Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Anti Virus Gold [RESOLVED]

Started by darkmetal505 , Jun 13 2005 01:09 PM

  • This topic is locked This topic is locked

#1
darkmetal505
Posted 13 June 2005 - 01:09 PM

darkmetal505

    Member

  • Member
  • PipPip
  • 39 posts
i seem to have anti virus gold, i got rid of the desktop problem where there is a black desktop screen by running adware away, but when I open up internet explorer, the update searches page opens. I believe I have not completely gotten rid of it.

My HJT log is :

Logfile of HijackThis v1.99.1
Scan saved at 2:06:53 PM, on 6/13/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\WINDOWS\System32\intmon.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\singh\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.updatesearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesea...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp4E5E.tmp
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.xpres-net...er/tdserver.cab
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


Thanks,
Anu
  • 0

Advertisements

#2
Guest_thatman_*
Posted 16 June 2005 - 02:57 PM

Guest_thatman_*
  • Guest
Hi darkmetal505

Please read through the instructions before you start (you may want to print this out).

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from here:
Download nails.cmd fix
Unzip it to the desktop but please do NOT run it yet.

Please download sphjfix Save it to your desktop

Download Pocket Killbox and unzip it; save it to your Desktop.

Please set your system to show all files; please see here if you're unsure how to do this.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Now run the nails.cmd

Now run sphjfix and post the log.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.updatesearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesea...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp4E5E.tmp
Click on Fix Checked when finished and exit HijackThis.

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\intmon.exe
Let the system reboot.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda, Ewido HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#3
darkmetal505
Posted 17 June 2005 - 01:12 PM

darkmetal505

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
here is the sphjfix log:

(6/17/05 10:54:22 AM) SPSeHjFix started v1.1.2
(6/17/05 10:54:22 AM) OS: WinXP (5.1.2600)
(6/17/05 10:54:22 AM) Language: english
(6/17/05 10:54:22 AM) Win-Path: C:\WINDOWS
(6/17/05 10:54:22 AM) System-Path: C:\WINDOWS\System32
(6/17/05 10:54:22 AM) Temp-Path: C:\DOCUME~1\singh\LOCALS~1\Temp\
(6/17/05 10:54:35 AM) Disinfection started
(6/17/05 10:54:35 AM) Bad-Dll(IEP): (not found)
(6/17/05 10:54:35 AM) Bad-Dll(IEP) in BHO: (not found)
(6/17/05 10:54:35 AM) UBF: 4 - UBB: 0 - UBR: 9
(6/17/05 10:54:35 AM) UBF: 4 - UBB: 0 - UBR: 9
(6/17/05 10:54:35 AM) Bad IE-pages: (none)
(6/17/05 10:54:35 AM) Stealth-String not found
(6/17/05 10:54:35 AM) Not infected->END

the ewido log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:49:38 PM, 6/17/2005
+ Report-Checksum: 754296E9

+ Date of database: 6/17/2005
+ Version of scan engine: v3.0

+ Duration: 112 min
+ Scanned Files: 55135
+ Speed: 8.17 Files/Second
+ Infected files: 8
+ Removed files: 7
+ Files put in quarantine: 7
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
D:\

+ Scan result:
C:\Documents and Settings\singh\Cookies\singh@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Adware Away\ad.dll -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\popuper.exe -> Trojan.Puper.l -> Cleaned with backup
C:\WINDOWS\system32\hp4E5E.tmp -> Trojan.Puper.m -> Cleaned with backup
C:\WINDOWS\system32\msmsgs.exe -> TrojanDownloader.Zlob.G -> Cleaned with backup
C:\WINDOWS\system32\oleadm.dll -> Trojan.Agent.eq -> Cleaned with backup
C:\WINDOWS\system32\shnlog.exe -> Trojan.Puper.m -> Cleaned with backup
C:\WINDOWS\uninstIU.exe -> Trojan.Agent.eo -> Cleaned with backup


::Report End


the panda log:


Incident Status Location

Virus:W32/Smitfraud.A Disinfected Operating system
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/CWS No disinfected C:\Documents and Settings\singh\Favorites\Online Gambling\Online Gambling.url
Adware:Adware/SuperSpider No disinfected C:\Documents and Settings\singh\Favorites\online dating.url
Adware:Adware/Popuper No disinfected C:\WINDOWS\System32\msole32.exe
Adware:Adware/Virmaid No disinfected C:\WINDOWS\System32\ole32vbs.exe
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\singh\Favorites\Online Pharmacy\Adipex.url
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\System32\wp.bmp
Adware:Adware/Popuper No disinfected C:\Documents and Settings\singh\Favorites\Black Jack Online.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\singh\Favorites\Home Loan.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\singh\Favorites\Network Security.url
Adware:Adware/SuperSpider No disinfected C:\Documents and Settings\singh\Favorites\Online Dating.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\singh\Favorites\Online Gambling\Online Gambling.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\singh\Favorites\Online Gambling.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\singh\Favorites\Online Pharmacy\Adipex.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\singh\Favorites\Online Pharmacy\Alprazolam.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\singh\Favorites\Online Pharmacy\Carisoprodol.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\singh\Favorites\Online Pharmacy\Diazepam.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\singh\Favorites\Online Pharmacy\Hydrocodone.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\singh\Favorites\Online Pharmacy\Lortab.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\singh\Favorites\Online Pharmacy\Online Pharmacy.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\singh\Favorites\Online Pharmacy\Prozac.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\singh\Favorites\Online Pharmacy\Valium.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\singh\Favorites\Online Pharmacy\Vicodin.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\singh\Favorites\Online Pharmacy\Xanax.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\singh\Favorites\Online Pharmacy.url
Adware:Adware/StartPage.BR No disinfected C:\Program Files\Adware Away\ad.dll
Adware:Adware/Puper No disinfected C:\WINDOWS\system32\hhk.dll
Adware:Adware/Puper No disinfected C:\WINDOWS\system32\intmon.exe
Adware:Adware/Popuper No disinfected C:\WINDOWS\system32\msole32.exe
Adware:Adware/Virmaid No disinfected C:\WINDOWS\system32\ole32vbs.exe
Virus:W32/Smitfraud.A Disinfected C:\WINDOWS\system32\wininet.dll
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\system32\wp.bmp



for the killbox did i have to delete those below?
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\intmon.exe

thanks a bunch

Edited by darkmetal505, 17 June 2005 - 01:13 PM.

  • 0

#4
Guest_thatman_*
Posted 17 June 2005 - 02:08 PM

Guest_thatman_*
  • Guest
Hi darkmetal505

I do need to see the new HJT.log

Kc :tazz:
  • 0

#5
Guest_thatman_*
Posted 17 June 2005 - 02:19 PM

Guest_thatman_*
  • Guest
Hi darkmetal505

Please read through the instructions before you start (you may want to print this out).

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Download Pocket Killbox and unzip it; save it to your Desktop.

Please RIGHT-CLICK here and go to Save As (in Internet Explorer it's "Save Target As") in order to download Metallica’s reg file. Save it to your desktop.

Please set your system to show all files; please see here if you're unsure how to do this.

Download CWShredder (there is a link in my signature), unzip it, and save it on the Desktop. Please do not run it yet,

Reboot into Safe Mode: please see here if you are not sure how to do this.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

Now run Metallica’s reg file

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Run CWShredder to fix your CWS problem.

Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
C:\Documents and Settings\singh\Favorites\Online Gambling\Online Gambling.url <--First file to delete
C:\Documents and Settings\singh\Favorites\online dating.url
C:\WINDOWS\System32\msole32.exe
C:\WINDOWS\System32\ole32vbs.exe
C:\Documents and Settings\singh\Favorites\Online Pharmacy\Adipex.url
C:\WINDOWS\System32\wp.bmp
C:\Documents and Settings\singh\Favorites\Black Jack Online.url
C:\Documents and Settings\singh\Favorites\Home Loan.url
C:\Documents and Settings\singh\Favorites\Network Security.url
C:\Documents and Settings\singh\Favorites\Online Dating.url
C:\Documents and Settings\singh\Favorites\Online Gambling\Online Gambling.url
C:\Documents and Settings\singh\Favorites\Online Gambling.url
C:\Documents and Settings\singh\Favorites\Online Pharmacy\Adipex.url
C:\Documents and Settings\singh\Favorites\Online Pharmacy\Alprazolam.url
C:\Documents and Settings\singh\Favorites\Online Pharmacy\Carisoprodol.url
C:\Documents and Settings\singh\Favorites\Online Pharmacy\Diazepam.url
C:\Documents and Settings\singh\Favorites\Online Pharmacy\Hydrocodone.url
C:\Documents and Settings\singh\Favorites\Online Pharmacy\Lortab.url
C:\Documents and Settings\singh\Favorites\Online Pharmacy\Online Pharmacy.url
C:\Documents and Settings\singh\Favorites\Online Pharmacy\Prozac.url
C:\Documents and Settings\singh\Favorites\Online Pharmacy\Valium.url
C:\Documents and Settings\singh\Favorites\Online Pharmacy\Vicodin.url
C:\Documents and Settings\singh\Favorites\Online Pharmacy\Xanax.url
C:\Documents and Settings\singh\Favorites\Online Pharmacy.url
C:\Program Files\Adware Away\ad.dll
C:\WINDOWS\system32\hhk.dll
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\intmon.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\ole32vbs.exe
C:\WINDOWS\system32\wp.bmp. <--LAST FILE TO DELET
Let the system reboot.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda, Ewido HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#6
darkmetal505
Posted 19 June 2005 - 06:10 PM

darkmetal505

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
panda log :

Incident Status Location

Virus:W32/Smitfraud.A Disinfected Operating system
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/CWS No disinfected C:\Documents and Settings\singh\Favorites\Online Pharmacy
Adware:Adware/Smitfraud No disinfected Windows Registry
Virus:W32/Smitfraud.A Disinfected C:\WINDOWS\system32\wininet.dll
ewido log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:15:49 PM, 6/19/2005
+ Report-Checksum: F516F2B3

+ Date of database: 6/19/2005
+ Version of scan engine: v3.0

+ Duration: 24 min
+ Scanned Files: 54392
+ Speed: 36.83 Files/Second
+ Infected files: 0
+ Removed files: 0
+ Files put in quarantine: 0
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
D:\

+ Scan result:
No infected files found!


::Report End

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:09:17 PM, on 6/19/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\singh\Desktop\safety\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ouhsc.edu/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.xpres-net...er/tdserver.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


thanks :tazz:
  • 0

#7
Guest_thatman_*
Posted 20 June 2005 - 03:35 PM

Guest_thatman_*
  • Guest
Hi darkmetal505

Try downloading the Service Pack from here and install it from your desktop.

http://www.softpedia...Pack-SP1a.shtml

Remember do not install Service Pack 2, as you will have major problems if you install that service pack without being clean first.

After installing SP1a reboot and post a new log.

Kc :tazz:
  • 0

#8
darkmetal505
Posted 22 June 2005 - 06:34 PM

darkmetal505

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
that site seems to be a dead link, its giving me a 404 message
  • 0

#9
Guest_thatman_*
Posted 23 June 2005 - 10:57 AM

Guest_thatman_*
  • Guest
Hi darkmetal505

They have take of the SP1a update. that is why you get the 404

Click Here to make sure that you have the latest patches for Windows.

Kc :tazz:
  • 0

#10
Guest_thatman_*
Posted 27 June 2005 - 08:59 AM

Guest_thatman_*
  • Guest
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP