Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Giving me fits


  • Please log in to reply

#1
Kirb517

Kirb517

    Member

  • Member
  • PipPip
  • 11 posts
The computer I'm on right now has serious problems. Ive tried to fix some of them myself, but I'm at a dead end now. I suspected a trojan, but TDS-3 didn't show anything. Im pretty sure some of the files in my HijackThis log are malicious, but even when I delete them they come back after a computer restart. Also, I'm pretty sure there is a version of CWS on this computer, but CWShredder didn't get rid of whatever it was. :tazz:


Best I can do is give you guys a log. Thanks so much for any responses!

Logfile of HijackThis v1.99.0
Scan saved at 2:46:46 PM, on 12/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Q323255.exe:vievl
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\apika.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\Q323255.exe:vievl
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jaclyn Lawrence\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gpiuo.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gpiuo.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gpiuo.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gpiuo.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gpiuo.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gpiuo.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gpiuo.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {F0114569-D248-1732-72D6-BFA6C013C771} - C:\WINDOWS\system32\atltu.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [apika.exe] C:\WINDOWS\apika.exe
O4 - HKLM\..\RunOnce: [vievl] C:\WINDOWS\Q323255.exe:vievl
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: SirSearch - file://C:\Program Files\PWRSMND1\Cache\SelectedContextSearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://C:one.MHT!http://www.t058.com/....chm::/open.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)
O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\Q323255.exe
  • 0

Advertisements


#2
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
This is a variant of CoolWebSearch that redirects your homepage to about:blank. It also installs a malicious service that prevents it from being fixed. We need to eliminate that service.
  • Obtain list of irregular services:
  • Please download ServiceFilter.
  • Unzip ServiceFilter.zip to a convenient folder like C:\ServiceFilter.
  • Navigate to where you unzipped it and double-click on ServiceFilter.vbs.
  • If you have an active anti-virus it might prevent the script from starting. Please allow the script to run.
  • It will open a text file (POST_THIS.TXT) that lists all of the irregular services.
  • Press Ctrl + A simultaneously to select all of the text.
  • Copy and paste the whole thing into your next post.
  • A copy of POST_THIS.TXT is saved to where ServiceFilter.vbs was saved just in case you accidentally close out of it.

  • 0

#3
Kirb517

Kirb517

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi thanks for replying to my post, I just got back from vacation and it's taken me 11 days to read this. I'm sorry for the long time to get back on this. I'm printing out the instructions right now, and will have the new log posted shortly.
  • 0

#4
Kirb517

Kirb517

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
The script did not recognize the services listed below.
This does not mean that they are a problem.

To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"

########################################

ServiceFilter 1.1
by rand1038

Microsoft Windows XP Home Edition
Version: 5.1.2600 Service Pack 1
Jan 3, 2005 5:52:14 PM


---> Begin Service Listing <---

Unknown Service # 1
Service Name: SPTISRV
Display Name: Sony SPTI Service
Start Mode: Manual
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\progra~1\common~1\sonysh~1\avlib\sptisrv.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service #2
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{69696cec-e2ca-4941-ab22-36c7b80beb66}
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service # 3
Service Name: VAIOMediaPlatform-MusicServer-AppServer
Display Name: VAIO Media Music Server
Start Mode: Manual
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\program files\sony\vaio media music server\sssvr.exe" /service=vaiomediaplatform-musicserver-appserver /displayname="vaio media music server"
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service # 4
Service Name: VAIOMediaPlatform-MusicServer-HTTP
Display Name: VAIO Media Music Server (HTTP)
Start Mode: Manual
Start Name: LocalSystem
Description: ...
Service Type: Share Process
Path: "c:\program files\common files\sony shared\vaio media platform\sv_httpd.exe" /service=vaiomediaplatform-musicserver-http /regroot="software\sony corporation\vaio media platform\2.0" /regext="applications\musicserver\http"
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service # 5
Service Name: VAIOMediaPlatform-MusicServer-UPnP
Display Name: VAIO Media Music Server (UPnP)
Start Mode: Manual
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\program files\common files\sony shared\vaio media platform\upnpframework.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service # 6
Service Name: VAIOMediaPlatform-PhotoServer-AppServer
Display Name: VAIO Media Photo Server
Start Mode: Manual
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\program files\sony\photo server\appsrv\photoappsrv.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service # 7
Service Name: VAIOMediaPlatform-PhotoServer-HTTP
Display Name: VAIO Media Photo Server (HTTP)
Start Mode: Manual
Start Name: LocalSystem
Description: ...
Service Type: Share Process
Path: "c:\program files\common files\sony shared\vaio media platform\sv_httpd.exe" /service=vaiomediaplatform-photoserver-http /regroot="software\sony corporation\vaio media platform\2.0" /regext="\applications\photoserver\http"
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service # 8
Service Name: VAIOMediaPlatform-PhotoServer-UPnP
Display Name: VAIO Media Photo Server (UPnP)
Start Mode: Manual
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\program files\common files\sony shared\vaio media platform\upnpframework.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service # 9
Service Name: ZESOFT
Display Name: ZESOFT
Start Mode: Auto
Start Name: LocalSystem
Description: ZESoft ...
Service Type: Own Process
Path: c:\windows\zeta.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 0
Accept Pause: False
Accept Stop: False

Unknown Service # 10
Service Name: %AF
Display Name: Workstation NetLogon Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Share Process
Path: c:\windows\q323255.exe:vievl /s
State: Running
Process ID: 1620
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True

---> End Service Listing <---

There are 86 Win32 services on this machine.
10 were unrecognized.

Script Execution Time: 1.046875 seconds.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP