.182.94/1/gdnJP896.exe

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c7.cab

O16 - DPF: {19EA9C82-F488-18D1-9542-6BCE1E659361} - http://69.50.182.94/1/gdnJP896.exe

O16 - DPF: {1A67C422-DEA8-4CFF-ACD7-29BA6F781B28} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {1AB9A5F7-ACC6-7A2B-AC6E-50BC2A789F4D} - http://69.50.182.94/1/gdnJP896.exe

O16 - DPF: {1D6AF921-03AF-5C86-8F4C-1BD832426930} - http://69.50.182.94/1/gdnJP896.exe

O16 - DPF: {1EF65F6D-D4D4-11EA-AFC4-311B12CEF76B} - http://69.50.182.94/1/gdnJP896.exe

O16 - DPF: {1FA8E848-C3D5-2FD4-B45A-2C5A16B74810} - http://69.50.182.94/1/gdnJP896.exe

O16 - DPF: {2674620D-6983-3B03-2B35-3B634437E859} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {29B23C77-0F5A-3EB6-4E10-37573843F925} - http://69.50.182.94/1/gdnJP896.exe

O16 - DPF: {2CFAB3AB-9163-654C-48CC-55CB444253F0} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {2DA678EF-E302-1C0B-B73D-6E303F870AC6} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {2F41D58A-BED6-0A9C-FCD3-425076B4E5F6} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {3144763D-14FE-40C0-D63E-78C12237B026} - http://69.50.182.94/1/gdnJP896.exe

O16 - DPF: {326FEF3B-06B5-63A2-09A3-61D62ECF0364} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {3986ADBF-C56E-3E5C-0A83-385F78772500} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {3C77189C-2CB2-113E-9A2E-6FC73822C9EA} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {3DC0C7BF-F6D2-3C3D-734E-1AD863F5ABBD} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {3E63B2C6-6A02-7BA7-CC2B-140A0AAA6FA1} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {420B01E2-7809-3168-0C6A-16755DCCDB4C} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {43083AA7-F44D-2548-A75F-38721C476366} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {455FDC66-1DC9-4420-FE77-6CD6668EC950} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {48A1F459-3EC0-0FEC-B06A-350F24CBCDEE} - http://69.50.182.94/1/gdnJP896.exe

O16 - DPF: {48C2F02F-FF5D-2B86-EE6D-350A62E7CCE6} - http://69.50.182.94/1/gdnJP896.exe

O16 - DPF: {499B0BC6-485A-2EAB-13B0-6F4D2B79BF4F} -
http://69.50.182.94/1/gdnJP896.exe

O16 - DPF: {4A431F9B-3828-030F-0F2A-033A1E278A73} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {4A7A21BB-DFBE-5C48-F5CE-610550A0696C} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {4B923693-AAA3-799C-797C-5E296BF94C04} - http://69.50.182.94/1/gdnJP896.exe

O16 - DPF: {4FDAC5FC-A507-0D3A-7696-200055CAEA01} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {5418CB0D-DA43-5949-0485-072F5E2A0D71} - http://69.50.182.94/1/gdnJP896.exe

O16 - DPF: {54543515-952B-02F5-99F7-34AB76731259} - http://69.50.182.94/1/gdnJP896.exe

O16 - DPF: {58D8B3FE-A51B-6E25-DCF1-64F50042F694} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {5958B62A-1385-09B3-002D-266913171B09} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {627A3F86-7C5C-4340-6971-29F6703FA89B} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {664D0AD8-4362-4666-A171-0A425020F83D} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {6A19202D-48B2-449E-6123-24E43AD828DC} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {7089B444-D67B-3839-A145-7E0F1C5DAAEC} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {73BE50A4-7398-5724-E38E-31D977772409} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {7A5200FE-C92E-5F5F-EAAE-1A465D207CE8} - http://69.50.182.94/1/gdnJP994.exe

O16 - DPF: {7BF86C97-DAE6-61A0-5928-556C746C7737} - http://69.50.182.94/1/gdnJP896.exe

O16 - DPF: {7D4A7186-6EC4-2ED0-7B2E-7F1D5D0FFF51} - http://69.50.182.94/1/gdnJP896.exe

O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180search...com/180saax.cab

O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/d...ionale_ver4.CAB

O20 - AppInit_DLLs: w8c6s4xcm66.dll

Close all open windows except for HijackThis and click Fix Checked.

***

Open Windows Explorer to remove this folder:
C:\WINDOWS\inetdata\

***

Please double-click Killbox.exe to run it.

Select "Delete on Reboot".

Open the Notepad file where you saved the file paths earlier and copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

c:\windows\system32\gysxdqa.exe
C:\WINDOWS\embbaq.exe
C:\WINDOWS\lst.exe
C:\WINDOWS\atulih.exe
C:\WINDOWS\ahqhyl.exe
C:\WINDOWS\izgj.exe
C:\WINDOWS\nezafgj.exe
C:\WINDOWS\rmrcj.exe
C:\WINDOWS\mtgpql.exe
C:\WINDOWS\fif.exe
C:\WINDOWS\bcjul.exe
C:\WINDOWS\qlsbodeh.exe
C:\WINDOWS\yrohankn.exe
c:\windows\system32\vkouxgj.exe
C:\WINDOWS\bebedkv.exe
C:\WINDOWS\winsocks5.exe


Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

***

Run this online virus scan: ActiveScan - Save the results from the scan!

***

Post a new HiJackThis log along with the results from ActiveScan.
Also post the two logs made with About:Buster.
  • 0

#5
kuya86

kuya86

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
WoW...ive seen a definite change THANK YOU SOOO MUCCHHHH!!! you guys are truly computer angels :tazz:

hmmm but was that 180search assistant suppose to disappear too...? ;) and i could not see some of the results you wanted me to fix on the HJT log...so yeah..

well here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:10:05 AM, on 6/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jennifer Muya\My Documents\GTG help\HijackThis.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.sony.com/vaiopeople
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jennifer Muya\Application Data\Mozilla\Profiles\default\7u9iu4cs.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\CalibAdobe Gamma Loader.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony...ct/VaioInfo.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe



My About:Buster logs:


AboutBuster 5.0 reference file 28
Scan started on [6/18/2005] at [1:19:13 AM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 1:19:36 AM


AboutBuster 5.0 reference file 28
Scan started on [6/18/2005] at [1:24:09 AM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 1:24:33 AM

and my ActiveScan:

Attached Files


Edited by kuya86, 18 June 2005 - 09:10 AM.

  • 0

#6
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
As you removed programs from your computer, your HijackThis log changed. That's why you couldn't find those entries.

But ActiveScan says there are still things to remove. Let's see what we can do.

Open HijackThis
Go to ‘config’
Go to ‘misc tools’
Press the button ‘open uninstall manager’
Press the button 'save list'. It will open a Notepad file. Place the content of that file here in your answer please.
  • 0

#7
kuya86

kuya86

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
oohhhhh i understand...okay here it is..


Ad-Aware SE Personal
Adobe Photoshop Elements 2.0
Adobe Reader 6.0
AOL Setup
ArcSoft Camera Suite
ArcSoft VideoImpression 1.6
Ares 1.8.1
Canon PhotoRecord
Canon Utilities Easy-PhotoPrint
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
CleanUp!
Click to DVD 1.3
Drag'n Drop CD+DVD
DVgate Plus
ewido security suite
Giga Pocket 5.5
Giga Pocket Demo Movie
Giga Pocket Hardware Library 5.5
HijackThis 1.99.1
HotKey Utility
HP Photo Printing Software
hp psc 700 series
HP Share-to-Web
Internet update
InterVideo WinDVD 5 for VAIO
Java 2 Runtime Environment, SE v1.4.2_01
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
Macromedia Dreamweaver MX 2004
Macromedia HomeSite+
Macromedia Shockwave Player
Media Pass
Memory Stick Formatter
Microsoft Office Standard Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Works 7.0
MoodLogic
MSN Messenger 6.2
Music Visualizer Library 1.4.00
Netscape (7.02)
Norton AntiVirus 2002
OpenMG Secure Module 3.3.01
PictureGear Studio 2.0
Quicken 2004
QuickTime
RealOne Player
Screenblast ACID 4.0
Screenblast Sound Forge 1.1
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
SiS Compatible VGA V2.21a
SoftK56 Data Fax
SonicStage 1.6.00
SonicStage Mastering Studio 1.1
SonicStage Mastering Studio Plugins 1.0
SonicStage MP3 Add-on program
SonicStage Simple Burner 1.0
Sony Certificate PCH
Sony Utilities DLL
Sony Video Shared Library
Spybot - Search & Destroy 1.3
TopStyle Lite (Version 3.0)
TSA
Turbo Tax Offer
VAIO Action Setup
VAIO BrightColor Wallpaper
VAIO Help and Support
VAIO Media 2.6
VAIO Media Integrated Server 2.6
VAIO Media Redistribution 2.6
VAIO Registration
VAIO Remote Commander Utility 6.2
VAIO Support
VAIO Survey Standalone
VAIO System Information
VGA USB Camera
Viewpoint Media Player (Remove Only)
Welcome to VAIO life
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Wireless Desktop
Yahoo! Anti-Spy
Yahoo! Toolbar
  • 0

#8
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
You have an outdated version of Spybot S&D. I'll let you uninstall it, please download the latest version after that.

Please disable SpybotSD’s protection before moving on


Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on System Startup icon.
Uncheck Resident.
Click Allow Change box.
Close Spybot.

***

Open HijackThis
Go to ‘config’
Go to ‘misc tools’
Press the button ‘open uninstall manager’
In the list find:
Media Pass
Spybot - Search & Destroy 1.3
Press ‘delete this entry’.
Close HijackThis and reboot the system.

***

[*]Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

A tutorial on installing & using this product can be found here:

Using Spybot - Search & Destroy to remove Spyware, Malware, and Hijackers



EDIT:
As there has been no reply from the original poster for more than two weeks this topic is now closed.

If you are the original poster and still need assistance, please send me a PM.

Edited by g2i2r4, 07 July 2005 - 02:37 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP